Is Your Law Firm Protected From BYOD Vulnerabilities?

Almost half of UK businesses are failing to properly safeguard the use of personal devices that employees use at work.

According to a recent survey of 150 IT security professionals, by cyber security provider Bitglass, 74% of UK businesses allow their employees to use their devices at work. However, 47% do not know if a policy safeguarding the firm from a data breach caused by a personal device exists, or there is no such policy in operation within the firm.

As remote working begins to gather pace and more law firms blur the lines between the legal office and the outside world, Bring Your Own Device (BYOD) has grown in popularity. Whilst they may allow employees flexibility in their working patterns, failing to consider the cyber security vulnerabilities could be a costly mistake.

Devices that are not regularly updated could have vulnerabilities that are easily exploited by a cyber criminal. Even though the majority of law firms will regularly update their internal software, infrastructure and malware protections, the same cannot be said for devices used by employees.

Around a third (31%) of recipients viewed BYODs as the most dangerous and overlooked area for data leaks in a UK organisation with only 16% looking at the use of BYODs as a top priority for cyber defence in the year ahead.

According to the Cyber Security Breaches Survey 2019, conducted by the Department for Digital, Culture, Media and Sport (DDCMS), 70% of businesses in the UK already restrict access to company owned devices in a bid to reduce the threat posed by employee owned devices. Furthermore, 69% have set security controls of these devices.

Whilst this may be admirable, at least a third of businesses remain vulnerable to attack through employee devices that may lack robust cyber security controls.

Steve Armstrong, Regional Director at Bitglass, commented:

“In order to securely reap the benefits of BYOD, organizations need advanced tools such as user and entity behavior analytics (UEBA) and data loss prevention (DLP).

“Additionally, they must be able to selectively wipe corporate data from personal devices without affecting the personal data therein. However, for deployments to be successful, these capabilities need to be implemented through an agentless solution that won’t hinder user privacy or device functionality.”

Does your law firm have a clear protocol or policy to ensure personal devices are safe to use?

Rate this article: