Simple Advice For Protecting Mobile Data
Mobile is the future of the world – at least the digital world. But digital brings with it a set of risks that the old 25 pound desktop computer in the office does not and we need to consider the implications of that.
The article (below) is specifically geared toward lawyers and California lawyers in particular, but it is simple advice and applies to everyone.
First, a few statistics (at least according to the article; I have not verified them independently).
- In the United States, someone loses a cellphone every 3.5 seconds
- More than 3 million cellphones are stolen a year
- More than 12,000 laptops are lost in airports each week
The article goes on to point to some specific guidance from the California State Bar about the responsibilities of attorneys to protect client information. This is reasonable advice, even if you are not required by rule to follow it. It says that you should consider the impact of inadvertent disclosure, the urgency of the situation and the client’s instructions, for example, in deciding whether putting that data on a mobile device is appropriate.
The article then points out the fact that the more likely risk is not a terrorist attack, but rather an employee leaving a device at the gym or the airport.
Then the authors provide 4 simple recommendations:
- Password protect devices – this means a REQUIREMENT that all portable devices have a robust password and I would add to that the devices should be encrypted.
- Turn on remote device location services (so that you can find misplaced devices) and remote erase features
- Protect flash drives – either by encrypting them or password protecting the files. The best way to do that is to encrypt the flash drives because once you have done that, there is no work for the user. Alternatively, you could password protect each and every file by manual process. That is more error prone and likely to fail.
- Public WiFi that these mobile devices connect to presents a large risk. On the other hand, it is also very convenient. A VPN connection provides a level of assurance that any data transmitted over that mobile connection cannot be easily eavesdropped on or accidentally disclosed.
Many people, especially younger ones, use their mobile devices – meaning phones, tablets, Chrome-books style devices and laptops – as their primary computing devices. This means that there could be a significant amount of sensitive data on those devices. Unfortunately, that does not mean they are any less likely to go AWOL.
If the statistics I presented at the beginning are close to accurate, that is pretty scary.
Information for this post came from The Recorder (free registration required).