It’s becoming increasingly common for organisations to expect employees to use their own personal devices for work, such as smartphones, tablets and laptops, and employees seem to prefer the level of freedom it gives them.

From an organisational perspective, they stand to save an average of R5 000 per employee every year if their employees use just their own mobile devices, with two-thirds reporting that it boosts their productivity.

In South Africa, this trend has also become ubiquitous. “BYOD, particularly with smartphones having access to corporate email accounts, has become the norm for a lot of South African organisations for many years already,” asserts Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa.

“While organisations in the financial services sector will have stricter policies, many start-ups, SMEs and even some larger organisations often allow, or even expect, employees to use their own phones and laptops, sometimes without formal policies in place.”

While flexible and convenient, she believes this informal approach introduces significant cyber and compliance risks.

The new KnowBe4 Africa Human Risk Management Report 2025 highlights that up to 80% of employees in Africa use personal devices for work, with broader studies finding 70% of these devices are unmanaged, a critical blind spot for many organisations.

BYOD blind spots

The most notable cybersecurity risk associated with BYOD is data leakage. “Personal devices can easily leak sensitive data through unsecured apps, cloud storage or public Wi-Fi,” she explains. “Without proper controls, even a misplaced phone can become a breach vector.”

Another security blind spot is employees downloading malicious apps.

“Employees may unknowingly install apps that contain malware,” Collard comments. “Some apps mimic legitimate ones, but secretly harvest data or open backdoors into corporate systems.”

This also extends to “shadow IT”, the use of unapproved applications or services, which can proliferate via personal devices, creating unmonitored entry points for attackers.

A further risk is outdated software.

“Personal devices may run outdated operating systems or apps, making them vulnerable to known exploits,” she says. “IT teams often lack visibility to patch non-managed devices, and a large percentage of people have ‘an update is ready to be installed on your device’-notifications that have been hanging around for ages; unactioned.”

In addition, many employees may have a false sense of security about their phone or laptop, especially since almost half of Gen Z respondents (48%) take cybersecurity protection on their personal devices more seriously than on their work devices, according to an Ernst & Young survey in the US.

“Just because it’s my device doesn’t mean it’s secure for sensitive work data,” stresses Collard. “A weak BYOD policy opens the door to data leaks, shadow IT and insider risk.”

What organisations should do

In order to mitigate these risks, organisations need to come up with a robust BYOD policy.

“It starts with policy and awareness,” she states. “Organisations must have a clear, communicated BYOD policy – what’s allowed, what’s not and what minimum protection is expected.”

Some useful technical controls include employees having strong passwords, multifactor authentication (MFA), encryption, endpoint security and patching.

Organisations can also segment their networks to isolate personal devices from critical corporate assets.

“Mobile Device Management (MDM) tools can enforce some controls,” concedes Collard, “but they can’t replace human vigilance.”

She is a firm advocate of security awareness training to heighten awareness of cybersecurity risks, especially among younger employees who are more likely to use the same passwords for their personal and professional accounts.

“Organisations need to educate employees on the specific risks of BYOD, beyond  ‘don’t click links’,” she says. This is crucial, as 96% of organisations believe their employees might fall for more attacks in the future due to AI use by bad actors.

The KnowBe4 Africa Human Risk Management Report 2025 further highlights that AI policy remains a governance blind spot in many organisations, with 46% still developing formal AI policies, making employee education on AI-related BYOD risks even more critical.

“Organisations can simulate attacks that leverage BYOD vulnerabilities, such as phishing specific to mobile apps, while fostering a culture where employees feel comfortable reporting potential incidents on personal devices without fear of reprisal.”

Alongside security training, Collard is an advocate of digital mindfulness, which she describes as an important  weapon against cybersecurity threats. “Being digitally mindful helps employees slow down, become aware of risky moments and question suspicious behaviour, especially on personal devices,” she says.

Managing the human element

Even though privately-owned devices may appear to be the problem, managing the human element is absolutely key in mitigating BYOD security risks.

