Skip to main content

How Law Firms' BYOD Policies are Evolving as Work from Home Continues

Article:  Hudgins, Victoria. “Forgetting Something? Firms' BYOD Policies May Need Updating in Remote Work Era.” Legaltech News. Law.com, November 17, 2020. https://www.law.com/legaltechnews/2020/11/17/law-firms-are-allowing-more-flexibility-byod-policy-adjustments-should-follow/?slreturn=20210031180621

This article details how extended work from home in the Covid era has lead many law firms to reconsider their BYOD policies.  Among the changes brought on by extended work from home are:

  • more people able to work from home instead of just a select few
  • people logging in on their personal networks
  • people logging on computers shared by other users
  • people using remote access full time vs only when traveling between offices
More people logging in remotely creates security issues because the new people logging in remotely may not have been trained in how to use remote access securely.  People logging in from their home networks creates security issues because the home networks are likely less secure than the network at the law firm.  Similar issues happen from people logging in from shared computers.  If the employee's files aren't protected from other users, confidentiality and privilege issues can develop.  Finally, more people using remote access can create capacity issues if the network isn't prepared to absorb more remote traffic.

As an employee at two companies that had to change their remote work policies in the wake of covid, I've seen these change firsthand.  When the outbreak first started in March 2020, I was working at a place that didn't let temporary employees work from home for any reason.  When the higher ups decided to close the office for covid, they decided to let us bring our work laptops home with us and log in from home.  To help improve security, we logged in using a VPN when we accessed files stored on the company network.  Unfortunately, the VPN was not ready for this amount of traffic at first and frequently crashed.  Eventually, they beefed up its capabilities and it stopped crashing.

The second company that I have worked at during covid is in the process of transitioning away from a BYOD policy.  When I started with the company in November 2020, I was issued permissions to a Microsoft Office account and a third party site to work on but told to log in with my computer.  In January 2021, the company decided to convert to a policy where they issued computers to workers to log in on.  

Comments

Post a Comment

Popular posts from this blog

When Hacking is a Form of Statecraft

Article:   Johnson, Kevin. “'Criminal Syndicate with a Flag': North Korean Intel Operatives Charged in Hacking Campaign.” USA Today. Gannett Satellite Information Network, February 17, 2021. https://www.usatoday.com/story/news/politics/2021/02/17/us-charges-north-korean-intel-operatives-global-hacking-campaign/6781478002/. On February 17, 2021, the U.S. government charged three intelligence officials from the government of North Korea for participating in a global hacking campaign to steal $1.2 billion in crypto and regular currency.  According to the article, the investigation started after the 2014 Sony Pictures hack that led to the leaking of the movie The Interview but widened as investigators discovered what was described in the article as "a criminal syndicate with a flag representing the North Korean government."  The investigation also led to charges against a private citizen who was charged with organizing gangs of people using cloned ATM cards to steal mill...
Post a Comment
Read more

What else have we learned from the Solar Winds hack?

 Article:   “US imposes sanctions on Russia over cyber-attacks,” Yahoo! News . [Online]. Available: https://news.yahoo.com/us-poised-sanction-russia-cyber-041015589.html. [Accessed: 18-Apr-2021]. On April 18, 2021, the United States announced sanctions against Russia for its efforts to interfere in the 2020 election and for carrying out the Solar Winds hack.  In the announcement, the USA specifically blamed the Russian intelligence agency SVR for the hack. The sanctions target 32 Russian officials for trying to influence the 2020 election.  Additionally, 10 ambassadors were expelled and barred US financial institutions from doing business with Russian entities. This announcement harkens back to two previous entries of this blog on the Solar Winds Hack and Hacking as Statecraft .
Post a Comment
Read more

How Infrastructure Can Also be a Target for Cyber Terrorists

 Article: Evans, Jack. “Someone Tried to Poison Oldsmar's Water Supply during Hack, Sheriff Says.” Tampa Bay Times. Tampa Bay Times, February 10, 2021. https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/.  Businesses like Equifax aren’t the only entities vulnerable to hackers.  Water treatment plants can be too.  Case in point:  the hacking of the Oldsmar, FL water treatment plant.   On February 6, 2021, employees at the Oldsmar city water treatment plant noticed something strange:  the sodium hydroxide (lye) level had been changed in the computer managing the treatment plant into add 100 times more of the chemical to the water.  Lye is added to the water to control acidity but it is poisonous in higher levels.  Fortunately, the employees were able to change the lye level back to normal levels immediately before any damage was done.  Even if the employee hadn’t noticed...
Post a Comment
Read more