The risks in such a data-sensitive sector
Technology is moving forward at an increasingly fast pace − and handsets are filling up with features. As the market evolves, users are demanding devices with access to a wide range of consumer services, not just email, on a business and personal level.
From a professional perspective, mobile technology is revolutionising the way many businesses operate − and all kinds, but particularly law firms, are now benefiting from the latest advances in mobile technology. The explosion of apps, for example, which cater for everything from time recording to document production, are making legal professional lives easier. But while it is important to be aware of the benefits, it’s equally important to understand the risks in such a data-sensitive sector.
One of my main concerns is that this isn’t taken seriously enough. For example, it’s interesting to see that mobile data gateway Wandera’s recent poll of 2,000 end users found only 7% of employees are being given any form of security guidance on using apps and smartphones in general.
So what are the risks? Is it just taken for granted that data is safe? From conversations I’ve had, it would appear the answer is ‘yes’ more often than not. Apps can gain access to company data and leak this sensitive information to the outside world, so if we’re talking about sensitive legal documents and contracts, this could be potentially damaging. Leading apps have been seen to transmit passwords, email addresses and even payment information, including locations.
Many people use the same login names and passwords for personal services, so it’s easier for criminals to gain access to financial and personal services. It’s not surprising that Gartner predicts 75% of all mobile security breaches will be the result of mobile app misconfiguration or misuse.
Malware is a common word in the laptop/PC threat world and is now beginning to take hold in the smartphone arena (with total mobile malware growth of 167% in the past year alone, according to the June 2014 McAfee Labs Threat report). Mobile malware is malicious software designed to steal personal information stored on a device by silently watching what is happening, and in some cases even gaining control of the handset. Most mobile malware spreads via malicious apps on the device, gaining extensive permissions. Trojan malware has been seen to send SMS messages to premium mobile phones services, racking up very large unauthorised charges. Information is stolen, which can lead to phishing and fraudulent activity, including identity theft and banking fraud.
Danger from within
Mobile security threats aren’t always external − they can be unknowingly created by employees themselves. For example, an employee leaves a business and resets their phone before passing it on to a colleague. This is a major risk many businesses aren’t aware of. Once this happens a business has no visibility of the phone’s usage when it belonged to its previous owner. Other unknown risks could be as simple as visiting another office and plugging a device into Wi-Fi, spreading potential problems further.
Mobile phone loss is one of the biggest risks for firms. Britain loses around 1.5bn gadgets each year, around 190,000 people losing their mobile in the back of a London cab. It’s scary to think how dangerous that could be if phones aren’t secured correctly and the device with business-critical information falls into the wrong hands.
I work with a number of law firms, helping to raise awareness of mobile device security. Most recently I worked with full service law firm, BP Collins, which wanted to provide employees with a choose your own device offering, with device options including Android, BlackBerry and iPhone.
With a diverse range of handsets on offer, the law firm recognised it needed to understand how to keep them all secure. After lengthy discussions, it chose the latest BlackBerry enterprise service, which allowed it to roll out Android and iOS smartphones with a secure and containerised email solution, ensuring client data wasn’t accessible from private applications, such as Facebook. Not only does the BlackBerry Enterprise Service support BlackBerry devices, it also supports iOS, Android and Windows Phone 8 devices.
Firms ensure PCs and laptops are secure, but it would appear we are yet to adopt the same measures for the smartphone and tablet, and I fear this is due to lack of awareness of the risks involved. Handsets are now being used for a wide range of services, from contactless payments through to opening a hotel room door. With such sensitive data at risk, the right solutions need to be employed − and quickly − as these threats are only set to increase as the use of the mobile phone evolves.