As lawyers deserted their offices to avoid COVID-19 spread, many small and midsize firms didn’t implement a BYOD policy for their new remote workforce. That could be a disaster for data security.