BYOD (Bring Your Own Device) is fairly common in companies nowadays. If a telecommuting employee already has a smartphone and laptop, why should the company buy more equipment? One of the many advantages of cloud-based billing software for lawyers like CosmoLex is that it can be access anywhere from any device, but your practice should have some rules in place when attorneys and support staff access CosmoLex from personal devices.
One of the biggest concerns about BYOD is that personal devices may open a huge hole in a secure network. People tend to be less diligent about security threats at home than at work. CosmoLex legal software with enterprise-grade security is very secure but a simple keylogger could send an employee’s login and password to a third party who now has access to your legal billing system.
A law practice’s BYOD policy should include certain security requirements such as:
- Devices must be password/PIN locked and must relock when left idle for a short time, such as five minutes.
- Devices must contain updated anti-malware applications. The company should prepare a standard list of applications appropriate to various operating systems and devices (e.g. a Windows laptop or an Android smartphone).
- Are workers allowed to save documents such as PDF versions of invoices to personal devices?
Law offices rarely have dedicated IT staff so technical support tends to be haphazard. Even if you have a local tech guru, it should be made clear where this person’s responsibility ends. If a clerk can’t sign into CosmoLex, that would be something the practice tech support could handle. However if an employee’s iPhone won’t turn on, that’s probably something the worker needs to take to the manufacturer or mobile provider.
If an employee is using a personal device, will the practice subsidize its use? Some practices will pay a portion of a smartphone’s voice and data plan. The practice should have a policy on what happens if a device is stolen or broken. Will the company pay for some or all of the replacement cost or, as a personal device, is it up to the employee to replace it?
Finally, any organization should have a zero-tolerance policy towards using devices while driving and this policy should explicitly extend to personal devices being used for work. If an attorney is using the law office management software while driving and gets into an accident, the firm could face a lawsuit.
A small firm might be tempted to forgo equipment costs by relying on BYOD but it is essential that you put a solid device policy in place before doing so.