BYOD: Five Steps to Protect Your Clients and Save Money!

0819131258Everyone in business looks for that little tactical advantage, that one way to save money that has no impact on the quality of work. For most companies nowadays, overhead and employee perks have been one of the most popular places that companies have been seeking that edge – cutting back on company cars, health insurance plans, expensive office services. But that one perfect way to save, it turns out, didn’t happen through a cost-cutting analysis, but when the guy in the office next door began accessing his company email with his iPhone.

In the fall of 2008, I offered to gather some information for my firm about a proposal to purchase Blackberrys for all of the attorneys in the office (at the time, of the 12 attorneys, only the five partners had firm-provided phones). It was the height of Blackberry dominance in the corporate business world, and many seemed to look at Blackberry as the only sensible option at the time.

I prepared a full report to the associates about which line of phones and plans we should request, but to my shock, the plan to request the phones was voted down. I purchased my first iPhone shortly thereafter, and used its email system to connect to the firm’s Exchange server.

Little did I know that instead of participating in the end of the glory days of Blackberry, I was part of a new trend in technology: “Bring Your Own Device,” or BYOD.

Businesses everywhere have come to the realization that they can save a TON of money simply by allowing their employees to bring their devices with them to work instead of providing each employee with a company-owned phone operating on a company-provided service. Employees have been happy to adopt the new paradigm as well, giving up a small fringe benefit from their company in favor of increased flexibility.

Particularly for small businesses like law firms, BYOD is essentially already a reality. Even when firms provide laptops, attorneys are likely also using their personal smartphones for work. When phones are provided, tablets are used. So instead of buying laptops, phones AND tablets for every one of your attorneys (while hoping that next year doesn’t see a whole new line of devices released that you’ll have to buy for your attorneys), here are five steps your firm can take to best protect firm assets and confidential information, while allowing your firm to save a little money:

1) Evaluate your firm’s wireless capabilities.

Before we address how your attorneys and staff are going to connect to your network, we need to make sure they can connect to your network. Your firm’s wireless network will be the hub of BYOD activity. Even though many devices connect to the internet via their cellular networks, it’s expensive and relatively slow. Plus, failure to provide secure Wi-Fi may result in the use of other available networks, as BYOD users look to avoid charges for exceeding data limits, which poses a serious potential security risk.

So what do you need? Two things: 1) sufficient wireless capability, and 2) sufficient coverage.

First, your firm’s internet service must provide the bandwidth to support many wireless devices connected to the internet at one time (it is very likely that your bandwidth needs will considerably increase). Take into account things like whether your firm relies heavily on cloud-based services, which will require constant uploading and downloading of case files, and require a lot more bandwidth.

Second, your firm will need a sufficient net of Wi-Fi coverage so that your attorneys have strong, reliable access anywhere in the office. After all, mobility is the name of the game.

Different firms will have unique needs, so make sure to thoroughly investigate your firm’s capacity and coverage. I will address how best to evaluate the options for internet service and access in a later post.

2) Designate someone WITHIN your firm to be in charge of BYOD policy.

There are times when the best move that a law firm can make is to hire consultants, such as IT personnel, to handle tech issues and allow the lawyers to focus on the law. This is NOT one of those times. Designate an internal BYOD manager to implement and enforce your BYOD strategy.

Although your BYOD manager will need knowledge about the devices and connectivity that your IT people can provide, the BYOD manager must review and enforce policies within your firm, a task your IT personnel are ill-suited for. Also, you IT people simply have too much other stuff to worry about. Handling issues with portable devices consists of only a small percentage of your IT personnel’s job.

3) Determine the extent of your firm’s BYOD and implement a detailed BYOD adoption strategy.

According to Cisco Systems, every company should have a BYOD policy in place. Although there are likely infinite variations, BYOD policies take one of four general forms:

  1. Limited: Only specific, corporate-approved devices may be used on the firm’s network. Limited strategies are common on trading floors, manufacturing environments, and classified government networks.
  2. Basic: Allows a broader category of devices, but limits access to internet only. Basic strategies are commonly found in educational environments and basic “guest” networks.
  3. Enhanced: Multiple device types; multiple types of access. Enhanced strategies were favored by businesses that were early BYOD adopters.
  4. Advanced: Any device, regardless of owner. This strategy can be found in retail-on-demand services, as well as many mobile sales services (video conferencing, collaboration, etc.)

The general strategy that your firm adopts will serve as the foundation for the policies and procedures you establish to keep your system secure, so make sure you know generally what type of BYOD strategy you will employ.

4) Create a set of firm BYOD policies, applicable to all attorneys and staff, that is to be followed at all times.

It is impossible to understate how essential this aspect of your BYOD adoption strategy is. It is also impossible to understate how easy it is to overlook the need for strict, enforced rules regarding the use of employee- or attorney-owned devices. If there is any conflict within your firm regarding any of these five steps, this particular step is by FAR the most likely to be the cause, because it is with these policies that you start telling your attorneys and staff that there are restrictions on how they can use their own device.

There are many different things that must be addressed when coming up with a full set of policies and procedures for your firm, so many that I will actually be addressing them more fully in a separate article. The crucial element, though, is enforcement. The policies must be followed, such that no one is above the law.

The success of your BYOD strategy, regarding both data security and increased firm profitability, hinges on strict, equal, uniform enforcement.

5) Remain vigilant!

It can be easy to love and hate technology, because what’s true today may not be true tomorrow. As attorneys, we are required to keep abreast of changes in the laws that impact our practice areas. The same vigilance is required for your BYOD strategy.

Make sure that your BYOD manager is aware of all applicable federal, state and local laws regarding digital security, as well as all applicable ethics rules and opinions applicable to your practice. It is also essential that your policies are reviewed regularly with your IT personnel or outside consultants who have up-to-the-minute knowledge of the newest technologies and threats.


In the ever-changing realm of technology, it sometimes feels like keeping up is little more than a game of whack-a-mole – once one issue gets solved, a brand new one pops up, with no respite. However, by adopting a BYOD strategy that is adaptable and enforced, you should have no problem providing an environment that is flexible, mobile, secure, and most importantly, profitable.