The modern smart phone, and to a lesser extent, the tablet have become indispensable tools in the management of legal firms in the 21t century.
Such power, mobility and convenience unfortunately comes with security vulnerabilities that can be highly detrimental for a lawyer if not mitigated.
In our experience consulting with the administrative staff of many Canadian legal firms, we often find that lawyers are neglecting a number of security practices that should become part of your professional life. That's why we've arranged a list of 7 common areas where smartphones can cause huge problems. We've also listed some remedies to these issues.
(1) The device can be lost or stolen, (unauthorized access)
One of the best ways to remedy the awful circumstance of losing your phone is to plan in advance for such a predicament. Unfortunately, most professionals do not think about this until it’s too late.
Password locking isn’t that effective, but it’s better than nothing because it can slow down a random theft. Even a crackable password can provide at least a little bit of security. Most modern phones have fingerprint access options, but fingerprint theft is possible and you do have your fingerprint for life.
Security experts have been warning people for a long time about the unintended consequences of publishing photographs of oneself on the web wherein the fingerprints are exposed under closer scrutiny. As a result, the peace sign has become a method of identity theft among savvy and unscrupulous thieves on the web. Before choosing a pin or a password, it also might be a good idea to research what to avoid.
(2) Messages and files can be intercepted when in transit
Have you ever heard of packet sniffing? Many people involved in the world of intelligence gathering and digital criminality are utilizing tools (such as Wireshark) available on the web to monitor traffic that passes over a network. Sniffers are able to capture packets sent by your device as it is transmitted over the network. Through this, people are able to analyze information being sent to and from your device in order to extract information about the data you are processing on a regular basis.
One of the greatest ways to avoid this is to cease using public WiFi for business purposes while in coffee shops and public places. It’s a hazard and not worth the free access for a professional who handles sensitive and private information from time to time.
(3) The user can unwittingly download malicious software
In the early 2000s many netizens became aware of the pitfalls of clicking, even accidentally, on popup advertisements, links to strange websites or fictitious or phony emails geared to take over a user’s device. While these risks are still present today, operating systems are getting increasingly more effective at stopping the risk of virus takeovers through regular updates.
When it comes to smart phones, one of the biggest risks for theft of personal information is as a result of your own consent to the theft occurring in the first place.
Think about that for a moment. Do you agree or disagree to the terms? Did you even read it? Does it matter if you did?
Think closely how many times you've downloaded “free and handy” applications for smart phones which require you to agree to allow it to access everything on your device, even if it isn't necessary.
(4) Insecure modifications
Many users of smart phones might be inclined to “jailbreak” or “root” their device in order to get tools not usually offered by run-of-the-mill applications through a phone’s operating system.
Sometimes these kinds of modifications are highly desirable, but they pose a security risk because they’re bypassing application vetting processes established by manufacturers by disabling security notifications. If possible, it’s best to avoid rooting or jailbreaking your device unless you’re absolutely certain it is necessary for what you need to do
(5) Dodgy WiFi networks
We discourage the use of public networks whenever possible. But you should be on the lookout for suspicious WiFi networks that have similar naming conventions to networks you might be familiar with seeing, particularly if you live in an urban area such as a condominium.
It is possible for people to create similar looking access points geared to steal your identity once you’ve accessed the network unwittingly. It is important to avoid this circumstance by being very careful about how your device accesses the web.
(6) Bluetooth usage
While Bluetooth can be an immensely effective tool to tie your device to other pieces of technology, it can be dangerous if you allow your phone to be discovered by other nearby Bluetooth enabled devices. Attackers are capable of installing malware through that connection or turn on the device microphone or camera and send the resultant data to a third party.
Many users of telephones, because of the nature of their occupation, don’t really have to worry about this kind of thing. But think again about what it is a lawyer does, and what kind of privilege and responsibility is bestowed upon their profession when interacting with clients.
(7) Mixing business and work on the same device
This is an often overlooked circumstance for a lot of people who do not see the logic or reasoning behind having two devices or two emails.
If you’re paying attention at all to past American political coverage you might be aware that this situation caused a lot of trouble for Hillary Clinton during her run for President. While you might not be a Presidential hopeful, it might be a good idea to seperate your home and work for a number of reasons.
Bottom line, it’s a good idea to take a step back and assess how your firm deals with its mobile device policy. If you don’t have one, wise practitioners could benefit from mulling over this list for best practices.
If you do decide to reform or create a mobile device policy, pay attention to the following criteria:
(i) who gets a phone
(ii) which devices are supported
(iii) how are costs to be covered (i.e. consumption limits)
(iv) acceptable use (no text while driving, acceptable sources of apps,...)
(v) password and data backup rules
(vi) pre register before connection to company network
(vii) encryption of business data
If you’re looking for a security-minded service bent on providing accounting and practice management accessible from the web on all devices for your practice, we suggest trying out a free trial of uLawPractice’s software by clicking the link below.
We also provide continuous advice on how to improve your legal practice.