It’s becoming increasingly common for organisations to expect employees to use their own personal devices for work, such as smartphones, tablets and laptops, and employees seem to prefer the level of freedom it gives them.

From an organisational perspective, they stand to save an average of R5 000 per employee every year if their employees use just their own mobile devices, with two-thirds reporting that it boosts their productivity.

In South Africa, this trend has also become ubiquitous. “BYOD, particularly with smartphones having access to corporate email accounts, has become the norm for a lot of South African organisations for many years already,” asserts Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa.

“While organisations in the financial services sector will have stricter policies, many start-ups, SMEs and even some larger organisations often allow, or even expect, employees to use their own phones and laptops, sometimes without formal policies in place.”

While flexible and convenient, she believes this informal approach introduces significant cyber and compliance risks.

The new KnowBe4 Africa Human Risk Management Report 2025 highlights that up to 80% of employees in Africa use personal devices for work, with broader studies finding 70% of these devices are unmanaged, a critical blind spot for many organisations.

BYOD blind spots

The most notable cybersecurity risk associated with BYOD is data leakage. “Personal devices can easily leak sensitive data through unsecured apps, cloud storage or public Wi-Fi,” she explains. “Without proper controls, even a misplaced phone can become a breach vector.”

Another security blind spot is employees downloading malicious apps.

“Employees may unknowingly install apps that contain malware,” Collard comments. “Some apps mimic legitimate ones, but secretly harvest data or open backdoors into corporate systems.”

This also extends to “shadow IT”, the use of unapproved applications or services, which can proliferate via personal devices, creating unmonitored entry points for attackers.

A further risk is outdated software.

“Personal devices may run outdated operating systems or apps, making them vulnerable to known exploits,” she says. “IT teams often lack visibility to patch non-managed devices, and a large percentage of people have ‘an update is ready to be installed on your device’-notifications that have been hanging around for ages; unactioned.”

In addition, many employees may have a false sense of security about their phone or laptop, especially since almost half of Gen Z respondents (48%) take cybersecurity protection on their personal devices more seriously than on their work devices, according to an Ernst & Young survey in the US.

“Just because it’s my device doesn’t mean it’s secure for sensitive work data,” stresses Collard. “A weak BYOD policy opens the door to data leaks, shadow IT and insider risk.”

What organisations should do

In order to mitigate these risks, organisations need to come up with a robust BYOD policy.

“It starts with policy and awareness,” she states. “Organisations must have a clear, communicated BYOD policy – what’s allowed, what’s not and what minimum protection is expected.”

Some useful technical controls include employees having strong passwords, multifactor authentication (MFA), encryption, endpoint security and patching.

Organisations can also segment their networks to isolate personal devices from critical corporate assets.

“Mobile Device Management (MDM) tools can enforce some controls,” concedes Collard, “but they can’t replace human vigilance.”

She is a firm advocate of security awareness training to heighten awareness of cybersecurity risks, especially among younger employees who are more likely to use the same passwords for their personal and professional accounts.

“Organisations need to educate employees on the specific risks of BYOD, beyond  ‘don’t click links’,” she says. This is crucial, as 96% of organisations believe their employees might fall for more attacks in the future due to AI use by bad actors.

The KnowBe4 Africa Human Risk Management Report 2025 further highlights that AI policy remains a governance blind spot in many organisations, with 46% still developing formal AI policies, making employee education on AI-related BYOD risks even more critical.

“Organisations can simulate attacks that leverage BYOD vulnerabilities, such as phishing specific to mobile apps, while fostering a culture where employees feel comfortable reporting potential incidents on personal devices without fear of reprisal.”

Alongside security training, Collard is an advocate of digital mindfulness, which she describes as an important  weapon against cybersecurity threats. “Being digitally mindful helps employees slow down, become aware of risky moments and question suspicious behaviour, especially on personal devices,” she says.

