A number of recent articles circulating the legal industry highlight the decision of several large firms to block personal, web-based email from their networks.
- Which Biglaw Firm Has Blocked Personal Email?
- An Open Letter to Kathryn Rubino
- 3 More BigLaw Firms Limit Personal Email Access
This decision from large firms has left many small to mid-sized firms wondering, “should we block personal email too?” While both sides of this discussion could be debated for a long time, here’s the bottom line from my perspective:
- Risks to the firm from malware attacks are real and should be taken seriously. While you may not feel that you represent a ‘target’, most every firm is and if you don’t take steps to limit your risk – you’ll most certainly pay the price at some point.
- This policy doesn’t prevent people from having personal email at work, rather, it prevents people from using other – uncontrolled – email systems at work.
- Phishing emails generate two-thirds of the malware attacks today and those personal accounts do not have the spam, antivirus and malware filters that you have in place at the office. Personal accounts represent a real end-around to the security measures you have in place at the office.
- It also represents a confidentiality risk. Even if only by accident, you are creating a way for confidential information to be sent via unsecured, public means.
- Any inconvenience to end users is far outweighed by prudent security and safety measures that benefit the overall firm.
There is definitely an argument for simply training users on what emails represent the highest risk. From my perspective however, the employee satisfaction upside does not outweigh the downside risks of exposed client data, malware attacks and ransom-ware.