A Mobile Security Checklist for Attorneys

I recently had the honor of writing a piece for ILTA’s Peer to Peer magazine on mobile security and presenting a webinar on the same topic. One piece of research blew me away: in a six-month period in Chicago, over 20 THOUSAND (yes – THOUSAND) cell phones were left in taxis.

Sure, maybe Chicago’s taxi seats are stickier than most, and perhaps the cold forces people into taxis more than in, say, Boca Raton, FL. The point is, you’re apt to lose a phone. And these days, with large amounts of data storage, functionality, and computational power on these things, that spells trouble for attorneys protecting client data.

So based on research gathered in the production of my article and webinar, the following items will help you keep your smartphone data safe:

1) Remote Wiping: Consider having the ability to destroy data from a distance. Larger law firms can employ solutions like Blackberry Enterprise Server or Good For Enterprise. If you have an iPhone, a simple MobileMe plan can do the trick.

2) Use Password Lock: You have no excuse not to set your phone to lock automatically after 15 minutes of idle activity. This tech is adopted by all small smartphone makers in one form or another. Use a code to unlock the phone and set the phone to destroy data if the wrong passcode is entered 10 times.

3) Use Web Applications for Sensitive Data: Instead of cradle-synching apps where data is saved both on the desktop and the mobile, consider using web apps that deliver information wirelessly. You’ll find it easier to stay in synch, but more importantly, a simple logout will keep the information from falling into the wrong hands.

4) Know Wifi Rules: Make sure if you’re connecting to a public WiFi spot at Starbucks, Panera, or the courthouse that any sensitive data is viewed over 128-bit encryption. A web app can do this if you notice the browser connecting over the “https” protocol.

5) Don’t Over-App: Some apps, such as Dropbox, enable you to work with data stored on another computer. These apps are potential security holes, since a malicious party would be able to gain access to this data via your mobile. Make sure you’re aware of the apps you download and what they give exposure to.

Also, if you’re in the wild west of the Google App Android marketplace, only download apps you know can be trusted, since there’s no verification that those apps are not malicious.

6) Standardize: Get everyone on the same page. Make sure everyone in your organization is aware of mobile security risks and adheres to the same policies. Remember that a chain is only as strong as its weakest link.