Upload
brian-focht
View
283
Download
1
Embed Size (px)
DESCRIPTION
We live in a world where BYOD (Bring Your Own Device) is no longer an option, but rather the reality. Law firms, traditionally slow to adopt new technology, are increasingly allowing attorneys and staff to access secure networks with mobile devices, but are woefully uninformed about the risks of doing so. Whether to allow BYOD in your firm is less an option than in times past, so you NEED a BYOD Policy in place. It must address the security needs of your firm based on your local ethics rules, but it also must address reality. The reality is that without buy-in by your employees, you will never be fully protected. BYOD Policies have the capacity to be very intrusive, and all it takes is one employee ignoring it to leave a gaping hole in your cyber security. You don't need just any BYOD Policy, you need the RIGHT BYOD Policy!
Citation preview
Clio Cloud Conference 2014 #ClioCloud9
Law Firms in a BYOD World
by Brian Focht
@NCCyberAdvocate
Clio Cloud Conference 2014 #ClioCloud9
Law Firms in a BYOD World
by Brian Focht
@NCCyberAdvocate
Imagine…
A senior partner plugs his tablet into a
public charger at the airport, hopeful to
have enough juice for the flight…
Imagine…
A junior partner dashes off a quick
work email on her phone before
handing it to her 7 year-old who
downloads a brand new game…
Imagine…
A senior associate laughs when her
friend fumbles with a password to
respond to an email – “phone
passwords are so inconvenient,” she
thinks to herself…
Imagine…
A junior associate finally remembers to
email IT to report that his phone was
stolen on the first day of his Vegas
trip… last week…
Imagine…
A summer associate, after spending all
summer downloading unsecured
documents onto his personal tablet,
leaves the firm to head back to school…
Imagine…
EACH SITUATION POSES A HUGE
SECURITY RISK FOR YOUR FIRM!
#ClioCloud9Clio Cloud Conference 2014
We’re Living in a BYOD World
Businesses Like It
Employers Like It
Employees Like It
#ClioCloud9Clio Cloud Conference 2014
… and it’s a Dangerous World…
Hackers Like It
#ClioCloud9Clio Cloud Conference 2014
… and it’s a Dangerous World…
Incidents of Hacking on the Rise
1. Obvious targets for obvious reasons:
Target & Home Depot - $$$
2. New targets for more insidious reasons:
Personally Identifiable Information (PII)
#ClioCloud9Clio Cloud Conference 2014
… and it’s a Dangerous World…
Increased Convenience
=
Decreased Security
Law Firms are Vulnerable
#ClioCloud9Clio Cloud Conference 2014
… and it’s a Dangerous World…
Law Firms are a one-stop-shop for hackers
• Patent applications & intellectual property
• Confidential business information
• Negotiating strategies & future business
goals
• Personally Identifiable Information
#ClioCloud9Clio Cloud Conference 2014
… and it’s a Dangerous World…
No practice area is immune
#ClioCloud9Clio Cloud Conference 2014
… with Serious Consequences.
Stakes Keep Going Up
1. Financial Responsibility
2. Ethical Responsibility
3. Your Professional Reputation
#ClioCloud9Clio Cloud Conference 2014
… with Serious Consequences.
Consequences of being hacked are on the rise!
The Wrong Security Breach Could Ruin Your Firm!
#ClioCloud9Clio Cloud Conference 2014
Four Key Steps
1. Breathe
2. Assess
3. Plan
4. Implement
#ClioCloud9Clio Cloud Conference 2014
Step 1: Breathe
#ClioCloud9Clio Cloud Conference 2014
Step 2: Assess
There is no one-size-fits-all solution
Know Thyself
#ClioCloud9Clio Cloud Conference 2014
Step 2: Assess
Know Thyself
1. What are you trying to protect?
2. What resources do you have?
3.What other factors are there?
#ClioCloud9Clio Cloud Conference 2014
Step 3: Plan
Any Plan vs. The RIGHT Plan
NOT a Fire-And-Forget Issue
REQUIRES Universal Buy-In
Involve Everyone
Respect Concerns about Privacy
#ClioCloud9Clio Cloud Conference 2014
Step 3: Plan
Essential Components
1. BYOD Manager
2. Implementation
3. General Security
Requirements
4. Permissible Devices
5. Business vs. Personal
6. Apps
7. Mobile Device
Management
8. Updates
#ClioCloud9Clio Cloud Conference 2014
Step 3: Plan
Other Considerations
Employment Contract
Is BYOD Optional?
Privacy Bill of Rights
Who Watches the Watchers?
#ClioCloud9Clio Cloud Conference 2014
Step 4: Implement
Remember:
Only Effective if Applies to Everyone
No Waivers, No Exceptions
Not a Fire-And-Forget Policy!
Constant Vigilance
Clio Cloud Conference 2014 #ClioCloud9
Thank you for listening!