a woman using a phone while looking at a tablet

As devices become increasingly connected, businesses must ensure that employee personal devices must be secured as well

Security best practices for employees in the age of BYOD

HUMANS are typically the weakest link in securing your businesses. It is always easier for hackers to take advantage of human errors to access sensitive data, carry out attacks, or to defraud a company.

This is especially true in workspaces that adopt a bring-your-own-device (BYOD) policy, where employee’s personal consumer devices are connected to the network, the safety of organizations (and perhaps even the nation) relies on individuals safeguarding their personal devices.

In fact, a report by Willis Towers Watson showed that employee negligence or malicious acts accounted for about two-thirds of cyber breaches. In total, about 90 percent of cyber incidents were attributed to some type of human error or behavior.

There have been numerous high-profile attacks in recent years that have led to a heightened awareness towards cybersecurity.

However, most still view it as a concern for organizations instead of a personal responsibility.

As various aspects of people’s lives become more connected (e.g. making payments, commuting, and connecting with friends), organizations must take care in addressing misconceptions and ensure employers are aware of the best practices to safeguard their personal devices.

Clean up the house


Turn on automatic updates and always update systems when prompted. Security patches are rolled out constantly to mitigate any risks presented by new vulnerabilities that are discovered in a system or a software.

The longer you put off an update, the higher the risk of a device becoming an attack vector.

Security Software:

The first software that must be present in any new devices is an antivirus. Compared to the value of information that lives in the devices, paying for a good antivirus is a small investment.

Antiviruses are becoming more affordable, and in most cases come bundled with the device.

Safeguarding the keys


Having simple, easy to guess passwords like name123 or birthdates offer little protection. Good passwords are long but memorable, such as three words that relate to a special memory.

For example, “joystreetsundaywaffles” may refer to an especially good waffle you had at Joy Street on a special Sunday.

(Now we’ve said this, please don’t use joystreetsundaywaffles as your password.)

Reusing passwords:

Never reuse the same password for more than one application – if an attacker successfully unlocks one door, any application that uses the same key will be vulnerable as well.

In a few high profile data breaches, including Yahoo!, Adobe, LinkedIn, and Twitter, login credentials were stolen.

Watching what goes in and out

Don’t click!:

Attackers most commonly target victims through phishing emails or messages. Posing as someone else, they bait victims into clicking on links which will download malware on a user’s devices.

Don’t interact with any email with addresses that do not look right or have suspicious links.


Users visiting an online site must ensure it’s a legitimate site, and only download verified software from official stores. Most sites have HTTPS enabled, with a TLS certificate to show the site’s legitimacy.

Turn on safe browsing features on web browsers will warn users of any fraudulent or unsafe sites.


Accessing social media platforms leaves digital footprints, allowing others to track your identity, location, contact details, acquaintances, and what you are doing. Hackers use these data to personalize their attacks.

Understand settings on digital platforms and make a conscious decision on who can view this information.