He said BYOD policies need to outline security measures such as how security breaches will be managed, whether the organisation can remotely wipe all corporate data from a personal device down to how many password attempts should be allowed before access is blocked.
"An employee also needs to be aware that by bringing their device and logging into the corporate network they are accepting a level of risk which they might not otherwise take on board," he said.
He said a BYOD policy clearly needs to articulate how liability is being apportioned between the individual and the company.
"For example, who will be responsible for lost or stolen devices and who is responsible in the case of malware or virus attacks?"
Dixit told also attendees that device support is "probably one of the most problematic areas" because the expectations between the employee and employer when it comes to supporting BYOD devices is often "wildly different."
He said organisations need to determine whether IT staff are responsible for connecting each employee's device to the network and supporting that device if something goes wrong.
"There's no real fixed answer to these questions under the law and it may be different from organisation to organisation," he said.
"The important thing to keep in mind is that you have to think through these issues and cover them off in your policy so there's no ambiguity down the track if one of these issues arises."
Sign up for MIS Asia eNewsletters.