May 6, 2014
How do mobile devices benefit the workplace? Let us count the ways: Improving your client service with 24-hour access to client files and information, maximizing your billable hours, making it easy to work from anywhere and more. However, these benefits can be tempered by the risk of your clients' and firm's data falling into the wrong hands.
In a survey conducted by American Lawyer, 82% of law offices said their principal concern of employees using their personal devices at work was data security and secure client file sharing. To combat these concerns, use the following six steps to develop a 'bring your own device' (BYOD) policy for your firm that takes the necessary precautions to protect your data:
1. Define the rights and duties of the device owner: Your BYOD policy should state that all personal and law office data should be kept separate and that you and your staff have a right to keep your personal information private. It should require everyone to: back up any client or firm information stored on the personal device; upgrade all software necessary to maintain the phone's security; download a mobile device management (MDM) program, which can be used to monitor and wipe clean a lost or stolen device; and use a strong password.
2. Define the rights and duties of the employer: Your policy should lay out when the employer can request a device's password, access the device and monitor it through the MDM program.
3. Require reporting: It's essential your BYOD policy require device owners to notify the law office and wireless carrier within 24 hours of a device being lost or stolen so that if necessary, it can be remotely wiped of data.
4. Train employees: You should hold training sessions with your staff to ensure they understand the risks associated with using personal devices for work and how the content of the policy protects them, the law office and the clients. You should also require anyone using a mobile device to sign the policy in writing stating they agree to follow the rules laid out in it.
5. Monitor the policy: Use the MDM program to monitor employee's work email, set passwords, encrypt the device, block certain websites or apps, run reports on compliance and more.
6. Revisit and update: Technology is constantly changing and it's critical you reevaluate your policy as mobile devices change and security software evolves.
Using these six steps to create and implement a BYOD will allow you and everyone in your office to enjoy the benefits of using personal devices for work while mitigating the security risks associated with mobile devices.