Published in New Hampshire Bar News (7/21/2021)
Practicing law today requires the use of mobile devices, like cellphones, tablets, and laptops. Yet, because of their mobility and value, there is an increased risk that these devices will be lost or stolen. Mobile device management (MDM) is the solution to mitigating that risk, and also provides law firms with other technological advantages.
Segregate Law Firm Data
MDM is a type of application installed on a mobile device. Once installed, the firm can configure the MDM to contain certain other applications and data. Simple MDMs house the email accounts that the firm issues to its employees. Those types of MDMs are commonly available within existing email platforms, including Microsoft Office 365 and Google.
More advanced MDMs facilitate containerization of not just email, but also data accessed or saved using other applications, such as electronic records retention systems and time entry and expense reimbursement applications (to name just a few). Additionally, unlike simple MDMs, more advanced MDMs can be installed on laptops as well as cellphones and tablets. Such advanced MDMs are available from certain email platforms, such as Microsoft Office 365’s Intune MDM, as well as from many established third party developers.
Implementing a MDM enables the firm to segregate its client, business, and other information on mobile devices used by employees from the personal and other information that employees retain on those devices. The application also encrypts the firm’s information within the MDM container on mobile devices.
Lost and Stolen Devices Result in Breach
Mobile devices contain a plethora of valuable sensitive information about us and our clients and firms. Lawyers commonly receive and retain that information in the form of email, attachments to email, data accessed on the Internet, information communicated in apps, and records accessed and saved on laptops. Today’s mobile devices have sizeable memory, retaining information long after it has been deleted and is inaccessible or unapparent to the user.
The loss or theft of a lawyer’s unencrypted mobile device results in a breach. State law requires us to notify affected individuals and regulators if the lost or stolen device contained personally identifiable information, such as a social security numbers, financial account numbers, governmental identification numbers, and passwords. Additionally, legal ethics are broader than state law, requiring lawyers to notify clients if the lost or stolen device contained information about clients. Implementing a MDM encrypts client and firm information on mobile devices, so that a lost or stolen device does not result in a breach.
MDMs Provide Other Advantages
In addition to preventing breach, MDM’s afford other advantages for firms to manage information on mobile devices. For example, MDMs can remotely de-credential the mobile device of a departing employee, preventing the employee from accessing, using, and disclosing any client or firm information in the MDM after the employee departures. Firms also can control and backup data within MDMs, preventing loss of work product due to device failures. MDMs similarly permit firms to properly log employee access and activity with respect to client and firm information, and to locate lost or stolen mobile devices.
Additionally, lawyers and law firms are ethically required to adopt reasonable security measures to prevent the loss and theft of client information. The features of MDMs are critical for firms to implement such safeguards with respect to mobile devices.
Lawyers rely heavily on cellphones, tablets, and laptops to sustain our practices. Given the importance of these devices and the sensitivity of the information that exists on them, we need to properly secure them through the use of MDM technology.