The quarterly publication of the International Legal Technology Association
Issue link: http://www.mygazines.com/i/27607
BEST PRACTICES H Smartphone Security 101 ere’s a sobering statistic: In one six-month period in Chicago, over twenty thousand smartphones were left in taxis. That’s a heart-stopping thought for any network security engineer. New threats that employ Bluetooth and mobile malware are casting other shadows over the portable landscape. The amount of computational power in smartphones, combined with their inherent portability, makes them a very dangerous — and likely — source of data loss. For a law firm with confidential client information, that’s a potentially disastrous mix. LOST OR STOLEN DEVICES Law firms can instruct users to employ several basic, yet powerful, measures to protect against unauthorized access to their smartphones if they are lost or stolen. Authentication can prevent unintended access to the device. Smartphones should be configured to challenge the “If attorneys insist on using their own devices of choice, remote wiping might not be an option.” user with a passcode in order to gain access, and destroy data if too many unsuccessful login attempts occur. Remote wiping, or data removal, can also help law firms protect confidential data. A firm running Research In Motion (RIM) devices can leverage BlackBerry Enterprise Server (BES) to destroy data through commands sent from an administrator. Solo and small law firm practitioners can protect their iPhone information with Apple’s MobileMe. System administrators, especially at large firms, run into complexity when running a heterogeneous mobile environment; if attorneys insist on using their own devices of choice, remote wiping might not be an option. 14 www.iltanet.org Peer to Peer Firms seeking to protect mobile data access can also leverage Web-based applications. Modern smartphones can render Web pages with full functionality, enabling the use of software as a service (SaaS) and Cloud-based services. If a smartphone is lost and the firm is using Web- based CRMs, practice management systems, or time and billing applications, all a user needs to do is change the password to the Web application, eliminating the possibility of unauthorized access to data. CONNECTIVITY CHALLENGES One of the challenges with mobile computing is that devices can be on a carrier’s system or on a public Wi-Fi spot, which may host dozens (if not hundreds) of other machines. These other machines have the ability to snoop and gain access to information traveling on the network. When on a public Wi-Fi network, it’s critical that all confidential information is handled over an encrypted channel. Users need to be aware that, unless their mobile device connects via VPN or 128-bit SSL, anyone sipping a latte at Starbucks can see what they’re sending. Unless you know for certain that your Web application is connecting over an encrypted channel, avoid dealing with sensitive data on a public Wi-Fi connection. Malicious actors can also leverage Bluetooth connectivity to spread mobile viruses or access and modify data. Smartphone users often fail to toggle their Bluetooth settings — in part, because of the hands-free functionality it provides. However, it’s worth taking the extra step of disabling Bluetooth when out of your car, home or office, especially if you’re in a public space with many people in close proximity. The bad news is yes, there are risks to using these amazing gadgets. But the good news is that, by utilizing a few simple locks on the doorway to your data, you can go a long way toward safeguarding your sensitive information. ILTA Larry Port is the founding partner of Rocket Matter, a provider of online legal practice management software, and he’s the editor of the Legal Productivity blog. Larry has written extensively for legal publications, including Law Technology News, Legal Management, Law Practice Today and ILTA’s Peer to Peer. He can be reached at larry@rocketmatter.com.