SOURCE: LockPath, Inc.

LockPath, Inc.

June 10, 2015 00:00 ET

Bring Your Own (Due) Diligence -- BYOD in Law Firms

OVERLAND PARK, KS--(Marketwired - June 10, 2015) - One of the attorneys at your firm serves as outside counsel of a major corporation. As such, she corresponds regularly with in-house counsel and other executives on legal matters involving the company. One day she loses her smartphone. The person who finds it discovers a treasure trove of sensitive communications between the attorney and the corporate executives. Before you know it, you're on a conference call with some angry corporate executives asking why emails to their outside counsel were just published on a corporate watchdog blog.


We recently wrote about the need for law firms to practice proactive compliance. It's become a necessity because firms are being held increasingly accountable for complying with the industry regulations and compliance standards of their clients.

One of the issues that firms are taking especially seriously is Bring Your Own Device (BYOD) policies. These are standards that govern the use of individuals' personal smartphones, tablets, laptop and other electronic devices for company purposes. Firms need to proactively address this issue because waiting until an incident like the above hypothetical example to institute and enforce a BYOD policy can cost you many clients.

Firms could choose not to allow attorneys to use their own devices. But this is in most cases impractical. And despite the risks, there are advantages to allowing staff members to use their own devices.

Allowing attorneys to use their own devices means you, the law firm, must Bring Your Own (Due) Diligence.

First, there must be written policies governing the use of personal devices for firm use, especially when it comes to protecting client information. In addition, attorneys must be trained on the BYOD policy. Testing on their understanding of the policy wouldn't hurt. This can all be facilitated through a policy management solution, like LockPath's Keylight.

The most important elements of a BYOD policy concern protecting sensitive information. At the very least, attorneys using personal devices for business purposes should adhere to security standards governing firm assets. That would include:

  • Password complexity and safety / device locking
  • Data storage and backup
  • Device encryption
  • Remote wiping of data if lost

The firm must also address what happens if an employee leaves. BYOD users are managing their firm and client data on the same device as their personal business. Some actions may involve selective wiping and discontinued access to firm data. It must be clearly addressed in BYOD policy, so there is no question as to what will happen.

There is usually a cost to convenience. In the case of allowing your attorneys to use their own personal devices, the cost can either be proactive due diligence or reacting to a breach of sensitive client information.

About LockPath
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company's flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.

Image Available:

Contact Information