“A device is just a tool; what matters is how we use it,” Collard emphasises. “You can have the most secure set-up, but if someone is rushed, tired or emotionally triggered, they’re more likely to click on a malicious link or fall for a scam.”

She is adamant that organisations need to train their employees’ attention and awareness to build resilience, not just rely on tools.

“Ultimately, it’s a combination of the right technology and human vigilance,” she concludes.

• Latest study reveals: What if tech giants’ employees had invested 10% of their salaries in their own company stocks from 2014 to 2024? The potential profits surpass 1.3M.
• Oracle leads with a $12K potential investment worth over $1.3M today thanks to the company’s stock price rising nearly 270% over the last 10 years.
• Netflix has the second highest stock price in 2024, rising from $48.80 to $679.70, which makes it the second highest after Oracle.

A study has revealed the potential profits for employees of major tech companies if they invested 5-25% of their salaries in company stocks from 2014 to 2024.

The Stock Dork recently conducted the study in which the calculations were made by using data from sources like Business Insider and Macrotrends, possible earnings by calculating the annual number of affordable shares and multiplying by the 2024 closing stock prices.

The findings rank the companies from highest to lowest potential employee earnings considering an average investment rate of 10%.

Oracle leads with a $12K potential investment worth over $1.3M today. This result is primarily driven by the company’s stock price rising nearly 270% over the last 10 years making a $12K investment worth 107 times as much today.

Oracle has the highest price jump of the stock prices in the list, even doubling the price compared to last year.

Tesla takes second place with a $12K investment now worth around $1.07M. Its rise from $14.83 to $242.70 per share turned the initial amount into 72 times its value. While Tesla’s stock growth wasn’t as high as Oracle’s it still significantly increased the investment’s worth. Tesla employees also saw a moderate salary increase influencing the overall investment gains.

Apple secures the third spot, transforming a $16.5K initial investment into $800K today. This high increase is largely due to Apple’s stock price jump from $24.67 to $220.33, reflecting its significant impact on the market.

Additionally, the increase in average employee salaries from $120K to $150K boosts their potential earnings.

Nvidia is in the fourth position with a $12K investment now valued at $671K. This growth is attributed to the rise in Nvidia’s stock price from $4.82 to $122.14, showcasing the company’s consistent growth and investment returns.

Nvidia recently underwent a 10-for-1 share split, multiplying the number of shares held by employees by 10.

At its peak stock price of $822 in February 2024, employees could have earned over $4M. However, the stock price has since dropped nearly 6.5 times.

Amazon is ranked fifth with potential employee earnings of $634K from a $16.4K investment. This is due to the stock’s climb from $15.48 to $198.26, coupled with an increase in salaries from $164,490 to $169,458.

Microsoft sits at the sixth place with a $11.5K investment in 2014 growing to $570K driven by the stock’s increase from $40.25 to $459.13. The analysis also accounts for the consistent salary increases from $115K.

Netflix, ranking seventh, displays potential employee earnings of $451K from $10.5K investment thanks to a substantial rise in stock price from $48.80 to $679.70, the second highest stock price in the list today after Oracle. This is further supported by salary growth from $105K to $145K.

Alphabet (Google) in the eighth position presents potential earnings of $319K from an initial $12,8K invested in 2014. The growth follows the stock price’s rise from $26.53 to $138.08 and a moderate salary increase from $128K to $133K.

Adobe occupies the ninth spot with potential earnings of $362K from $11K investment in 2014, attributed to the stock’s jump from $72.70 to $570.93. The salary increase from $110,000 to $125,912 would help build up shares.

Meta, formerly known as Facebook, completes the top ten with potential earnings of $326K from $7,7K investment.

The stock’s increase from $77.94 to $502.30, combined with a salary hike from $77K to $140K would make investment in the company’s stocks a profitable decision.

Here are the results summed up:

[Featured Image Credit]

According to anonymised data, people find it difficult to balance between cybersecurity rules and maintaining good relations with friends and colleagues.

