Great tips at Law Technology Today on mobile security. Don’t take confidential client data outside the office without taking these precautionary steps:
Password protect all technology (phones, tablets, laptops)
Enable remote wiping capability
Limit what you carry when outside the office
Mark your property and don’t leave it unattended
Consider computer locks for laptops
Use less conspicuous carrying cases
Read the full post.
This piece from exactly a year ago has some very good ideas, but fails to cover one if the most basic vulnerabilities I see attorneys and others subjected to daily: Man in the Middle.
Even if your data is encrypted, it can still be grabbed and read “on the fly,” while in transit, by anyone with a small amount of know-how on the same unsecured wifi network. Yes, that includes public password-protected wifi as well. More good info is at http://wlanbook.com/wireless-man-in-the-middle-mitm-attack/
This is why data needs to be encrypted *before* transit. For example, both the ABA and the PLF encourage lawyers to encrypt files BEFORE uploading them to the cloud. Otherwise, you are right – there are vulnerabilities.
Great point! And yes, that’s a really good beset practice. Note, however, that a sharp MITM attack would already have compromised the person’s connection, so in most cases the interloper is seeing the file before it gets encrypted, intercepting the upload, and they have whatever credentials were used for the upload itself!
And thanks for your reply, I find this to be a fruitful topic.
Pingback: A Look at the Year Past – Tips You May Have Missed | Oregon Law Practice Management