Bring-Your-Own-Device (BYOD) policies have proved popular in a number of businesses for several years, as employers and employees alike have come to enjoy the flexibility of using personal devices for work activity. This trend wasn’t necessarily followed by the legal sector, which has traditionally been slow to adopt new innovations, but the COVID-19 pandemic forced many firms into a BYOD set-up whether they liked it or not.
Of course, implementing BYOD is much more than getting company apps and login details stored on employees’ laptops and tablets. It needs careful consideration to ensure that it meets the needs of the business and satisfies employee desires for flexibility, but without endangering the safety and security of data. This blog explores the risks of BYOD done wrong, and how best to go about doing it right.
Risk without reward
BYOD absolutely must be implemented with a full, clearly defined policy in place around how it works, particularly in terms of how employees’ personal devices are checked by the IT team and approved for use.
Without such a policy, access to corporate data and systems quickly becomes a free-for-all, with employees using all manner of different devices, and the IT team having no idea who is using what. This “shadow IT” extends to even basic means of communication like using phones for Zoom calls, sending work-related messages through WhatsApp, or using personal cloud storage services like Dropbox for business documents.
If IT teams don’t know any of this is going on, then they can’t keep control of how data and applications are accessed. This poses inherent risks around data breaches, security and compliance, as IT - and by extension, the business as a whole - has no way of knowing how secure those devices are, how up-to-date they are or whether proper procedures are being followed.
Creating secure BYOD
A good BYOD policy will take into account the responsibilities of both employees and employers. As part of formulating the policy, you should take into account:
- Which activities are permitted from personal devices, and which ones aren’t
- The types of data that can be accessed and used from those devices, and the types that aren’t
-The extent to which an employer can access personal devices for business reasons, and whether or not employees are happy to grant that level of access
- How the business responds when users don’t adhere to the rules and policies set out
Once these issues have been resolved, you can then put technical controls in place to ensure the policy is properly enforced. These should encompass hardware and software standards, service access, sensitive data protection, and enforcement-related functionality like authentication or firewalls.
More than just safe data
The benefits of a properly defined BYOD policy stretch far beyond keeping corporate data safe:
From an employee’s perspective: they have more flexibility to get their work done how, when and where they want in order to increase efficiency. By using their own device, they also naturally have more choice to pick their own that suits them. These factors can empower employees to work harder, feel more engaged with the business, and have more faith that their employer has their interests in mind.
From an employer’s perspective: money can be saved on procuring hardware (and to a lesser extent, software) for business use as employees are using their own. More engaged employees will contribute to an increase in productivity for a relatively small financial outlay. IT teams, meanwhile, will find time efficiencies through a reduced demand for business device management.
In the months and years to come, more and more employees will come to expect more flexible working practices such as BYOD, to the point that it will become a major differentiator between firms within the legal sector job market. Firms will have to explore ways to make it work, and ensuring a proper BYOD policy is in place is a key part of achieving that. Those that can break out of the usual sluggishness legal firms suffer from when adopting new technology will find that BYOD can make a major positive difference to their organisations.
Employees can work with ease wherever they need to, with Oosha’s Virtual Desktop as a Service, designed with the legal sector in mind. Take a closer look at how we can support law firms like yours in the post-pandemic world of work here.