Mobile Phone Security Basics for Lawyers
If you use a mobile phone as part of your law practice, you need to be concerned about what could happen if someone steals it or you otherwise lose it. It's not a theoretical problem: in 2011, U.S. consumers lost more than $30 billion worth of cell phones, according to mobile security provider Lookout. Also consider the Smartphone Honey Stick Project, a study commissioned by the information security company Symantec, which revealed that 96 percent of the phones it purposefully "lost" in major cities were accessed by the finders, 83 percent were accessed for corporate related apps and information, and only 50 percent of the finders contacted the owner and provided contact information. In light of these unsurprising findings, you're treading on dangerous ground if you fail to take steps to secure your phone against unauthorized access. Bear in mind that most codes of professional responsibility require you to safekeep your clients' "property"--arguably including their data--at all times.
Basic Security Measures
Locking. Setting your phone to lock after a period of inactivity is a sine qua non for mobile security. For Android phones, you can create three different types of "keys" to unlock your phone: a four-digit PIN, an alphanumeric password, or a "connect the dots" pattern you draw with your finger. Newer Android devices can be unlocked through facial recognition technology as well. You can lock an iPhone with a PIN or passcode. The "Simple Passcode" is a PIN, but if your toggle that switch off, you'll be able to enter an alphanumeric passcode.
For more sophisticated password protection, there are numerous password apps available at Google Play (formerly the Android Market) and Apple iPhone app stores.
Tracking lost phones. There are lots of apps--good free ones--that will use GPS (or cell tower triangulation when the GPS is not available) to track the location of your phone if you lose it. Choose one and install it.
Remote wiping of data. Most phones give you the ability to delete all data from them remotely. You may want to wipe your phone clean when you're sure it is lost forever or has fallen into the wrong hands. You can find free apps for remote wiping if you don't like your phone's existing capability.
Locking specific apps. Short of, or in addition to, locking your entire phone, you can lock specific apps on your phone. Each app can have a different key--i.e., PIN or password--assuming you can remember that many. Look for app protectors on Google Play or Apple app stores. If you use Google Apps and are serious about protecting them, free two-step verification adds an extra layer of security to your accounts by requiring users to enter a verification code in addition to their username and password when signing in to their account.
Antivirus and malware protection. You need to protect yourself against data loss even if you manage not to lose your phone. The Juniper Networks 2011 Mobile Threats Report showed a significant increase the amount of mobile malware. If you're going to be downloading a lot of apps onto your phone, invest in some antivirus or malware protection software.
Data encryption. Your text messages, e-mail, and other critical communications are zipping around cyberspace, exposed to prying eyes. Get a smartphone encryption app. Some can encrypt your phone's flash memory and even create encrypted backups. Others allow you to selectively encrypt specific files and folders on your phone. Stay tuned for apps that can encrypt your outgoing phone calls and text messages in real time.