Personal email accounts introduce possible threats to firm computers. A careless employee could open a trojan horse attachment and unleash a virus on the system. Even if the attack only infects the local drive, confidential information may be at risk.
This puts firms in a bind. Either invest time and energy teaching basic Internet skills to their employees — lessons like, “don’t open attachments from unknown email addresses” — that most of us learned when we still had Prodigy emails, or condescendingly cut off access to a modern necessity because the employees are too hopeless to understand the rules.
Yesterday, a major law firm chose the latter route…
King & Spalding dropped this nugget on their employees yesterday:
The firm’s internal security experts, as well as our outside security experts, have advised us that accessing Personal Email Accounts from firm computers creates a significant security risk. Therefore, effective May 1, 2013, access to Personal Email Accounts (i.e., anything other than your kslaw.com email, including, but not limited, to personal email accounts like Gmail, Yahoo, Hotmail, cable company, etc.) from King & Spalding computers will no longer be permitted.
Most personal email sites will be blocked while you are on the firm’s network. However, you should not access Personal Email Accounts from a firm computer, even if you are not automatically blocked when trying to do so.
Yes, this policy was announced yesterday at approximately 4 p.m. Eastern time. So while the whole country was conversing over personal email (and its companion chat systems) about the latest news updates surrounding a national tragedy, King & Spalding was announcing that it would be cutting off this access. Perhaps less than savvy timing. Someone in a position of authority may have wanted to hold off for a week or so.
Employees can continue to check email on their phones not connected to the main network (a new “ksmobile” network has been set up for this purpose). This means all their employees will now spend an order of magnitude longer every day cruising their inboxes on 3.5-inch screens and typing detailed responses with their touchpads. EFFICIENCY!
King & Spalding isn’t wrong to recognize that third-party email services constitute a threat to the firm network. But the actual threat is entirely between the keyboard and the chair if you will. Gmail isn’t threatening the network, Donny Dips**t clicking on a link sent by a Nigerian Prince is threatening the firm network. In the estimation of King & Spalding, its firm email system can better guard against phishing and thus minimize the opportunity of its employees to expose the firm to harm. However, Internet users are getting smarter every year, and with the decline in these “user errors,” the whole phenomenon of phishing is in decline.
So after years of exposing the firm’s computers to risk, King & Spalding has opted now, while the risk is in decline, to take the drastic step of blocking personal email accounts. Perhaps this explains why King & Spalding didn’t survive the first round of the “Which Firm Has The Brightest Future?” bracket.
(We reached out to King & Spalding for comment, but received no response by the time of publication. We will update if we receive a response. You can read the full memo on the next page.)