Drafting a Mobile Device Policy That Keeps Your Data in the Right Hands


In the not so distant past, the biggest concern with your staff taking work home was that their dog might ingest it; but with the explosion of mobile technology and the ever-present threat of cybercrimes, you have a lot more to worry about than Spot taking a bite out of your motion to dismiss. For reasons easy to understand, most people don’t want to use separate mobile devices (laptops, phones, tablets, smart watches, Fitbits…jk!) for work and personal use—that’s why many personal injury firms have implemented a bring your own device, or BYOD, policy that allows your employees to use their own personal devices for both.

1) Talk to your employees:

It’s better to get input now, than complaints later. That’s why, before you implement your BYOD policy, you’ll want to discuss it with those that it affects the most…your staff (attorneys, paralegals, IT, etc.). Find out their preferences (e.g., what devices they use, what apps they’ve downloaded, which sites they visit) and then encourage them to submit suggestions and voice any concerns they might have, before you get to drafting.

2) Create a policy that serves both your purposes:

Use your staff’s feedback and recommendations from data security professionals to draft a policy that serves your purposes and that your staff will want to follow. Your policy should include clearly defined rules and protocols for your staff’s mobile device use—like what devices are allowed, who has access to what, what sites are prohibited, and more. You should also include clearly defined data monitoring practices for your IT staff (and for the rest of your staff to see), so they know what they should monitor and, more importantly, what they shouldn’t.

But your mobile device policy shouldn’t stop there. You need to have clearly defined protocols in place for swift action in the event of loss, theft, termination, resignation, spontaneous combustion, or any other potential breach-triggering event. That may include “wiping the device ”(i.e., rendering its data unreadable) with the help of mobile device management software.

And when drafting a comprehensive and secure mobile device policy, keep these tips in mind:

  • Make access to your data tougher by requiring strong passwords (i.e., 1111 won’t do), limiting user access to certain types of data, and using cloud-based software that demands multi-factor authentication (i.e., more than just one step) before letting employees access your matters.
  • Make sure the data on your staff’s mobile devices is encrypted…that means your confidential data will look like gibberish to anyone that’s not supposed to be looking at it.
  • Backup your cases (including closed ones) onto cloud storage that uses a HIPAA-compliant secure cloud server and allows you to control who has access to your data.

3) Educate your staff:

…and we’re talking your entire staff—attorneys, paralegals, the guy that writes his name on his yogurt, and definitely your IT staff should all be in the know on the ins and outs of your mobile device policy (what devices are allowed, what sites can be visited, etc.). And it shouldn’t stop there...a little cybertraining goes a long way; after all, all it takes is one errant click for your staff to fall victim to the latest phishing scam. That’s why it’s important to educate your staff periodically on the dos and don’ts of cybersecurity (including phishing, malware, email, social media, password rules, and more).

And before you do, educate yourself on CloudLex, our next-gen cloud-based legal platform that can be used on any internet-enabled device and comes complete with state-of the art security features (like multi-factor authentication, HIPAA-compliant servers, user access settings, and more) by signing up for a free demo now...with our help you can make sure cyberthieves don’t run off with your firm’s data, when your employees run off for the weekend.

Also Read:

1) Work from Anywhere at Anytime with CloudLex®

2) How Cloud-Based Legal Practice Management Software Can Prevent Data Breach in Your PI Law Firm