Adapted and excerpted from Locked Down: Information Security for Lawyers (2012) by Sharon D. Nelson, David G. Ries, and John W. Simek, now available from LPM Publishing.
Smartphones and tablets offer great benefits to attorneys and law firms. They also present great risks. It is critical for attorneys to understand and address these risks, particularly in the area of safeguarding client information.
Basic security measures include:
♦ Review and follow the security instructions of the phone manufacturer and carrier. (This important step is often forgotten or ignored.)
♦ Maintain physical control of the phone. (Business Week has reported that 30 million cell phones—out of 285 million—“go missing” every year.)
♦ Set a strong password, passphrase or PIN.
♦ Set automatic logoff after a defined time.
♦ Encrypt confidential data on the phone and any storage card. (This may require third-party software.)
♦ Provide for protection of data in transit.
♦ Disable interfaces that are not being used (Bluetooth, Wi-Fi® etc.).
♦ Enable remote location of a lost device and remote locking and wiping. (May require third-party software or service.)
♦ Enable remote locking or wiping if the password or PIN is entered incorrectly a set number of times. (This, too, may require third-party software or service.)
♦ Consider the use of third-party security applications (antivirus, encryption, remote locating and wiping etc.).
♦ Backup important data.
♦ Do not “jailbreak” or “root” a smartphone.
♦ Be aware of the rise of phishing attacks on smartphones. Because their screens are so small, a URL is often not displayed in full and users are showing a tendency to click without thinking.
Other security measures in smartphone use should include:
♦ Limit confidential data on the phone to what is necessary. Don’t put data on your phone or any mobile device just because you can.
♦ Be careful in selecting and installing applications. This is particularly important with Android from sources other than Google’s Android Market.
♦ Configure web accounts to use secure connections.
♦ Be careful in using unknown and public wireless clouds. Perhaps avoid using them because they can be very dangerous.
♦ Don’t follow suspicious links in e-mails and text messages. Be careful with attachments.
Third-party applications and services are available to add additional protection to smartphones. For example, Lookout provides antivirus protection, privacy protection, backup and remote location, locking and wiping for Androids. There is a free version, with limited functionality, and a premium version. Apple’s FindMyiPhone subscription service provides backup and remote location and wiping for iOS. NitroDesk’s TouchDown provides encryption and security for e-mail on Androids. Security companies, like McAfee, Sophos, Symantec, and Trend Micro, now have mobile security offerings.