Bringing your own
The phenomenon of lawyers using their own smart devices to access often-confidential work information is something law firms need to accept and manage, writes Denis O’Shea, CEO of Mobile Mentors.
The Bring-Your-Own-Device (BYOD) phenomenon seems to be unrelenting in the Australian legal sector. According to LexisNexis Pacific, smartphones and tablets are rapidly replacing large volumes of paper and changing the way legal professionals operate, with nearly 50 per cent of Australian lawyers already using mobile devices for legal research.
The BYOD phenomenon exposes Australian legal firms to a number of new risks and challenges, but also opens a raft of business benefits. The pace of employee-owned devices entering the workplace may see many firms unwilling to adapt and put proactive measures in place to regain control.
This article outlines the key considerations to successfully adopt BYOD in the legal sector, with special attention given to mobile policy, security, client confidentiality, liability, cost control, user support, productivity apps and appropriate governance.
Setting the rules
The logical starting point for a successful BYOD program is the mobile policy, which should clearly define user groups, eligibility, appropriate usage, security requirements and outline the firm’s approach to spending. Essentially the mobile policy defines the rules of engagement between the staff member and the firm.
The BYOD provision in the policy allows a user to connect an approved personal smart device to the firm’s network as long as the firm can secure that device and manage it on the company network. It would be inconceivable to have a fleet of laptops or PCs that are unmanaged and unsecured; the same applies to smartphones and tablets. Mobile Device Management (MDM) technology is therefore an essential building block in any BYOD program.
The predominant concern for most legal sector IT departments when it comes to BYOD is the issue of security. They are witnessing a rapid shift from their beloved fleet of centrally-controlled and company-owned BlackBerry devices to Apple and Android products. We can look back at the BlackBerry era with wistful nostalgia, as its simplicity and ease of management was probably not appreciated at the time.
If an employee-owned device is connected to the company’s email, wireless LAN, storage infrastructure and business applications, or contains client information, it is essential that it is secured immediately.
BYOD and the legal profession
According to global legal content and technology provider LexisNexis, the legal profession is no different from many other areas of the professional services industry when it comes to the growing BYOD trend. However, the company believes the associated risks and ramifications for these organisations are far more serious.
"Unsecured tablets represent a clear security and privacy risk for lawyers and their clients. However, while 60 per cent of practitioners use personal tablets for work, just 10 per cent of legal firms have an IT strategy in place to cover tablet usage,” said Tyson Wienker, LexisNexis Pacific director of strategy, technology and business development.
Clients are slowly starting to realise that their information may be stored on devices not owned by the legal firm they have engaged. The difficult questions will come; it is just a matter of time. It is best to be prepared through a strong mobile policy with MDM in place to secure company and personally-owned devices.
Smart devices are often purchased by employees and brought to work with reasonable expectations that the IT service desk is willing and able to assist with configuration, connectivity and support. However, the variety of hardware models on different operating systems with different versions is creating an exponential increase in the number of combinations for configuration and connectivity.
Employee-owned devices are generally treated with more care than company-owned devices but problems still occur, especially with devices that have extra-large glass screens.
Breaks, spills, loss and theft occur every day and can seriously affect the user’s productivity if they need to locate a repair agent, find proof of purchase, argue about warranty terms and configure a loan unit during the repair process.
It is in the company’s interest to hold some buffer stock and provide a short-term loan unit to the affected employee in order to remain productive during business hours. The employee can resolve the repair and warranty of their personal device during personal time.
"Many law firms’ IT departments are finding themselves increasingly challenged by the need to provide on-the-go support across a range of operating systems and devices, which is why developing a comprehensive mobile device management plan is becoming essential for firms," said Wienker.
Another scenario of concern is where the mobile connection is owned by the employee rather than the company and a portion of the costs are claimed as expenses. On the surface, a BYO connection appears to transfer all the costs to the employee - but beware of the hidden costs to the firm.
Firstly, each employee has purchased an individual plan as a consumer and is paying consumer rates rather than corporate rates. This can mean the price paid for every minute, message and megabyte is significantly higher (often double) than the price paid for a negotiated corporate plan.
Secondly, the lack of a corporate plan means that there is no free calling between employees with individual plans, no integration between mobile and landline services and no option to share data buckets, all resulting in an increased and inefficient communications spend.
Thirdly, the increased time involved with reconciling bills and expense claims is significant for both the firm and user.
Taken together, these hidden costs can mean the company is financially worse off with BYO connections than having a corporate plan which has competitive rates, free calling between employees and integration with landline services.
In addition to the hidden costs, there is an intellectual property (IP) risk associated with employee plans and number ownership. When an employee leaves and keeps their mobile number, there is a risk that clients may follow the individual. Therefore we recommend that the firm pays for and owns the connection and simply recoups excessive personal usage from the user.
Bill splitting is the ideal solution to recover a portion of the mobile bill related to personal usage, but the process must be automated with workflows.
Mobile Mentor recommends a process called ‘Personal Spend Management’, where the mobile bill is extracted directly from the mobile network billing system and each user’s bill is split according to a set of pre-defined rules and criteria. An automated workflow sends each user an email with their bill summary highlighting the usage that is deemed to be personal for them (out of hours, premium services, international calls).
A summary report also goes to finance and unless an objection is raised by the user the personal usage amount is deducted from payroll. No paper invoices, no manual coding, no awkward discussions and no approvals required.
The HR angle
For many progressive companies, technology is becoming part of the company’s image and employment brand and this is forcing a decision around BYOD. The key question is: “Are we going to resist the BYOD trend and insist on company-provided devices or will we embrace the shift and allow staff to use their preferred technology?”
HR must absolutely participate in the process of developing or updating the mobile policy and determine whether mobiles are simply a tool for communication or if mobile becomes a platform for empowering staff and engaging with clients.
A balanced policy is one that represents the interests of IT, finance, HR and the employee. However, this policy is more than a document on the intranet that people can easily forget about; it needs to be put into practice, accepted by each employee when enrolling a new device and updated regularly.
More importantly, it should be actively managed and have a feedback loop to the stakeholders, reporting on exceptions and security breaches.
The tools and expertise are now available to manage the mobile environment holistically, assess policy compliance, safeguard against security breaches, measuring total cost of ownership and employee productivity assessment.
BYOD can turn the traditional innovation model upside down. Rather than IT selecting and deploying applications top-down, BYOD empowers employees to identify the latest mobile innovations and apps that improve personal productivity. This is where the consumerisation of IT really pays dividends.
BYOD also provides the ability to offer flexible working conditions to parents working part-time, staff in remote locations and part-time contractors. Flexibility is one way to attract and retain skilled staff in tough economic times and BYOD is perceived by talented staff as an attractive benefit.
Clearly there are a number of significant issues to address with BYOD, but for most law firms it is worth the effort and the benefits can be great in terms of better employee engagement.
However, BYOD must be treated as an important business strategy that involves IT, finance and HR and needs to be actively managed from end-to-end by the law firm that adopts it.
Denis O’Shea is the CEO of Mobile Mentor. He has 20 years’ experience in the mobile industry and spent 15 years at Nokia prior to starting Mobile Mentor in 2004. Mobile Mentor accelerates the mobile journey for legal. It unlocks the potential of mobile for legal firms by using mobile as a channel to engage with external customers.