June 22, 2014
If you haven't already implemented a Bring Your Own Device policy, you're probably working on creating one now. As it becomes more common for you and your staff to use mobile devices for work, it's critical you put in place a plan for how to protect your sensitive information and monitor security measures. However, not all BYOD policies are equal and there are some common mistakes you need to avoid:
Don't use a preexisting strategy, especially if it's created by another law office, Enterprise Apps Tech advises. Each law office will have its own unique needs and therefore, needs its own unique policy. If you model your plan off another firm or organization, it may not address your main security risks.
Sample BYOD policies may be useful, but don't attempt to use policy that claims to have everything you need. Your policy should do more than protect your information, it should align with your business's long-term goals such as moving to a paperless office, transitioning to the cloud or providing more virtual-based services.
Don't ignore apps, Forbes says. There are thousands of apps for every device now, ranging from heart monitors to calendars to Angry Birds. Be careful not to overlook the security risks of some apps, which can put viruses on the phone or steal the users' data. Your policy should restrict the type of apps allowed on a device used for work including apps that could access work email programs or have been suspected of having viruses.
Don't overlook employee training, a Cisco blog recommends. Making sure your staff is fully educated about the risks inherent in using mobile devices for work is critical to the success of a BYOD policy. Without all employees being aware of the risks and the content of the BYOD policy, there won't be full compliance and your law office information will be vulnerable to cyberattacks.
And don't forget you need to gain employee consent if you use Mobile Device Management (MDM) software, which would need to be downloaded onto the device to monitor it.
Don't forget to include a device wipe, the Cisco blog says. This is one of the most important features of your policy. If a device containing sensitive information is lost or stolen, you must have the ability and permission of the owner to remotely wipe the device of all its data.
Creating a BYOD policy can be a challenge particularly if you don't have an in-house IT department. But by researching the security risks related to mobile devices you can create a policy that thoroughly addresses your needs and goals.