The drive for employee convenience in hybrid work environments is creating a significant security liability for South African businesses.
New research from Cisco shows that 75% of organisations are facing heightened cybersecurity risks from unmanaged devices connecting to corporate networks.
However, the true danger lies in seemingly innocent employee behaviours at home that can lead to significant data vulnerabilities for companies.
The report reveals a widespread “convenience culture” that 31% of working parents admit to allowing children unsupervised access to work devices secured with passcodes, while an alarming 49% leave devices unattended without any passcode protection at all.
These actions transform personal convenience into corporate liability, creating direct pathways for data breaches, regulatory penalties, and operational shutdowns.
“A simple act like a child accidentally deleting a critical file or clicking on a phishing link can trigger a cascade of costly consequences,” says Nabeel Rajab, technical solution architect at Cisco South Africa. “We’re not just talking about a technical problem; we’re talking about tangible business impact.
“The costs of forensic investigation, regulatory fines under POPIA, and reputational damage from a single breach can be devastating. These seemingly minor lapses in judgment at home can nullify substantial corporate security investments and directly threaten profitability.”
The data indicate that companies are highly exposed. In 2024, 85% of working parents indicated they shared a work-related personal device with one of their children. Compounding the issue is a failure to implement basic security measures that could mitigate these financial risks. Only 31% of employees sharing devices use multi-factor authentication (MFA), a critical tool for preventing unauthorized access.
“The solution isn’t to police employees, but to build a resilient security posture that protects the business from the financial and reputational fallout of human error,” adds Rajab.
Cisco recommends the following strategic steps to protect company assets:
- Work with, not against, users: Allow guest user accounts on devices. This provides family members restricted access without touching business systems, containing the risk while acknowledging the reality of shared home environments. It is a pragmatic compromise that is vastly preferable to giving an unauthorised user full access.
- Implement Multi-Factor Authentication (MFA): This simple verification step is one of the most effective controls for preventing an accidental click from turning into a full-blown and costly security incident. It ensures that even if a device is shared, sensitive systems remain locked down.
- Build a security-first architecture: Security must be an integral part of hybrid work design, not an afterthought. Embedding protection from the ground up gives organisations greater control over personal devices and clear visibility into shadow IT.
- Protect High-Value Data with Zero Trust Access: Not all data carries the same financial risk. Identify and guard your most sensitive information – customer data, financial records, intellectual property – with stronger controls like zero-trust network access (ZTNA) to ensure only the right person can access it.
- Ensure Business Continuity with Backups: The home is a hazardous environment for devices. Regular backups are not just an IT task; they are a crucial business continuity strategy to prevent costly downtime and ensure that employees can remain productive even if a device is lost, stolen, or damaged.
- Build a Risk-Aware Culture Through Education: Employees must understand the financial and operational consequences of security lapses. Regular training on common threats, reinforced with clear policies, helps users become the first line of defence in protecting the company’s financial health.