Law firms have stringent data and information security requirements — and for good reason. According to the most recent survey by the International Legal Technology Association (ILTA), 67 percent of respondents said that security management is one of their top challenges. Professional conduct rules mandate that client information must be held in the most secure possible manner. In the past, sensitive and confidential documents would either be stored in secure file cabinets or only handled on in-house computers. Modern digital technologies like smartphones and tablets have changed things for the better, but they’ve also introduced new security risks to law firms and created the need for a mobile device policy. Mobile devices are now everywhere and can contain vast swathes of information. Should data be compromised, the stakes are extremely high — law firms could face costly lawsuits and significant damage to their reputations, making it essential for them to have an effective mobile device policy.
Security Awareness Training and Risk Assessment Plan
One of the best ways to drive a culture of security throughout every firm is to ensure that everyone in the organization is aware of the threats, from top partners to new hires. Security awareness training is a critical step toward educating all employees about the latest developments that could affect the security of the firm, its staff and its clients. With a security risk assessment plan, firms can identify vulnerabilities in technology, processes and staff, and mitigate any issues or gaps with current security policies or processes for accessing and storing confidential data.
Secure Mobile Devices
Any mobile device policy should include the firm’s position on mobile devices and rules regarding the use of personally owned devices. According to ILTA, 68 percent of law firms have a BYOD policy that covers smartphones, and 57 percent have policies covering tablets, but more than 30 percent of firms have no mobile device policy, leaving them vulnerable to a breach. To protect confidential data, law firms should deploy a selection of approved mobile devices that have high levels of mobile security built in, including hardware level security.
Mobile Device Management and Data Separation Solutions
Law firms should ensure that all mobile devices are registered before allowing them to connect to the network, and that a mobile device management (MDM) solution is in place, which should include two-factor authentication for access to sensitive data and applications. Most of the top MDM solutions integrate directly with Samsung’s Knox Workspace, which provides containers for separating personal and business applications and data so that business data is adequately secured. Should a device be lost or stolen, data from the business container can be wiped.
Gartner has estimated that 75 percent of all mobile apps contain vulnerabilities, so controlling which mobile apps are used on mobile devices is another consideration that should be included in a mobile device policy. Google Play for Work allows IT departments to whitelist or blacklist apps, giving law firms greater control over which apps can and cannot be used. It also makes it easier to deploy custom-built apps to users within an enterprise app store.
Law firms have traditionally been considered laggards in the deployment of new technologies, preferring to lock down information in non-digital or legacy environments. With the widespread use of smartphones and tablets in the legal industry, that approach is no longer an option. Data must be safeguarded, and a mobile device policy is essential.
Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.