3.5 Baseline for Security – Mobile Equipment for Staff Use | LSC - Legal Services Corporation: America's Partner for Equal Justice

Needed capacities or functions - Mobile Equipment for Staff Use

Establish policies to govern the use of organization-owned mobile equipment (e.g., laptops, phones, tablets, etc.) to ensure security, data integrity, and data storage.
If applicable, organizations should establish policies to govern when employees can bring their own devices ("BYOD") and what they can do with them. Policies should address who may access what services, level of support, remote wipe of organization data, cloud-based backups, and termination/revocation.

Important Considerations and Best Practices

Providing mobile access to work systems and information is inevitable in a modern law office. Fortunately, effective use of mobile equipment provides greater work flexibility and can boost firm productivity.

Regardless of whether a program adopts a BYOD policy or furnishes staff with program-owned mobile devices, a mobile use policy is necessary to protect critical information systems and data. Organizations that have implemented a Bring-Your-Own-Device ("BYOD") policy should consider increased support and security-related costs that come with managing a more diverse range of devices and operating systems.

Mobile policies should, at least, ensure that:

Devices are protected with at least a four-digit numerical PIN or complex password.
An administrator can remotely wipe organization data on any mobile device used for work purposes.
System access and work data stored on the device can be easily removed when an employee leaves the program.