Why Your Firm Needs a BYOD Policy

A senior partner plugs his tablet into a public charger at the airport, hopeful to have enough juice for the flight. A junior partner dashes off a quick work email on her phone before handing it to her 7-year-old who downloads a brand new game. A summer associate, after spending all summer downloading unsecured documents onto his personal tablet, leaves the firm to head back to school.

Each one of these people, without realizing it, just put all of your firm’s data at risk. This is why your firm needs a Bring Your Own Device policy.

Living in a BYOD Policy World

It’s easy to understand why companies and law firms like BYOD (“Bring Your Own Device”). The firm gets increased productivity—allowing employees to perform tasks remotely at any time of the day, with decreased cost.

However, BYOD also introduces numerous new variables into your security system. Any of the situations discussed above provides an opportunity for hackers to bypass all of your expensive cyber security systems.

Serious Risks

These new threats come at an already dangerous time for law firms. With generally more lax security, law firms are increasingly being seen as the potential “soft underbelly” by hackers. Your firm has confidential information on your clients’ patent applications, trade secret lawsuits, employment discrimination history, medical records, bank account information, etc.

Most importantly, your firm’s data is full of Personally Identifiable Information, or PII (otherwise known as all the basic questions your bank asks you before authorizing that big purchase you just made).

Serious Consequences

The price of being hacked is going up as well. Last year, Target reported that malware had allowed a group of hackers to obtain the credit and debit card information for over 100 million customers. While the financial toll was high, the damage to Target’s reputation may have been higher.

It’s worse for law firms that, unlike a national retail chain, depend on their reputation. With more states and ethics rules requiring prompt and complete disclosure of potential security breaches, how eager are you to tell your biggest client that her company’s information is now being auctioned off by Russian hackers?

You Need A Plan

There’s no way to make your information completely secure, but you can minimize your risks.

There are four key steps:

First, Relax

Yes, this is serious business, but overreacting can make the problem worse. They rarely solve the problem they seek to address, and usually have numerous unintended consequences. Bad ones.

Assess Your Risks

What are your risks? What are your capabilities? Figure out what you need, and what your firm’s resources can handle.

Plan For The Future

Set up your policy in a transparent manner. Everyone has to know what it says, who runs it, how it’s changed. Most importantly, everyone needs to understand why it’s important and how their compliance with the plan is essential.

Implement A Policy

One weak link in the chain can bring the whole thing down, so you need everyone’s buy-in for this to work. Don’t exempt anybody. Particularly at the top.

Categorized in: Technology

Law firm technology is changing

With the right tools, your firm can run efficiently so you can focus on what matters most. Learn more in our free guide, Why Law Firms Are Moving to the Cloud

Get the Guide