Law Firm Security In The Age Of Technology–Human Error & Some Things That Never Change…

Security is on the minds of Americans these days. And, it seems, at least one law firm has developed paranoia.

King & Spalding announced to its employees this week that private e-mail will no longer be accessible at work. And, in the event firm network blocking measures are inadequate, employees have been advice not to open personal email accounts from a firm computer, according to a King & Spalding e-mail released by Above The Law Blog.

“The firm’s internal security experts, as well as our outside security experts, have advised us that accessing Personal Email Accounts from firm computers creates a significant security risk,” the widely-circulated e-mail states.

“The firm has installed a wireless network called ‘ksmobile’ in each office. This wireless network is reserved for K&S personnel (not clients or visitors who should be directed to the ksguest network), is a direct route to the Internet, and is appropriately sized to accommodate the many personal devices that are being used by K&S personnel.”

So, although checking personal e-mail on firm computers is prohibited, responsible and irresponsible Internet browsing is permitted on mobile devises, like smartphones. With network firewalls and digital security measures improving day-to-day, some wonder if this announcement isn’t a bit technologically too late.

However, what any number of firewalls, complex passwords, and e-mail prohibitions can’t solve is human idiocy.

Seriously.

“There’s no device known to mankind that will prevent people from being idiots,” Mark Rasch, director of network security and privacy consulting for Falls Church, Virginia-based Computer Sciences Corp. (CSC), said to Bloomberg.

Rasch is responding to an experiment conducted by The U.S. Department of Homeland Security where, in order to determine how easy it was for hackers to manipulate employees or gain access to computer systems, Homeland Security employees secretly dropped computer discs and USB thumb drives in the parking lots of government buildings and private contractors.

Not only did workers pick up those devises, but 60 percent of them plugged in the USB drives and inserted the discs into their office computers. If the devise displayed an official logo, 90 percent of workers installed the drive.

It turns out, curiosity does kill the cat—or, rather, scrambles the cat’s computer screen, steals its social security number, and swipes its confidential data through viruses, clandestine computer programming, and general digital mayhem, describes The Center For Competitive Management (C4CM)’s law blog.

“The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers,” reports Bloomberg.

And, because 92 percent of lawyers agreed that email was the primary function of their smartphone in an ABA Legal Technology Resource Center survey, perhaps King & Spalding’s reaction isn’t as misguided as first believed. Accessing personal e-mails from a smartphone, according to participants, was more important than making a call, which goes to show how frequently lawyers rely on electronic communication, concludes an article about attorney mobile phone use.

Coupled with curiosity, perhaps law firms should consider even more stringent Internet policies.

It’s surprising how many liabilities and issues accompany Internet access in the office. And, smartphones open up an additional can of worms for curious cats.

Write a smartphone policy that addresses:

  • Handing data breeches
  • Use of company phones outside work
  • Wage and hour compliance
  • Text, talk driving issues
  • Text harassment
  • GPS tracking
  • Lost devices
  • Etiquette
  • Employee productivity
  • Photography in and out of the office

If you’re unsure how to draft a policy, including what kind of language and tone to use, take C4CM’s audio conference on crafting a bulletproof workplace policy for smartphones.

In the end, it’s important to write and implement a concrete and clear policy regarding Internet access, e-mail, and mobile phones. It’s important to highlight the security risks and repercussions for both employees and clients.

Make sure your employees know how to safely navigate the world wide web, only then will law firm managers have piece of mind when engaging in legal technology and software.

Remember, the “smart” in smartphone refers to requirements of the user, not the gadget.

-WB

Advertisements

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s