Guest Blog: MOD warning for law firms
On the 9th of September I was reading the Sunday Mirror and saw the headline “MOD ‘Loses’ 60 Laptops” followed by “Security fears on military secrets” and “Losing stuff is serious. We’re in an information war with Russia”. I thought that I had better check if it was real or not and on checking other media the loss of those laptops and USB devices could be much greater.
It instantly reminded me of lawyers getting very serious fines for leaving laptops on trains with client data on them and with all the rules and regulations these days which are getting tighter around data security you cannot afford the publicity let alone the fines.
I was speaking with Steve Pritchard the MD of telephony/communications company and MLS Advantage Group member, Matrix247 and he instantly said that the volume of laptops going missing compared to mobile phones is nothing and he took me back to my article a few months ago when we discussed mobile device management – something that should be on every mobile device for security and the separation of business and personal data.
Would you believe that c48,000 phones were handed in to lost property just in London last year. I am sure none of them were from your teams but imagine the national figure (200,000??). Look at your business and potential client data at risk.
MDM, Steve tells me, enables a phone to be located remotely, the data locked and then wiped in about 30 seconds. The other amazing thing that is hard to believe is that when businesses acquire new phones they do not wipe the hard drives on the phone – going back to “factory settings” doesn’t achieve that – so the staff get phones that they can give to their children, which is probably the safest thing dependent on their age and technical know-how, as many are sold via social media and the data is still on them (it is the same with laptops). Hard drives have to be wiped and if done by the right people an indemnity certificate can be provided.
This whole scenario is surmountable as is the situation with lawyers leaving their PCs on for the cleaners to visit. Control is achieved by the use of thin client technology (Citrix) which should be standard for the hosted IT environment as supplied to law firms by another MLS Advantage Group member, Nasstar. Because of the secure elements of the world-wide-web there is no need for data to actually be on the laptop or a USB as it resides on the secure server in the database with all the necessary controls.
There obviously has to be compromises when data needs to be on a device and even this is manageable. Nasstar also has multiple law firms that still save information locally to be able to work off line when on trains.
To be successful this has to be done in a controlled manner to avoid the MOD type scenario. In a hosted environment your data is backed up, the operating system is fully managed and the security systems are ever evolving. The same cannot be said for a user’s laptop. That is unless the laptop is also fully managed by the provider. This means enrolling into mobile device management software (similar to phones) and using remote management software to keep patches and AV up to date whilst enforcing security policies and encrypting data at rest. Nasstar now provides a fully managed operating system on a local device enabling such secure working to be possible, even when working off line outside of the hosted environment.
Without this protection you may as well be carrying around a heavy printed case file like in the old days, which can be easily read by anyone that comes into contact with it – because without all of that security on your laptop, it is as readable as a piece of paper used to be.