Google needs to do a better job of keeping the Android market free of malware. There is no excuse for Google to allow malware in the Android market. Now supposedly Android is secure according to Adrian Ludwig Google's security chief. Android has a layered defense model, but most of the malware is coming from apps that are installed via text message and or from phoes that have older phones (http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/ ). There is another govt report that indicates that 44% of phones are still on Gingerbread, which is more vulnerable to attacks. The other attack vector is via fake Google play domains. Much of this makes sense if you think about it.
So therefore Google needs to require phone makers to keep their users phones up to date and or make it easier to do so. Most users want to be on the newer versions of Android anyways. Companies can secure Android BYOD devices by requiring users to be up to date on the latest version of Android or helping them to buy a newer one or supplying them one. Educating users safe use practices and having regular scans of the devices for vulnerabilities would help as well.
Ultimately more must be done on Google's part to educate and enhance security in the Android community.