The rise in BYOD has left businesses struggling to manage the growing number of access points across their systems. A recent study conducted by Bitglass found that 57 percent of employees and 38 percent of IT professionals don\u2019t participate in their company\u2019s BYOD program due to privacy concerns, that corporate leadership would have too much visibility into the end user\u2019s personal data.Of course, that doesn\u2019t stop employees from using their own devices, circumventing official policy. And when your employees are ignoring your BYOD strategy, it means something isn\u2019t working and the time has come to re-evaluate your plan.How can you tell if your employees have gone rogue with their personally owned devices and put corporate data at risk?\u201cThere are several signs, but the most obvious is the leakage of sensitive corporate information,\u201d said Patricia Titus, who served as CISO at multiple companies, and is currently member of Visual Privacy Advisory Council. \u201cThis means you\u2019ve found your data either \u2018in the wild\u2019 on the Dark Web or \u2018in the clear\u2019 on the Internet.\u201dAnother sign your policies aren\u2019t working is if you notice an increase in malware or attacks from authorized personal devices. This may mean an employee is not holding up his end of the bargain by using security software or may not be keeping it up to date.The re-evaluation of the BYOD program should begin with an assessment of the policies to make sure they are relevant to the company\u2019s needs, if they are able to hold employees accountable, and if they are applicable to the technologies currently in use.If after this assessment it is discovered that the BYOD policy has yielded few results and failed to keep sensitive data secure, there are two options: restructure the current policy or abandon the BYOD program all together.[ ALSO ON CSO: 5 ways to shore up security in your BYOD strategy ]In restructuring your BYOD program, it is vital that a \u201ctrust and verify\u201d framework be put in place to ensure policies are effective, and that they include input from every business unit. If staff doesn\u2019t feel a sense of ownership, they will continue to ignore the policy, according to Dominic Vogel, cybersecurity consultant and a former Information security analyst in the financial industry.\u201cEffective policies need to be created as a group in order to gain a sense of ownership,\u201d he said. \u201cMake sure HR, finance, marketing, communications, executives, are all represented and come up with a realistic (not draconian) policy that mitigates risks while still enabling the business.\u201dThe revamped policies should then be clearly articulated to employees in non-technical terms, and understanding the terms of the policies should be contingent to being allowed to connect personal devices to the corporate network.That said, it may surprise you to find out that a growing number of security experts believe companies should follow the second option. Too many employees are skirting the policies to begin with, so you may be better off forbidding personal devices to connect to the network all together, especially if your industry is highly regulated.\u201cIf the risk appetite for a company is very low, meaning it is heavily regulated and has a low tolerance for risk, a BYOD program may not be appropriate,\u201d said Titus. \u201cRegulated companies also must be able to prove to auditors that their BYOD programs are effective.\u201dInstead of BYOD, Titus suggested a C(hoose)YOD option instead. Here, the company owns the device and its security but employees are allowed to choose from a small pool of devices keeping them part of the enterprise security program.If you need to discontinue the program for any reason, it is important to determine how to clear company confidential data from employees\u2019 personal devices without wiping out any personal information. \u201cThis can be a touchy situation,\u201d said Titus, \u201cand it\u2019s important to partner with legal and HR before even temporarily terminating the program. Communication has to be top of mind and it must be balanced with other security awareness provided to employees to ensure you\u2019re not creating cyber security fatigue.\u201dA failing BYOD policy can be devastating to a business, risking the loss of intellectual property, personally identifiable information of customers, and financial data \u2013 not to mention the exposure of the end user\u2019s data. All it takes is for one device not be patched, not have standard anti-virus software or other security protections, be misconfigured but on your network, or to be lost or stolen for your company to be the latest victim of a major data breach.