Security, BYOD and Lawyers

February 25, 2013

A new report, following research carried out in December 2012 by Research Now, with ‘IT decision makers from more than 200 UK legal businesses’ shows what Sony VAIO call a ticking data security time bomb created by bring your own device (BYOD) practices, poor security habits and a ‘rebel workforce’. Findings also show that 21% of legal businesses had a laptop lost or stolen in the last 12 months, yet the majority (63%) of respondents reported not having anti-theft security features on their laptops as standard.

The report states that legal IT directors are wrestling with a blurring of personal and professional technology. Not only did 49% of legal industry laptop users report using their own machine for work purposes – higher than the UK average – but 59% of legal professionals also believed they would be working from home or remotely more often in future, more than any other sector. There are additional complex legal issues around compliance – and by implication risk management and its increasing influence on what is required of legal businesses IT systems.

Ruth Storey, VAIO Product Marketing Manager, Sony UK commented:

‘Today’s legal professional is increasingly mobile and needs access to data out of normal working hours. The good news is that little changes to their habits could have a big impact on data security. There are security solutions available as standard on laptops right now which require only simple activation. Features like fingerprint security access, remote lock down and location tracking are available on many models right out of the box. We appreciate the legal industry is in a state of constant flux, due to structural changes to the market, rapidly evolving working practices and the take-up of new mobile technology, but there’s no reason to miss out on the cost and productivity benefits of BYOD. The legal industry should take advantage of this ready-and-waiting safety net, which can be easily implemented regardless of IT infrastructure.’

Some obvious bullet points from the report are:


·        majority (84%) of legal professionals have accessed company data from a personal device, regardless of corporate policy

·        49% of legal industry laptop users are using their personal machine for work purposes

·        43% of legal industry businesses still spending less than £1,000 per year on security measures for laptops and data saved on them

·        63% of legal laptops don’t feature anti-theft security as standard.

The report refers to a ‘ticking data time bomb’ and states that data security was ranked as ‘very important’ by 88% of legal professionals, and loss of confidential company data was identified as the number one concern when it comes to lost and stolen laptops. Worryingly however, 84% of people admitted accessing company data from a personal device, regardless of corporate policy. Two thirds (66%) of legal professionals surveyed admitted saving confidential business data, and 56% specifically admitted saving confidential client information on their laptop.

Further compounding this problem is that, when it comes to laptops, the UK is still a nation of workaholics. Findings revealed that the majority (55%) of legal staff take their work laptop home with them every day, with the train being the number one hotspot for laptop loss and theft, peoples’ homes in second place and cafés third. In spite of this, the legal industry is not investing much in securing its data – 43% of businesses are spending less than £1,000 per year on laptop security and 63% of legal laptops do not have anti-theft security as standard. Given the ever increasing memory and storage of modern laptops, it is becoming easier and easier for people to carry huge amounts of sensitive legal data around with them.

The report also covers what it calls, to some amusement from this Editor, ‘the UK’s rebel workers’ in the legal profession. It states that, whilst BYOD policy is continually evolving, it seems the modern legal professional might not pay much attention anyway. 77% of people have accessed company data from a personal device by logging in to their work e-mail account – particularly worrying as critical information is most at risk when distributed via e-mail or web sites, as these can be forwarded or printed. 41% of people would also quite happily bypass company policy and bring in their own device if frustrated by the device with which they were provided. For those that wouldn’t bring in a personal device, the number one reason is the desire to keep their work and personal devices separate, followed by not feeling as if they should have to, rather than their concern for data security.

Despite so many laptops being lost or stolen ‘in transit’, the research revealed users are failing to take advantage of readily available tools. Only 61% of people surveyed had remote back-up software, allowing them to recover all their data if needed, whilst 55% had some form of data encryption that can render any file unreadable. However, when it comes to adoption of more mobile security measures, such as remote lockdown (31%) and location tracking (22%) they’re just not being used.

What the legal industry looks for in a business laptop is also a clear reflection of the increasingly mobile approach to work. Users ranked long battery life, light weight and rapid boot-up as the top three features they look for in a laptop, with a good range of connectivity options in fourth place. If businesses want staff to follow BYOD policy, it would make sense to consider these preferences. 

Ruth Storey, VAIO Product Marketing Manager, Sony UK comments:

‘Given the ever decreasing cost of storage and ever increasing memory of modern laptops, it is becoming easier and easier for people to carry huge amounts of sensitive legal data around with them. Firms spend a small fortune securing offices and networks, but mobile and remote device security needs to be just as much of a priority. Making sure that currently available features are installed and activated as standard would go a long way towards defusing the potential time bomb that the UK legal industry’s missing laptops represent.’