Bring your Own Device Series, Part 2 of 2: The potential risks of BYOD

August 12, 2013

Bring Your Own DeviceIn last week’s post, I discussed some of the benefits to BYOD (Bring your own device), including increased communication, and greater flexibility which can lead to more satisfied employees.  However, there are some drawbacks to BYOD.

The first potential concern for personal devices used for business purposes is that they may be subject to discovery in lawsuits involving the employer.  An attorney might be more than a little concerned if she is suddenly notified that she must surrender her iPhone because of a lawsuit facing an employer, with the knowledge that all of her personal data will be combed through by an unknown number of individuals.

This discovery risk may also unsettle employers, who have no real knowledge of the contents of their attorneys’ devices and thus have no idea how they could be legally impacted by what is revealed from an employee’s personal device.

Of course, the risk of discovery is a far smaller risk compared to another inherent in BYOD policies: data security.

Most of the time, employers have very little control over how data is managed on devices that are not actually owned by the employer itself; there is no way of knowing if an employee – or, worse yet, an employee’s friend or family member – is making unauthorized copies of sensitive client data.

Perhaps the more serious concern, though, arises from an employee’s use of a public Wi-Fi network to transmit or receive sensitive information.

In these situations, there is a significant risk of this sensitive data being captured by third-parties who may, in worst case scenarios, be able to use it to access all of the law firm’s client data.

Such data breaches are catastrophic to say the least; although their occurrence is nothing new, BYOD policies can create an entirely new level of risk for law firms to contend with.

Nevertheless, proper employer policies regarding data and network security in BYOD situations can alleviate much of this risk, as can certain technologies, such as virtual private networks (VPNs) and centralized and controlled cloud-based data servers.

Furthermore, if recent trends are of any indication, the significant risk of data breach presented by BYOD policies hasn’t slowed their growth to any discernable degree.

For better or worse, BYOD is here to stay.  It’s up to law firms and their attorneys to carefully way the positives and the negatives before deciding to implement this practice in the firm.