Image by John.Karakatsanis
Mobile devices pose significant risks for sensitive corporate information. As lawyers become more dependent on mobile devices for their practice, they need to be cognizant of the significant security risk these devices present.
ViaForensics recently released its latest 80-page Mobile Security Risk Report. Both the Android and iPhone risk is amplified by the fact that these devices tend to hold personal information for a long time by design, i.e, nothing is ever truly deleted.
Mobile devices have become easy to hack by remote exploits due to all the applications loaded on them. Hackers can now remotely jailbreak and root a device over the network which essentially provides the hacker with unrestricted access to the entire file system of the target mobile device.
The rush to develop user-friendly apps has been at the expense of security. These apps collect and store a tremendous amount of information. Even apps that appear to ask for no permissions during installation can become a back door to your phone. Check out appWatchdog for an objective analysis of various publicly available mobile apps.
Encrypting information on your device is not foolproof because encryption on both the iPhone and Android can be broken with minimal effort. Additionally, it is not that difficult to extract data from a passcode-protected device as well.
To protect your mobile privacy:
1. be cognizant of what you install on your phone and who the company is that makes the app;
2. put a "strong" passcode on your phone to protect against casual theft;
3. turn off your Wi-Fi when traveling to protect against the device automatically associating itself with a public Wi-Fi network;
4. ask your mobile provider to remove all rooted apps that that came with the phone that you do not intend to use and that can be safely removed;
5. ensure that corporate mobile device policies are up to date; and
6. consider mobile security software to help protect against malicious downloads.
Consumer mobile devices are an ideal target for criminals. You should assume at some point it will be lost, stolen, or become infected with malicious code. The bottom line, it is not recommended that you store highly sensitive data on them.
Albert Barsocchini, a member of the LTN Editorial Advisory Board, is a San Francisco-based consultant. Email: barsocchini@gmail.com.
Subscribe to Law Technology News
-
KDC
I am guessing it's only a matter of time before we have to scan all files on our mobile gadgets, much as we do on our other computers.
Comments are not moderated. To report offensive comments, click here.
Reader Comments