Month: September 2025

Most organizations have a BYOD program. This saves money and makes employees happier, but it can also be risky. That’s because personal devices have fragmented security postures: outdated operating system software, unvetted apps, shared usage, and configurations that can open doors for attackers or human error.

When personal laptops and smartphones connect to your network, access corporate applications, and handle sensitive communications, they effectively become part of your security perimeter. You can protect these interactions through technical controls (like VPNs, MDM, and endpoint detection solutions). But ultimately, many settings and behaviors come down to the device owner. That’s where human risk management comes in: helping employees configure and use their devices in ways that reduce exposure.

Four common risk areas include device hygiene, access control, connectivity, and data handling. Here are some of the lapses we see in our human behavior data lake here at Fable Security, and some advice for addressing them in a targeted way.

Device hygiene

People aren’t always on top of their device hygiene—whether smartphones, tablets, or laptops. They delay OS updates, skip lock-screen protections, and forget to update anti-malware (or don’t have their anti-malware configured properly). That leaves exploitable vulnerabilities and weakens built-in security. Some jailbreak their smartphones, putting them at higher risk for malware. On laptops, people run unsupported operating systems and disable full-disk encryption, making them an easy target for attackers or exposing important data if the laptop is stolen.

Access control

Access controls on personal devices are often weaker than on company-issued ones. Employees reuse passwords across personal and work accounts, store corporate logins in unsecured browsers, and rely on weak PINs and easily bypassed biometrics. Saved credentials in mobile apps can also expose company systems if the device is lost or stolen. Without MFA enforced across accounts, attackers have an easy path in. The result is that an otherwise secure application can be compromised simply because the device is unsecured.

Connectivity

Connectivity habits are another weak link. Employees join public Wi-Fi networks in airports or cafés without a VPN, making them vulnerable to man-in-the-middle attacks. Smartphones paired with untrusted Bluetooth devices or personal hotspots can expose sensitive traffic. Unsecured laptop tethering creates similar risks. These are small conveniences for employees, but each one broadens the attack surface and can make corporate data easier to intercept.

Data handling

The line between personal and work data blurs quickly on BYOD devices. Auto-backups can push corporate files into personal iCloud or Google Drive accounts. Screenshots of sensitive information can land in smartphone photo galleries. Employees can save work documents to personal Dropbox accounts for convenience. These habits may feel harmless, but they erode the boundary between corporate and personal environments and can expose data.

The human risk playbook
No doubt you have policies for most or all of these eventualities, backed up with technical controls or paper processes. Whether you have a control in place or rely on a process, your human risk process can do four important things:

1. Monitor how well your policies are being followed, and gain visibility into the cohorts of people who aren’t following them;
2. Nudge or brief those who need a reminder of what your policies are, and how to adhere to them;
3. Prompt people to adopt the proper tools (e.g., MDM, MFA, etc.) to ensure policies are followed through technical controls;
4. When technical controls aren’t available, prompt people to adhere to policies through high-quality, targeted interventions.   

Use data to your advantage

Your human risk playbook should involve gathering and synthesizing telemetry from your identity and access, workspace, HR, and security stack to understand behaviors and automatically create cohorts of employees whose devices are out of policy or who exhibit risky BYOD behavior. 

Deploy hyper-targeted, precise interventions

From there, create targeted, policy-aligned, AI-generated interventions, such as a 30-word nudge in Slack or a 60-second personalized briefing video. The intervention should target only the people who need to take action, explain why, and offer a precise call-to-action. That could mean instructing people with out-of-date OS versions to update immediately, prompting those accessing sensitive corporate applications over unsecured Wi-Fi to use an approved VPN, or directing employees who are saving sensitive data to personal cloud storage to use the approved corporate-sanctioned cloud storage. By narrowing the scope and tailoring your calls-to-action, you not only reduce noise and fatigue but also maximize the likelihood that people will follow your BYOD policy.

Enterprises are adopting generative AI in a big way. People are using tools like ChatGPT, Gemini, and Claude to speed up coding, polish marketing copy, summarize contracts, and brainstorm ideas. The productivity upside is real, but so are the risks—exposed customer data, source code, intellectual property, non-public financials, protected health information, and more can end up in places you never intended. Unlike traditional cyber threats, these exposures don’t come from an external attacker; they come from everyday employees moving too fast, and maybe not realizing the consequences.

The only way to deal with this risk is to see it clearly. A human behavior data lakehouse like ours ingests signals from your workspace and security stack, normalizes them, and identifies patterns. While your security team may be able to surface some issues from individual tools, they won’t have an easy way to see the behavior across the board, and more importantly, won’t be empowered to intervene—making employees aware and suggesting alternative ways to get their jobs done—while also protecting your sensitive data.

Here are a few examples of what we see in the Fable platform:

IAM (Okta, Azure AD) → who’s adopting and provisioning access to AI

EDR (CrowdStrike, SentinelOne) → endpoint activity such as copy-paste

DLP (Microsoft Purview, Netskope) → sensitive data categorizations

SASE (Netskope, Zscaler) → sensitive data uploads to AI

To name a few.

Beyond simply telling you who’s doing what, a human behavior data lakehouse can connect more dots to give you context, such as people’s role, access, and behavior history, so you know where your risk is most acute and where to concentrate your interventions. 

Once you’ve identified the most problematic data-sharing behaviors in your enterprise, you’ll want to take action in the moment using an automated, AI-generated intervention. That may be a quick-and-dirty nudge in Slack or Teams, or a personalized 60-ish-second video briefing referencing the person, their precise behavior, your company’s policy, whatever sanctioned applications you want to guide them to, and any specific calls-to-action you want to make.

Here’s an example of what such an intervention might look like—a free video you can download and use in your company. It’ll give you a taste of our short-and-sweet, highly-effective, AI-generated content. As part of the Fable platform, it would be personalized, targeted, and sent just in time.

When we set out to build the Fable human behavior data lakehouse, we weren’t just thinking about storing information. We were thinking about unlocking entirely new capabilities—ones that legacy systems simply can’t handle.

Here are seven human risk use cases that are only possible with a flexible lakehouse architecture, so data can be available in a variety of formats, including enriched, contextual, and intelligent.