Managing the human element

Even though privately-owned devices may appear to be the problem, managing the human element is absolutely key in mitigating BYOD security risks.

“A device is just a tool; what matters is how we use it,” Collard emphasises. “You can have the most secure set-up, but if someone is rushed, tired or emotionally triggered, they’re more likely to click on a malicious link or fall for a scam.”

She is adamant that organisations need to train their employees’ attention and awareness to build resilience, not just rely on tools.

“Ultimately, it’s a combination of the right technology and human vigilance,” she concludes.

As the digitalization era prevails globally, Information Technology (IT) has never been more significant and as such, a top important element for aspiring and successful businesses.

Essentially, it is of great importance now as it continues to excel even at no time than it is today.

As the world slowly responding, particularly, the global south nations, to issues like the existential threat of Artificial intelligence (AI) to humanity, and the question of owning the data within the contextual usage of AI and Data Analytics, for instance, so also and even in a greater proportionality are new threats emerging in the post-digitalization era (PDE).

The Elastic global threat most recently released report that came up with a dreadful outcome. Such remains an apt indicativeness that Linux-based signature events proceeded with an increase from 54.5% last year to 91.2% of all signature telemetry.

The highest investigation as of late noticed 104 remarkable marks by Elastic Security Lab showing that most of the malware was made out of a few exceptionally predominant ransomware families, Gafgyt, Frp, Meterpreter, and BlackCat.

Additionally, more than 33% of all malware tests conveyed to endpoints were related to monetarily spurred dangers.

Ransomware families will generally bunch around the result of a particular gathering or set of noxious thespians that use an unmistakable example of techniques, tactics, and procedures (TTPs). Recognizing these families with explicit names or codenames is significant for following the development of Ransomware families over the long haul and for attribution purposes.

In other words, to get ready for Ransomware, security groups need to find out more about the most dynamic families.

All realized marks related to Ransomware families have abilities, which have been recorded widely by security scientists all around the world, and tirelessly hazardously to most huge IT infrastructural footings.

Trending, the correlation with this is the attainableness, which has more to do with the overall performance and or adoption of Linux-based infrastructure than the threat priorities.

It may also exploit experts’ visibility of Linux-based malware infections, which has been estimated to have risen to about 59.8%. In other words, the conscious effects of new threats also require an urgent response to those introduced new threats.

Ransomware is one such threat – it’s growing and it threatens the very existence of corporations within the digital spaces.

A rolling of economic solutions via digitalization particularly in the global south nations could not but join in the global 20th celebration of Cyber Security Awareness month and thus the modest intervention to examine Ransomware from an awareness perspective as things stand.

Essentially, October 2023 is the 20th Cybersecurity Awareness Month! If playback doesn’t begin pithily, you may have to ensure restarting your gadget, concentrating on security solutions to secure your IT and business technological infrastructures.

With the nature of landscape threats, much has been expounded on solidifying ventures against the danger of Ransomware, yet what might be said about safeguarding supply chains of highly yielding business enterprises?

In a perfect world, each provider has a vigorous security agenda, solid Ransomware protection, and bold strength estimates set up. Sadly, as we have learned despite different dangers, this isn’t true.

Dreadfully, the rise in cybersecurity incidents is accurately evident among African countries with appreciable breaches peculiarities and even experientially advancing in the global north nations.

In the second quarter of 2023, Africa experienced the highest average number of cyberattacks per week per organization, with a 23% increase compared to the same period in 2022. Ransomware contributed over 85% to such cyberattacks triggering data.

Quickly, permit me to say why I divert away from addressing this year’s celebration subject of securing your privacy via password to the subject of Ransomware.

Password mechanism is as old as digitalization itself, and personal and organizational maturity in determining a strongly fortifying password for individuals and businesses are indeed essentially typifying the privacy equations of a system and the associated business culture.

For instance, the recognition of strong passwords remains an active point for businesses and individuals to be part of the chain mechanism to protect the end users as well as the systems.

