Mobile devices have made parts of lawyers’ jobs easier, enabling remote work and uninterrupted client contact regardless of location. But while mobile access improves convenience and increases productivity, it’s not without risks. Particularly with bring-your-own-device (BYOD) policies, lawyers using mobile devices face potential security compromises.
Remote and Mobile Working Are Still Robust
For better or worse, work has expanded well beyond the office. The American Bar Association’s 2018 TECHREPORT noted that 68 percent of firms with two to nine attorneys allowed telecommuting. In larger firms, remote working has dropped off somewhat from the astronomical numbers reported in 2015 and 2016, but it remains common; around 80 percent of firms with more than 10 attorneys allow offsite work.
The continuing trend toward flexible work arrangements is no surprise: remote access is enormously valuable to employees, particularly millennials, who make up an increasing percentage of the workforce. And that freedom, once obtained, is hard to give up. In its survey, Buffer reported that 90 percent of remote workers intended to continue working remotely for the remainder of their careers.
Just as work is no longer confined to one physical location, it’s no longer restricted to one type of device. Remote work may occur on laptops, tablets, and smartphones. In the same report, the ABA noted that about 50 percent of attorneys at all firms—47 percent in solos and small firms and 53 percent in firms of 100 to 499 attorneys—use tablets for at least part of their work. Both document access and client communications may also occur on smartphones, regardless of whether those are provided by the firm or are personal devices.
But that’s where there starts to be trouble in paradise.
Mobile Devices Create a Security Problem
Law firms are still targets for security breaches due to the concentration of sensitive information that they manage. The ABA reported in 2018 that about 23 percent of responding firms had experienced security breaches, while another 40 percent reported virus or malware infections.
Mobile and remote access only increase these risks. For example:
- Personal devices may not be running the latest operating system, introducing security vulnerabilities.
- The apps on personal devices may not be up to date.
- Personal devices may lack antivirus and firewall protections.
- Regardless of device, not all connections are secure.
- Whoever they belong to—the firm or an individual employee—phones are easy to lose.
Of course, working from home or from a mobile device doesn’t obviate the need, as stated in Model Rule 1.6 of the ABA’s Model Rules of Professional Conduct, to maintain the confidentiality of client information. That rule now clarifies that lawyers “shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
Here are three easy ways to improve security on mobile devices.
Tips for Successfully Maintaining Data Security in Today’s Workplace
Be proactive about device use. Don’t turn a blind eye to the devices that attorneys are using for work. Firms should either provide devices for mobile and remote access or, at a minimum, should have functional BYOD policies that they monitor and strictly enforce. That includes providing support for remote connections and personal devices instead of leaving security compliance up to individual attorneys.
Protect the data on mobile devices using passwords, screen-lock functions, and encryption. Despite the clear risks of security breaches, the ABA found that only 24 percent of attorneys use password-management tools. Require that all devices used for work have strong passwords, using a firm-provided password manager, and that screens are automatically locked when not in use. Additionally, ensure that both files and emails are encrypted on all devices.
Create a policy for promptly reporting and wiping lost devices. Ensure that employees know how to immediately report any lost devices, even after hours. Bear in mind that this reporting procedure must be accessible from any device. Minimize the risks of lost devices by enabling an immediate remote wipe.
With proactive and realistic management, you can manage the risks of remote and mobile working without losing the benefits of flexible work arrangements. To learn more, check out our webinar on the security impacts of remote working.