The role of employees’ cybersecurity policy violations in data breaches remains striking year-on-year. At the same time these violations usually happen not because of malicious intentions but result from attempts to perform work tasks efficiently.

The researchers from Ernst & Young LLP, however, noticed that Gen Z and millennials are more eager to disregard security protocols for the sake of productivity.

Thus, they use same passwords for both professional and work accounts more often than older generations, ignore mandatory IT updates and pay less attention to web browser cookies. Moreover, only 35% of all respondents admit they feel very prepared to avoid cybersecurity mistakes at work.

The statistics from [Dis]connected disclose another problem regarding adhering to cybersecurity policy.

The mobile game designed to help people realise how cybersecurity impacts their everyday life confirms that most employees have problems balancing safety and sociability.

Thus, the typical score gained by a Disconnected player for vigilance amounted 90 while empathy players scored 23 points on average.

Game choices related to cybersecurity affect the personal and corporate spheres of a playable character’s life directly, leading to one of three game endings – good, neutral or bad. In general, the majority of players (45%) ended up with a “neutral” result, while 42% managed to achieve the “good” ending. However, 13% of walkthroughs appeared to be unsuccessful.

The best players don’t just have the best average security level (ASL), but they also show the most balanced results in key game indicators.

“Once again, the revealed tendencies prove the importance of understanding cybersecurity principles, not just memorising them. The main aim of security awareness training therefore is to change the behaviour of employees and to show them how following rules can easily fit into daily routine,” comments Tatyana Shumaylova, Senior Product Marketing Manager at Kaspersky. “That is why Disconnected, a part of Kaspersky security awareness portfolio, helps employees review their knowledge and teaches them to balance cyber vigilance with empathy. This approach allows any distortions that may affect safety, personal productivity or teamwork to be corrected.”

This applies to employees who are not in the marketing department; that’s if you even have one.

Quite alright, most startups do not have enough funds to hire a marketer or build a marketing department, the focus is usually on hiring individuals who would build the product, and other tasks.

This leads them to consciously or otherwise place the job of marketing, customer search and increment of sales on these employees. In the real sense of it, should this be?

We know that all departments are to work hand in hand and be kept in the know about the various strategies in each department. In the absence of adequate communication, it doesn’t matter how well one department is doing, other departments can drag down efforts. 

For instance, if the marketing department is implementing a strategy to increase demand, the logistics department should be carried along in order to make readily available, the drivers and vehicles required for delivery, and also the production department — in terms of raw materials and all that’s required.

Hence, it is important to allow focus be the builder. It is general knowledge that multitasking and working under pressure are good skills, but really, take a quick survey; how efficiently can one person handle several strong focuses such as administration, engineering, or marketing at the same time?

As a startup founder, marketing should be one of your priorities, it should not be placed beneath. So while you employ an engineer, employ a marketer or take up online marketing strategies if you can afford to get a person.

Making Employees Feel Less Indispensable

Why make a person working for you feel unimportant, giving them the impression that you can easily get someone else once they choose to leave? 

One thing you should know is that if you do not make employees feel like they are part of the company, they would keep their eyes outside searching for a better job, continue doing their jobs in your company without optimum efforts and once an opportunity pops up, they are gone.

These days, people don’t even wait to get another job anymore, they also leave to focus on their mental health. Again, even if you pay employees well and treat them like trash, they still leave. 

Rethink the atmosphere of your work environment, you don’t have to be overly familiar with your employees — commend them and correct them when necessary.

Lack of Prompt Salary Payment and Other Financial Entitlement 

Most startups are either not paying enough or not paying promptly. This totally affects the morale of your employees and the efforts they put into achieving your goal.

One thing some startups do is; after blaming employees for poor target audience reach and sales increase, they slash their salaries or do not pay at all for a month or specific period. What do you think you are doing? You would keep losing employees within very short periods.

If you can’t afford to employ and pay marketers, it is better you collaborate with your existing employees on how to gain more customers and improve sales, rather than making them feel like marketing was stamped within their job description and they are not doing their jobs, whereas they are well focused and doing great in their department.