“Bring Your Own Device” Policies for Law Firms

BY Ryan Conley

devices

LISTEN

“Bring your own device” (BYOD) is a policy that allows (or requires) employees to use their own personal mobile electronics such as smartphones, laptops, and tablets to access privileged company information.

A lot of demand for BYOD comes from employees. Most professionals own mobile devices that they understand well, enjoy working with, and greatly prefer using over company-issued devices. Although BYOD usually shifts hardware costs from businesses to their employees (absent a stipend for purchases), this hardly represents a significant burden for the majority of professionals, given the increasing variety, affordability, and ownership of mobile devices.

Executives are also increasingly interested in BYOD because of its potential to allow job responsibilities and communications to reach beyond the walls of the office and the constraints of business hours. When mobile devices are used solely for work tasks, it is easy for employees to turn them off and forget about work as soon as they leave the office. But when personal and business email and phone calls all happen on one device, a well-connected employee cannot help but think about work periodically throughout the off-hours. This is, of course, a mixed blessing to the worker: mobile electronics allow greater flexibility in working remotely and on flexible hours, but personal lives can suffer from a lack of pure free time.

The primary concern for any business with a BYOD policy is security risk. When a business distributes a single model of laptop or phone with only pre-vetted software installed or permitted, security is far tighter than under a system of many devices with any of a huge world of available applications installed. In fact, the most liberal BYOD policies make obsolete traditional relationships between IT departments and end users. Employees, rather than depending on IT to protect them from themselves, must be educated and encouraged to provide for their own security. Well-developed, written policies concerning data security must be in place, and employees should be required to brush up on security regularly.

Three common approaches to security for mobile devices are virtualization, the “walled garden,” and limited separation. Virtualization, the most secure option, allows devices to access the corporate network and data through an encrypted virtual private network (VPN) connection. No data is stored on the personal device in this case, and required software installations are minimized. This is an approximation of cloud software in which the “cloud” is operated by your firm as opposed to a software vendor. A “walled garden,” also called a “corporate sandbox,” is a segregation between corporate and personal data that mitigates the risk of breaches of confidentiality and damage from malicious software or viruses. Limited separation, the least secure of these options, permits intermingling of personal and corporate data and applications but still employs minimum security controls.

Cloud software is beginning to lower the barriers to adoption of BYOD policies and lessen the burden of implementing them.

Traditional desktop software: requires installation of a full-fledged application; stores data locally, where it is vulnerable to corruption, loss, accidental disclosure, or theft; and must be updated by the end user or IT professional when bug fixes and security updates are released, which means downtime.

Cloud software, on the other hand: installs only a small “app,” if anything; stores data remotely, on highly secure servers; and if entirely web-based, loads the current version of the software from remote servers every time you log in.

Thus, the more cloud-enabled your legal practice is, the less work will be involved if you decide to implement BYOD.

BYOD is spreading at very different rates in different industries. Those full of creative types or tech-savvy employees likely never issued company devices at all, while highly secure and conservative industries are much slower to adopt the policy. Law firms likely fall somewhere in the middle of this spectrum. Because security of privileged information is of the utmost importance to attorneys, that is clearly the main sticking point preventing some firms from taking the plunge. But a little research into cloud software and VPNs might convince you that IT security is not quite so device-dependent as it once was.

With a careful, methodical review of security policies and available software solutions, your firm can reap all the benefits of cost, productivity, and communication that BYOD has to offer.

Ryan Conley

Ryan Conley is a staff contributor to Bigger Law Firm Magazine and a legal content strategist for U.S. based law firms.

MORE STORIES

Security vulnerability infected websites

WordPress Security Breach Used Vulnerabilities in Plugins in Themes

Over one million WordPress websites have been infected by a malware campaign called Balada Injector since 2017, according to cybersecurity firm GoDaddy’s Sucuri. The attackers behind the campaign use all known and recently discovered vulnerabilities in WordPress themes and plugins to breach sites. They typically play out their attacks in waves once every few weeks,…

Law firm partner learning about SEO

How to talk to the partners about SEO

As a law firm marketing director, you understand the importance of SEO in driving traffic to your website and generating leads for your firm. However, convincing the partners of your law firm to invest in SEO can be a daunting task, particularly if they do not understand its benefits. Here are some tips on how…

Law Firm UX

The Psychology of User Experience and Its Impact on Law Firm Marketing

User experience, commonly referred to as UX, is an essential aspect of any marketing strategy, including law firm marketing. It encompasses everything that the user experiences while interacting with a product or service, including ease of use, accessibility, visual appeal, and overall satisfaction. The psychology behind user experience is a fascinating subject, and understanding it…