This report assesses the cybersecurity risks faced by South Cross University, focusing on the implementation of a Bring Your Own Device (BYOD) policy and the associated security concerns. The report evaluates the existing password-based authentication system and proposes a transition to certificate-based authentication for improved user and device validation. It delves into the threats of phishing, outlining its characteristics and providing solutions to mitigate phishing attacks, including technical controls and user training. The analysis covers data leakage, lack of management, device infections, and inadequate security policies related to BYOD. The report highlights the benefits of certificate-based authentication over password-based methods, emphasizing the use of digital certificates for secure access. Finally, the report concludes with recommendations for enhancing the university's cybersecurity posture.