While it is truly impossible to have a 100% safe, connected network, BYOD is certainly a risk probably not worth taking. Sure AV mandates and scans, HW firewalls, encryption and DMZs are great and required nowadays, but I think severely restricted user accounts are also a good practice worth at least consideration. Otherwise, company assets only seems to be a better option.