The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/588021
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 14 BEST PRACTICES will make this less painful. If there is no separation between the data, the whole device must be wiped. NOTE: If you can't remote wipe the device, restrict access or separate the data, look at solutions that can. You want an application that creates a secured connection only accessible with authentication and that keeps all non- personal data (email, documents, etc.) off the phone. Ensure that any access to corporate data requires a strong passcode (a four-digit PIN is not enough). Accessing the device should require authentication. Address firm data related to device backups. Put in place proper controls so that when devices get backed up onto other personal devices or to the cloud, firm data are not included. An MDM solution can help. Utilize full hard drive encryption, and use a similar standardized process as mentioned in number one. Focus on "process" over "product." People fail, and so do products. Education, standardization and layered controls are the keys to success. ONWARD, MOBILE SOLDIERS! Talk with your employees. Know what's important to them. Find solutions that marry the need for mobility with the increased security risks that come with it. Educate your employees about the responsibility they have to protect what's been entrusted to them in this new, powerfully connected world. This is an integral part of an effective security awareness program. Put in place smart, thoughtful and meaningful processes, procedures and policies to safely take advantage of an increasingly mobile workforce. 5 6 7 8 Suggested Checklist for Your BYOD Policies and Procedures ☑ Conduct risk assessment of data accessible on mobile devices ☑ Include IMMEDIATE reporting of lost or stolen devices ☑ Include BYOD in Acceptable Use Policy ☑ Inform employees that data can be wiped (signature required) ☑ Document process for granting initial access to firm data ☑ Manage process and documentation of who has access ☑ Identify any applications in place regarding device/data management ☑ Have wipe and remote-wipe capabilities ☑ Try to separate personal and firm data on devices ☑ Require passcode to access firm data (forced) ☑ Require passcode to access device (forced) ☑ Address personal device backups (segment firm data) ☑ Utilize full hard drive encryption ☑ Formalize termination steps