It is now a bloodline to develop a strong attitude to some with strong passwords, which must be as long as may be permitted, random, unique, and include all four character types (uppercase, lowercase, numbers, and symbols).

Concurrently, Password managers are a robust tool to enable businesses and individuals to create strong passwords for every account within the communication systems as it may be, even with the accentuation of the Bringing Your Own Device (BYOD) phenomenon.

If the need for a strong password has solved the security problems, why the advocacy that businesses and individuals need more than a password to protect online accounts and other associated infrastructures just to make you and your business significantly less likely to get hacked?

Essentially is the fast-evolving need for the two authentication processes on all online accounts that offer it, especially email, social media, and financial accounts.

Undoubtedly, yes, because of remote bad guys and internal collaborations for fraudulent activities that now become the emerging new threats, there is a very urgent awareness of the upping notion to keep someone or something away or prevent something from happening or harming organization tech infrastructures.

When considering Ransomware from two perspectives of the IT and the law enforcement responses, the warding off becomes centrally the winning pot to firmly secure both individual’s and corporations’ IT infrastructures and indeed organisation culture and tech profitability standards.

Several surveys of the activity of security signatures are steadily on the exponentially abrupt rise, showing Ransomware attacks on business and government infrastructures are in ever-increasing peril.

Also, Ransomware is now rated a Deck 1 in most Western nations as remains an ever-emerging national security threat with attacks against businesses and the public sector increasing.

The trending subject is not anything else but the urgency of warding off Ransomware attacks. The fortify side of security should not in any way discount the prevention moves whatsoever. Surveys report outcomes thriving won for the argument that systems could be prevented from Ransomware attacks.

Nonetheless, it is a whiz clot to underline that comprehensive antivirus and anti-malware software are the most common ways to defend against Ransomware. They can examine instantaneously, scan satisfactorily, detect sufficiently, and respond effectively to cyber threats.

Further, reinforcement records, essentially, backup files ought to be properly secured and put away disconnected from the internet or out-of-band, so they can’t be designated by assailants.

Utilizing cloud administrations could help relieve a Ransomware disease, as many hold past variants of records permitting you to move back to a decoded rendition.

Simply, backup files should be suitably safeguarded and stowed offline or out-of-band, so they can’t be targeted by mudslingers and attackers. The use of cloud services could help mitigate a Ransomware malady, as many retain forenamed signature versions of files allowing you to roll back to an unencrypted version.

There are relevant controls as they are called for security best practices to midway avert Ransomware assaults or any such quick arising dangers. It implies shielding or avoiding Ransomware requests a comprehensive, all-hand-on-deck approach that unites the whole corporation’s guard component against noxious assaults of any sort.

Such a system should involve extensively keeping up with reinforcements insightfully; creating plans and strategies versatile to be consistently basically a stride in front of any assaults; checking on port settings basically and keeping up with the ongoing status while working in cloud conditions; solidifying all endpoints during designs; staying up with the latest ought to be done consequently; powerful inside preparing and improvement of safety faculty and giving security mindfulness preparing at acceptance to all new staff and maybe week after week online class on your technique to avert and additionally halting Ransomware in its chases.

Simply, applicable controls are available for security best practices to centrally ward off Ransomware attacks or any such fast-emerging threats. It means defending or warding off Ransomware demands a holistic, all-hand-on-deck technique that brings together the entire organization’s defence mechanism against malicious attacks of any kind.

Such a strategy must entail comprehensively maintaining backups thoughtfully; developing plans and policies adaptable to be always at least a step ahead of any attacks; reviewing port settings essentially and maintaining the current status when working in cloud environments; hardening all endpoints during configurations; keeping systems up-to-date should be done automatically; robust internal training and development of security staff and providing security awareness training at induction to all new staff and perhaps weekly online webinar on your strategy to ward off and or stopping ransomware in its hunts.

