[This post is the sixteenth in a series. The original post can be found here.]
In many firms, it is common for lawyers to use personal smartphones or tablets for work purposes. This is often referred to as “Bring Your Own Device” or “BYOD.” Lawyers or staff may also work at home and even access the office network from a personal home computer. Both of these practices raise significant cyber risks.
Permitting staff to use their own smartphones or tablets makes great practical sense. They already own and are comfortable with the devices so the firm does not have to incur the cost of buying them or paying for wireless plans. However, if these devices connect to the office Wi-Fi or network, or if they are used to create documents that will be sent to the office, they can potentially deliver a malware infection to the office network.
Young people have a very high exposure to malware as they are more likely to engage in many of the most dangerous online activities, including using social media, downloading programs, and file sharing. As a result, it is far more likely that any device children or teenagers are using is infected with malware. This is a concern because using a compromised computer for remote access to your office can bypass the firewall and other security mechanisms, potentially delivering a malware infection to the heart of your network.
To be absolutely safe, avoid using a home computer or other device for work purposes if it is used by others. Where a home computer is being used for work purposes, the steps outlined in this article must be followed to protect the office network and systems from cyber risks. Creating separate user accounts will make things more secure, but a better alternative is to have two partitions on your home computer. This essentially means there are two complete sets of software on the computer: one that only you would use, and one that others in the house would use.
Where a home computer or other BYOD device is being used for work purposes, the steps outlined in this article must be followed to protect the office network and systems from cyber risks. Staff education is key for reducing the risks associated with the use of personal equipment. Technology use policies should be in place to ensure all necessary steps are taken to address relevant cyber risks.
See the practicePRO Technology Use Policies Resources for sample BYOD and remote access policies.
Dan Pinnington is the Vice President of Claims Prevention at practicePRO. This article first appeared in the December 2013 issue of LawPro magazine. Reprinted with permission. For more cyber safety tips, visit www.lawpro.ca.