Sprout IT: Mobile and phone security for legal – What are the greatest threats?
Solicitors and lawyers often spend a great deal of their time out of the office; in court, at clients’ premises, and so on. That means you’re often away from your desk and instead carry out important phone calls and conduct important email conversations from your mobile device on the go.
Cloud solutions also mean your employees can access company files wherever they may be in the world; making mobile working easier than ever.
While modern technology has revolutionised communications for the legal sector, this also comes with an increased threat to your firm’s and your clients’ sensitive information.
Here’s what you need to consider when it comes to your law firm’s mobile and phone security.
BYOD - Bring Your Own Device
The Bring Your Own Device trend is incredibly popular across a wide range of industries. Allowing for flexible working without any capital expenditure, businesses often allow employees to use their own smart phones, tablets, and laptops for work purposes.
Many law firms and legal organisations that have adopted a BYOD policy have found staff morale and productivity increase, while promoting their company’s flexible and modern approach to working.
However, the blend of business and personal can often mean sensitive legal information is placed at higher risk of breach or loss.
The following points in this article can apply to any company phones you may issue to your lawyers and barristers – but are particularly high risk for mixed work/personal devices.
Data leaks from apps
Mobile apps are one of the most common causes for unintentional data leakage.
Dave Jevans, CEO and CTO of Marble Security, says that law firms face a far greater threat from the popular apps on their employees’ phones than from mobile malware.
"Enterprise users casually give these riskware apps sweeping permissions, not realising that their personal and corporate data may be sent to remote servers and advertising networks all over the world, where it can be mined by cybercriminals and hostile governments seeking access to corporate networks."
He noted that in 2017 alone, 75% of all mobile security breaches came through apps rather than technical cyber-attacks on operating systems.
If you have a BYOD policy and your workers download apps on their devices for personal use (such as games for children or social media), these could potentially put your business data at risk too.
Make sure you have strict policies in place as to the types of apps employees can download on all devices used for business purposes.
Unsecure Wi-Fi connections
Cafes, libraries and airports are often popular locations for the flexible worker. Often providing a replacement desk, a reasonable amount of peace and quiet, and free internet connection, they offer the perfect pit-stop for your lawyers out in the field.
However, something many remote workers do not realise is that the majority of free Wi-Fi networks are actually unsecured. That means that all of the data you move across it (via email, internet searches, etc.) has no encryption or security protection.
Hackers can essentially eavesdrop on your connection to steal information such as log-in credentials, corporate data, images, and more.
Another scam to be aware of is network spoofing. This is where hackers will set up fake access points that look like genuine wi-fi networks in high traffic public places (such as a coffee shop or library). They then name the access point believable names like “Free Airport Wi-Fi” or “Library_Guest” to encourage people to connect.
They can then use these access points to record your session – including typing in log-ins and stealing data. In other cases, the hackers may ask you to create an “account” to access the internet. Since many people use the same email and password for a variety of sites and uses, this allows them to use the information in your account set up to compromise your email, online shopping, and more.
Ensure all of your employees are aware of these scams and, should they need to create a login at any point, that they use unique passwords for each account.
While there are a number of things you can do to increase the cybersecurity of your employees’ mobile devices and phones, one of the greatest security dangers is actually one of the most simple.
A lost or unattended device can be a major risk to your data security – particularly if it does not have a strong password or PIN, or any data encryption in place.
According to the Ponemon Institute, 35% of professionals stated their work devices had no measures in place to secure corporate data. On top of this, more than half of those in the survey admitted they had no password or PIN guarding their devices.
Misplacing a phone or leaving a laptop open means anyone simply passing by could steal vital information about you or your clients. This is where having strict policies in place regarding things like password protection could protect your company from data loss or breach.