I had an interesting discussion with some of my readers about the seriousness of smartphone (and tablet) security after this post. The problem, as we discussed, is not just with the stuff being put onto the device, but also with lost devices or weak passwords. I'm satisfied to say that a larger number of the "data security" events occur because of lost devices or weak passwords, than because of malware or malicious apps.
Because of smartphone designs, and the natural need to have quick access to information, people get tired of having to enter their passwords. Case in point: I'm sure very few of my readers lock their desktop or laptop computers when they step away. Why? "Because I'll be right back," or "this is my home/office and I trust everyone."
This laziness then translates into countless "data breaches." Quick, simple, innocent losses of information. Lawyers need to appreciate the sensitivity of the information we possess, and protect it.
My two rules for smartphones and tablets stem from these "innocent" events.
Rule 1: All smartphones, tablets and mobile devices must have password protection.
Your law firm must have a policy regarding passwords for desktops and mobile devices. If you haven't established a policy for yourself and employees, do it now. My policy is simple: Use a strong password on your mobile device and always lock your computer when you step away.
The great thing about Android is the ability to set a variety of different passwords and keylock protections the least of which should be "none." Android offers users the ability to set a pattern lock, a numeric pin, or password. I prefer the pattern lock, simply because I type so many passwords and pins each day it's an interesting and delightful change from the norm.
To set your security go to Menu > Location & Security > Change screen lock. You can set a visible pattern by marking the checkbox next to "Use visible pattern."
If you choose to use a standard pin or password, the password must be strong. You can use a website to generate one for you, but it should never be one of the worst passwords. Again, I love the pattern lock because you can make it as simple or complex as you wish.
Rule 2: Always install and, if necessary, use a remote data wipe application.
If your phone were lost or stolen, how would you protect the data? Obviously, those who want access to the information can get it with enough time. However, the trick is to make sure they don't have enough time.
The Android Market has at least 1000 different apps that match the search term "lost phone." Pick one, and use it.
My favorites (in order of preference), out of the 1/2 dozen I've tried, are Wheres My Droid and Lookout Security & Antivirus. I run both apps together, which is probably overkill but I like the feeling of comfort I get.
Both of these apps allow you to remotely wipe your SD Card and your mobile device, if it's lost. Wheres My Droid will also get you a GPS fix on your device, if it's lost.
The greatest part of both apps? They're free. Now, there's no excuse when you can't find your phone.
If you're not protecting even the basic information, you're probably violating your state's professional rules. This is not stuff you should take lightly, especially with the amount of information probably stored on your device.
I suggest you take a minute installing these apps and securing your device, because some hacker won't wait.
Tidak ada komentar:
Posting Komentar