So, apparently we’re back on the “we must block access to personal email accounts” bandwagon at large law firms.
At least they aren’t claiming it’s to keep people productive, that argument went out the window the day the first iPhone showed up at the office, and we no longer needed the company’s internet connection to communicate with the outside world, despite the claims made in the post above about people being unable to make after work plans. (Really? It’s 2015, who can’t use their own mobile device for these things, from anywhere?)
Nope, this time it is becoming the popular thing to do at the request of clients, who are increasingly demanding that law firms do a better job of keeping their data secure!
OK. There’s some sense to that. If you don’t co-mingle the firm’s data with someone using GMail, you do lessen the risk of them using GMail to email some stuff out that you have no record of. The unspoken question here, of course, is that they can still send the data out of your network with their work email account. Sure, you have a record of it, and proof to terminate or even press charges with, but the data is gone at that point regardless.
On the other hand, of all the risks that exist when it comes to data security, this is a pretty small potato. People who are truly trying to get a law firms data out of it’s network still have plenty of avenues to do it, and as law firms employ an ever increasing number of mobile technologies, and people working from remote locations, they will find ways to do it regardless of the security posture of the firm.
“What do you mean I have to use the firms laptop with this weird VPN connection to read these contracts? Just print them for me and I’ll throw them in the car. Or, better yet, email them to me and I’ll read them on my phone, which I will, in turn, accidentally leave behind at the bar and not report it until I’m back in the office a week later!”
See, there are still plenty of ways to lose track of important data, and we haven’t even discussed people hacking into the network and just taking it. Just saying.
So yeah, it’s throwing a simple tech solution at what is, in essence, a human problem. Is it so hard to simply have a policy that if the firm’s data winds up in your personal emails, you are fired, no exceptions? But I get it, this looks good to clients who need to see some security from their law firms without really being too painful, or require much of the hard work of network security, so why not?
Of course, if you’re a client and data security is this important to you, you could also simply stop sharing your data with law firms. Make them come to you and host it all yourself. Yeah it’s complicated, but then you control all the security.