The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/4983
www.iltanet.org 8 Peer to Peer BEST PRACTICES W hile the risks of inadvertent metadata disclosure are well understood within the legal industry, there is a security gap emerging via smartphones. Despite the significant benefits of mobility, mobile devices introduce new security risks, especially if a firm's metadata removal application is limited to a desktop application. The mobile attorney using the Web or a mobile device does not have access to these tools and is at risk. MObILE dEVICES ARE MAINSTREAM The latest smartphone models are revolutionizing the way attorneys are working when away from the office. Every month, there are several business applications launched for smartphones specifically targeted at the legal sector. In addition to these, firms are increasingly developing their own mobile-enabled applications that hook into their enterprise applications such as practice management. Although applications on mobile devices are highly unlikely to be exact replicas of those available on a desktop or laptop, they must still be included in risk assessments and your firm's security policy. Security for such mobile devices needs to extend beyond just the physical security considerations, such as what happens if the device is stolen, encryption of communications and other standard security features like virus checking. ThE MObILE SECuRITy GAP While the risks of inadvertent metadata disclosure are well understood by the legal industry, there is a security gap emerging via mobile devices that cannot be ignored. Although all business e-mail messages sent via a mobile device are routed through the firm's e-mail server and are covered by e-mail security functions at the gateway, it will bypass any desktop-based tools. Users are now able to not only review documents via mobile devices, but they are also able to make minor edits to documents with more ease. But, as attorneys review and edit documents on their mobile devices and forward them to external recipients, the metadata in the document is fully retained and sent outside the firm. Even just forwarding an e-mail message with a document attachment from a mobile device bypasses any desktop metadata removal tool that is in place in the office. Consider the following different scenarios: • forward an e-mail message An assistant has just sent a document to an attorney who is about to board a plane. If the attorney has the capability, he might review it on a mobile device prior to forwarding it, and get the document on its way just before that plane door closes. Any document metadata resident within the originating document would then be exposed to the recipient. • Review, edit and forward With the availability of each new model of a smartphone, the power and screen size continue to increase. This leads to the greater ease by which documents might be reviewed on these models and, along with additional features, the greater the likelihood that attorneys will make minor edits to the documents prior to forwarding them, either reattached to the original e-mail message or via a new e-mail message. Taking that document sent to the attorney just before he boards the plane — he might decide to spend the flight reviewing the document and making any necessary amendments. After landing, he can hit the "send" button and off goes the document, metadata and all. • attach a document to an e-mail message Mobile access to documents contained within a firm's enterprise application such as a content management system (CMS) can allow an attorney to review or send a document via a mobile device. Such access might be either via a proprietary or in-house developed interface, and such The Often Overlooked Mobile Security Gap