Download - Law Firms in a BYOD World

Clio Cloud Conference 2014 #ClioCloud9

Law Firms in a BYOD World

by Brian Focht

@NCCyberAdvocate

Imagine…

A senior partner plugs his tablet into a

public charger at the airport, hopeful to

have enough juice for the flight…

Imagine…

A junior partner dashes off a quick

work email on her phone before

handing it to her 7 year-old who

downloads a brand new game…

Imagine…

A senior associate laughs when her

friend fumbles with a password to

respond to an email – “phone

passwords are so inconvenient,” she

thinks to herself…

Imagine…

A junior associate finally remembers to

email IT to report that his phone was

stolen on the first day of his Vegas

trip… last week…

Imagine…

A summer associate, after spending all

summer downloading unsecured

documents onto his personal tablet,

leaves the firm to head back to school…

Imagine…

EACH SITUATION POSES A HUGE

SECURITY RISK FOR YOUR FIRM!

#ClioCloud9Clio Cloud Conference 2014

We’re Living in a BYOD World

Businesses Like It

Employers Like It

Employees Like It


… and it’s a Dangerous World…

Hackers Like It



Incidents of Hacking on the Rise

1. Obvious targets for obvious reasons:

Target & Home Depot - $$$

2. New targets for more insidious reasons:

Personally Identifiable Information (PII)



Increased Convenience

=

Decreased Security

Law Firms are Vulnerable



Law Firms are a one-stop-shop for hackers

• Patent applications & intellectual property

• Confidential business information

• Negotiating strategies & future business

goals

• Personally Identifiable Information



No practice area is immune


… with Serious Consequences.

Stakes Keep Going Up

1. Financial Responsibility

2. Ethical Responsibility

3. Your Professional Reputation


… with Serious Consequences.

Consequences of being hacked are on the rise!

The Wrong Security Breach Could Ruin Your Firm!


Four Key Steps

1. Breathe

2. Assess

3. Plan

4. Implement


Step 1: Breathe


Step 2: Assess

There is no one-size-fits-all solution

Know Thyself


Step 2: Assess

Know Thyself

1. What are you trying to protect?

2. What resources do you have?

3.What other factors are there?


Step 3: Plan

Any Plan vs. The RIGHT Plan

NOT a Fire-And-Forget Issue

REQUIRES Universal Buy-In

Involve Everyone

Respect Concerns about Privacy


Step 3: Plan

Essential Components

1. BYOD Manager

2. Implementation

3. General Security

Requirements

4. Permissible Devices

5. Business vs. Personal

6. Apps

7. Mobile Device

Management

8. Updates


Step 3: Plan

Other Considerations

Employment Contract

Is BYOD Optional?

Privacy Bill of Rights

Who Watches the Watchers?


Step 4: Implement

Remember:

Only Effective if Applies to Everyone

No Waivers, No Exceptions

Not a Fire-And-Forget Policy!

Constant Vigilance

Clio Cloud Conference 2014 #ClioCloud9

Thank you for listening!