| Executives January 20, 2021
January 20, 2021
By Hank Schless
I write a lot about how organizations can secure their workers as they start using tablets and smartphones more for work. The truth is, the legal professional has been ahead of that curve for years.
Even before smartphones were introduced over a decade ago, lawyers, paralegals and legal staff were already using cellphones to stay on top of case work. Now, with smartphones and tablets, your law firm’s staff can do everything they used to do in an office from wherever they go.
What you should be aware of is that these mobile devices have also introduced a number of risks to your organization. Not only are these devices frequently used both for work and for personal use, they are also constantly handling sensitive information. And unlike their desktop and laptop counterparts, they are not secured by the perimeter-based security you have set up in your offices.
I think it goes without saying that law firms handle a lot of sensitive information, anything from corporate intellectual property and financial information to a client’s data including personally identifiable information (PII) and personal health information (PHI). Since all of this information is accessible by your firm’s staff via their smartphones and tablets, clients will expect that you have taken steps to limit risk of data theft.
Mobile devices are preferred targets of bad actors because they are easy to compromise if left unsecured. First, people are accustomed to using them wherever they are. This means they are not protected by the security solutions installed in your office space. With cloud productivity suites like Office 365 and Google Workspace, legal staff can access and collaborate on sensitive data on the go. This could put case documentation at risk and cause a violation of attorney-client privilege if any of those docs are leaked.
Also, our work and personal lives collide on our mobile devices, which adds additional risk:
One of the first things any law firm should do to combat mobile risk is to ensure their ongoing IT/security training incorporates best practices for securing mobile devices.
If you’ve gone through any sort of corporate phishing training, you’re probably familiar with how to look for telltale signs of a malicious email: “Right click on the link and make sure the url is legitimate. Double check that the email address has a domain that matches the sender’s organization.” Unfortunately, those giveaways do not exist on mobile – the mobile user experience is designed for simplicity and a smaller screen. It also doesn’t help that you can be phished in countless ways because any app that can send a message – such as social media platforms, messaging and apps – is capable of delivering a phishing link.
Similarly, ensure your users understand that mobile apps that may look harmful from a personal standpoint, can absolutely add risk to your firm. Many of the permissions and data access controls in an app could violate your organization’s governance, risk and compliance requirements. User education is critical to ensuring you stay on top of it.
At the end of the day, your legal staff is human and will therefore likely make mistakes. Proper training will go a long way to reduce the risk to which your firm is exposed, as will having the security in place. With everyone working from home or on the go, the traditional security you have in your offices isn’t enough. I encourage you to rethink how you can enable mobility while keeping your sensitive data secure.
To learn more about how Lookout can secure you from cyber threats while preserving privacy, visit our legal solution page.
Hank Schless Senior Manager, Security Solutions