So, I changed the famous line a bit so we can all remember that changing to a Bring Your Own Device (BYOD) policy needs to be a well thought out plan for organization of any size. There are a myriad of risks that must to be addressed, not the least of which is cyber risks from downloading a malicious malware program disguised as a "cool application"
The other area to "be careful...be very careful" is the [new] policy your company adopts and explains to each and every employee, and has them sign the acknowledgement that they completely understand. This is a key area because one of the issues is when the Company wipes the data from the phone - in some cases it is ALL the data. The policy must clearly identify that the Employee is responsible for backing up the data.
Moving to a BYOD policy is not something that should be taken lightly. While there are thousands of articles being written on the subject, one that I thought was particularly succinct and provides useful risk guidance is "Is BYOD the Right Call?" by Jim Rhodes for Rough Notes magazine; an insurance and risk management publication.
Having an exposure resulting from adopting a poorly conceived BYOD decision can impact the company's Total Cost of Risk (TCoR) dramatically. With the impact on employee risks, cyber-data risks, trade secret risks and the all-encompassing reputation risk you best tread cautiously when thinking about this change. Feel free to give me a call at 732.395.4251 or email me at firstname.lastname@example.org if you would like to discuss the issues/risks surrounding this area and what can be done to mitigate these risks.