The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/4983
www.iltanet.org 40 Peer to Peer A s more attorneys use mobile devices to take calls, read e-mail messages and edit documents away from the office, law firms are finding it increasingly difficult to protect the security of their data and their networks. Devices like the BlackBerry, Pre and iPhone have made attorneys more productive than ever and have whet their appetites for more ways to work on the go. While some of these new phones might be great for tracking down movie times or streaming music broadcasts, they sometimes fall short in the corporate environment. understand Security Policies Mobile encryption is coming, but it isn't here yet. Currently, Research In Motion, with its BlackBerry, is the only handheld device manufacturer that adequately supports device encryption. As attorneys clamor for the newest and sexiest smartphones available, the question becomes whether or not the manufacturers will provide the technology to comply with firm and device security needs. Both Massachusetts and Nevada have recently amended legislation aimed at protecting personal information by requiring hardware and mobile device encryption for businesses. Legislation that dictates how businesses must protect data will force device manufacturers to comply to stay competitive. Until more states take similar action, however, law firms must use those devices that comply with their networks' security policies. If firms won't issue edicts prohibiting noncompliant handheld devices, then the best we can do is provide an incentive for attorneys to adopt approved devices. The number of applications for BlackBerry devices has grown beyond e-mail, phone, calendar and contacts access. They allow attorneys to input time entry and billing information after meetings or to review important client documents during downtime. Attorneys can review documents on the document management system or switch a call from a desk phone to the device without ending the call. Many other smartphones are becoming an asset to attorneys on the go. Corporate e-mail, calendar and contacts are readily available from any device such as the Pre and iPhone. Prepare for Worst Case Scenarios Today's PDAs and smartphones pose just as much risk as a laptop because they store and access sensitive data and services. Companies must assess their risk exposure by knowing when and how employees use mobile devices for business. This is a hazard to any business if not managed well. Lost and stolen devices are just as critical these days as lost laptops have been in the past. For such incidents, Exchange Server 2007 offers native support for remotely wiping ActiveSync mobile devices. This capability required an add-on to Exchange Server 2003, and the final result was not nearly as easy to use as it is in Exchange 2007. Not all of the newer devices are supported and cannot always be remotely managed with the 2003 version. When an attorney calls the helpdesk and says he needs help setting up e-mail on his new smartphone, the helpdesk representative will assist and close the request. In the meantime, what if the attorney's original smartphone was stolen and he or she simply replaced it at a nearby wireless provider's store? This should bring up several questions. Are policies in place for the activation of smartphones in your organization? Are procedures in place for your helpdesk representatives to ask vital questions such as, "Is this a replacement device?" If so, "what became of the original device?" If a device is lost or stolen, does your IT department have the ability and documented steps in place to remotely wipe a Pre? An iPhone? An Android? Increasing mobile device reliance presents increased security needs for IT groups, especially those responsible for the Health Insurance Portability and Accountability Act security compliance. Though these groups often ensure security of laptop and desktop systems, smartphones and PDAs are often overlooked. Sensitive e-mail messages and documents alone make today's mobile devices subject to the same risks as better Safe Than Sorry New Mobile Devices Might Fall Short in Law Firm Security Requirements by Jason Adams, Sandra Dye and Sean Power