A central warding-off system is an implementation of an Intrusion Detection System (IDS) that looks for vicious activity by comparing web gridlock logs, I mean, network track logs to signatures that detect known odious and hurtful shifting.

A robust IDS will update signatures often and alert the business quickly if it detects potential malicious activity.

Decisively, when Ransomware strikes, companies should be advised and researched rapidly. Information shown appropriately that, it ought to take mature institutions not over 10 minutes to inspect an interruption.

Notwithstanding, just 10% of organizations can meet this benchmark practically speaking. Regardless, there is prompt assistance for establishments impacted by Ransomware to investigate inside the tickling of an eye or go from occasion discovery to warning in something like six minutes of malevolent action.

In conclusion, there is immediate help for organizations affected by Ransomware to explore within the tickling of an eye or go from event detection to notification within six minutes of malicious activity.

Taking all control is essentially central to the continuing performance of your business and even the public sector to guarantee the continuous existence of the business and endure the pathway to sustainable development with high profitability.

Employee Net Promoter Score (eNPS) is a widely used metric for employee engagement and loyalty to your organisation.

Satisfied and motivated employees and a high eNPS are good for productivity, customer experience and skills acquisition and retention. eNPS is an increasingly important consideration for modern organisations – particularly those competing for scarce skills.

But what has eNPS got to do with digital workspace management? In a remote and hybrid new world of work – a lot.

Digital workspace management, the tools and processes for managing the digital devices and applications in use by the workforce, has a direct influence on how happy and satisfied employees are with their work environment.

McKinsey finds that people who report having a positive employee experience have 16 times the engagement level of employees with a negative experience.

And the digital employee experience is emerging as a key measure of overall satisfaction, as virtually all remote and hybrid workers depend on their digital tools performing flawlessly. However, research has also shown that providing a good employee experience has become a top challenge in offering remote IT support.

Digital workspace management as a business enabler

Should devices, applications or connections fail, remote worker productivity and business continuity could be seriously impacted, so workspace management has evolved from a cost centre to a crucial remote work business enabler.

Instead of a break-fix reactive approach, digital workspace management must now be proactive, using advanced technologies to prevent downtime in the first place.

To achieve this, digital workspace management now encompasses areas such as end user compute services, mobile device management, unified endpoint management, virtual applications and desktops, and supplementary services such as contact centres and field services. Providing all of these services can be challenging, particularly when IT teams are limited, and staff are based across broad geographical areas.

BCX addresses this challenge for clients, with an expert team and extensive digital workspace management services covering everything from remote desktop and mobile device support to application monitoring and performance management, and auditing, field support and managed services, across the country.

On top of preventive maintenance and proactive monitoring and management, employee self-service has been found to be a particularly effective tool in boosting employee satisfaction and reducing pressure on IT service teams.

 Control vs governance

Ten to 15 years ago, Bring Your Own Device (BYOD) was a hot topic for debate as employers grappled with the challenges of control, security and device management as employees sought the convenience of using the devices of their choice.

Today, most employees toggle between work and personal use across their mobile devices and laptops, and certain control issues remain.

There is the question of how ethical it is to use monitoring software to track employee activity and productivity, for example. Complete visibility and granular oversight are unpopular among most employees. Then there are the key considerations such as digital device management and data protection when users are in charge of endpoint protection.

It is possible – indeed relatively simple – to ensure a good employee experience while also maintaining corporate governance and security. With advanced tools to remotely manage devices and control only how users access corporate assets, organisations can achieve a compromise between governance and unwanted total control over employee devices.

 Boosting eNPS

Combining the right technologies, processes and partners allows organisations to support remote and hybrid workforces proactively, ensuring that they can remain productive and never experience the frustration of business tools that don’t work as expected. In the long run, this improves eNPS, customer service and experience, and the business’s bottom line.

BCX is in the business of enabling digital enterprise. Speak to us about our portfolio of digital workspace management solutions and services to support continuity, productivity, and employee satisfaction.