Thembekile Olivia Mayayise does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

University of the Witwatersrand provides support as a hosting partner of The Conversation AFRICA.

The Conversation is funded by the National Research Foundation, eight universities

Next time you’re working in a coffee shop or similar public space, take a moment to look around at your “co-workers” for the day, busy, like you are, with laptops, cellphones and tablets. How many of those devices belong to the organisations that employ them? Or are they – and you – using personal devices to conduct company business?

Many businesses are embracing the convenience of a practice known as “bring your own device”. This allows employees to use their personal or privately owned devices such as smartphones, laptops, USB drives, and even personal cloud storage, for work purposes. A broader term, “bring your own technology”, encompasses the use of privately owned software for business activities.

According to technology company Cisco’s 2024 Cybersecurity Readiness Index, 85% of the more than 8,000 companies surveyed around the world reported that their employees accessed company platforms using unmanaged devices.

There are undeniable benefits to a “bring your own device” approach. These include lower purchase costs for companies and more flexibility for staff. But the practice is also risky.

Privately owned devices aren’t always well set up for security. They often lack endpoint security controls like anti-virus software and encryption (converting plaintext data into an unreadable format). This leaves them vulnerable to data breaches and other forms of cyberattack. Such attacks are common and can be costly. Cybersecurity company Kaspersky documented almost 33.8 million mobile cyberattacks worldwide in 2023 – a 50% rise from 2022 figures.