Companies and their employees rely on information technology (IT) and internet-enabled technology to conduct their business and communications. This offers many advantages, but also introduces risks related to information security. The present study sought to address the challenges of IT security alongside the adoption of bring your own device (BYOD) programs and the lack of user awareness of related best practices. A qualitative case study research design was employed. IT managers were interviewed to explore the newly developing subject of BYOD and its implications for IT security. The issues most central to information security are security policies, BYOD user awareness and training, the enforcement of organisational security policies, manager effectiveness in protecting data, and users' acceptance and adherence to BYOD security policies. While BYOD is favoured by many users and also offers many advantages, it is not favoured by most IT security managers.