BYOD: A brave new legal frontier

Bring your own device (BYOD) has become the ultimate buzzword of late as companies seek to offer a range of flexible working opportunities.

Research by the Information Security LinkedIn group from earlier this year found that 60 per cent of enterprises are now allowing BYOD, while a further 29 per cent plan to do so in the near future.

Employee productivity and satisfaction are typically rolled out as the primary benefits, with security often seen as the main drawback. This is particularly important when it comes to the legal world, because the issue of data protection is so relevant thanks to the amount of high-value intellectual property or highly sensitive information being handled.

Under the terms of the Data Protection Act, firms can be fined up to £500,000 if they are found to be guilty of a serious breach. As lawyers are effectively data controllers, they cannot afford to fall foul of the law themselves.

Apps and mobility
The typical working day has been altered by the proliferation of apps and cloud computing, as it means people can gain access to important information remotely. Business data, forms and other documents are almost universally accessible, meaning that communication and collaboration on the move has never been easier.

Being out of the office no longer has to mean being unreachable, and so law firms can make sure processes are carried out securely and efficiently. Moreover, time that used to be spent waiting around in police stations or courts can now be used much more effectively.

Osman Ismail, managing director at DPS Software, pointed out that mobile time recording is another big benefit. "Whether it's a criminal solicitor at court or an employment solicitor at a tribunal, if fee-earners log their time as they work, then a lot of previously unbilled and forgotten time can now be recorded meaning the true value of a matter is always charged for and revenues are increased," he told the Law Society.

Approaching BYOD safely
While law firms can undoubtedly benefit from BYOD, they need a policy that offers security. Among the steps that should be taken are:
• Drafting a social media policy to protect your firm's commercial interests
• Draw up an acceptable use policy
• Be explicit about what personal information can be accessed and used on devices
• Create best practice guides for password management/using encryption services
• Draw up a list of approved device types
• Make workers aware of the potential for information to be wiped remotely for security reasons
• Develop a list of approved business apps
• Make sure there are adequate technical requirements in place

Is BYOD a security time bomb?
The positives will quickly be outweighed by the negatives if law firms find themselves compromised as a result of BYOD.

A study by Sony last year found that 84 per cent of legal professionals have used personal devices to access company data, regardless of what their firm's corporate policy states. Furthermore, 49 per cent of lawyers used personal machines for work purposes.

This creates obvious security concerns, as these devices are unlikely to be properly prepared to handle the information correctly. On the other hand, corporate models can come with technology such as fingerprint security access, remote lock down and location tracking to boost security.

"We appreciate the legal industry is in a state of constant flux, due to structural changes to the market, rapidly evolving working practices and the take-up of new mobile technology, but there's no reason to miss out on the cost and productivity benefits of BYOD," said Ruth Storey, VAIO product marketing manager at Sony UK.

BYOD is undoubtedly a game-changer, as the improvements it has made to productivity have been pronounced. But at the heart of any successful policy for law firms is the issue of education. If firms do not properly communicate the need for policy adherence, they could be left facing both reputational and financial damage.