From LegaltechTO BYOD Risk Management Strategies and Pitfalls

One of the many excellent presentations that I attended at Legaltech TO on September 24 focused on a couple of ways to deal with BYOD in legal. Steve Heck, Regional CIO at Microsoft Canada offered the ‘make everything securely accessible from any device’ option. Eugene Cipparone, Director, Professional Support at Goodmans LLP offered that firm’s strategy which I will sum up here as ‘educate and enable’.

Both of these perspectives have value. On one hand, mobile devices are only used to access what is secured by two factor authentication on the web. Because the content resides and can be used (rather than just consumed) live, there is no need to use the mobile device to store any content.

Mobile device storage is a point of risk of course. Think back to news reports of laptops or USBs lost or apprehended by nefarious data thieves and released to the clamoring public who all desire read every morsel … wait a minute. I am crossing my OIPC feed with Ashley Madison and Edward Snowden. The model Steve Peck suggested does have a sound risk management strategy. The pitfall of course, as with everything, is in compliance.

On the other hand, Eugene Cipparone’s model of educate and enable is more about having lawyers understand their responsibilities and think about them. His firm suggests least risk apps, methods and processes so their lawyers are as close to truly mobile as possible. They talk about solicitor client privilege and the use of DropBox or Gmail. They think about how USB keys are usually used and whether encryption is a realistic option. I like the idea of education and enabling best practices for mobile device use by lawyers.

My notes from the session included: “Work arounds are a serious problem for efficiency. Every time you have a small group of people who have found an advantageous way to perform a task it becomes hard to train and hard to sustain. ‘Experts’ are fantastic, but when you have pockets of expertise without sharing it is not great for competence on an organization wide level.”

That was my key take away from this session: define your organizations best practices, educate about what you can do from a connected mobile device, how to safely store if necessary and how to keep client information secure.

Comments are closed.