"We were so impressed, we offered him a nice paying job," says CSO Jason Clark at Websense. But that job offer was a ruse to catch a thief. "Then we helped track down the guy, and he got arrested."

Clark related this story to me during a broader discussion about security risks and costs related to the latest wave crashing on the enterprise: Bring-your-own-device, or BYOD, whereby employees want personally-owned tech gadgets hooking up to the corporate network and trafficking in confidential data.

Companies with BYOD policies see some upsides. For starters, BYOD makes employees happy because they can now use technology of their choosing, blending personal and work lives in a single device--and happy employees are productive employees.

BYOD also takes companies out of the hardware purchasing game, or at least offsets it, because employees now use their hard-earned dollars to pay for work-related computers and mobile devices.

The downside is the risk of receiving a call from a Hungarian man trying to extort $50,000. There are other issues, too, such as management headaches and hidden costs to support BYOD employees. In other words, BYOD is not a free lunch.