The holiday season is upon us! That wonderful time of year, filled with gift-giving, overeating, and holiday parties. If you’re like me, it’s also the time of year to ask for that smartphone or tablet that you don’t necessarily need.
Your current device handles your work and personal needs for the most part. But it’s slow, and getting slower, and it’s battery life leaves a lot to be desired. When the time comes, you tear open the wrapping, open the box, and stare lovingly at your new toy. Its screen is unblemished by fingerprints. Its edges lack the nicks and scratches – or “character” – your current device earned over months and years.
As you cradle your new device, you imagine a better world. You know that this new device will be a huge boon to your law practice. In paperless heaven, you’ll be both more productive and incredibly stylish. It’s a glorious new day. Ok, so that may be overstating it a bit. However, updating to the newest device does have a lot of advantages for your practice. Unfortunately, all of those advantages are meaningless if your new device isn’t secure. Below, we’ll explore how to secure your tech devices against cyberattacks.
Set a Password
An estimated 40–60% of smartphones and tablets are not password-protected. That’s right, half of all smartphones and tablets can be accessed entirely simply by turning them on. To quote Droz from PCU: “Don’t be that guy!” The very first thing you should do with your new device is set a password. A password is your first line of defense when it comes to protecting the information on your device. You take your device everywhere, and put your whole life on it.
Even the U.S. Supreme Court Justices know that. Oh, and you put your clients’ information on it too, so password-protecting the information is probably an ethical obligation. An added bonus – passcode lock also encrypts your data on most devices. Most devices allow you to increase the strength of your passcode (iOS actually allows you to increase your passcode from 4 digits to 37!). By adding even one digit to your passcode, you substantially increase the code’s effectiveness. If your device allows for biometric authentication, such as the fingerprint reader on new iOS devices, use it!
Biometric authentication provides an even greater level of security (although certainly not foolproof), and it actually makes securing your device more convenient. You’ll catch unicorns more frequently than you’ll see technology that increases security and convenience. Resources: Tips for complex passcodes; Coming up with passcodes you’ll actually remember; Top 10 Passcodes you shouldn’t use. As part of your passcode setup, also make sure to enable the auto-lock feature. Auto-lock allows you to set the amount of time your phone can sit idle before the passcode must be re-entered. Use it – what good is your passcode if a thief never needs to use it? (Additional Tips: Did you know that you can passcode protect many of your apps too? I highly recommend it!)
Update your Device
The best protection your device has against viruses and malware is an up-to-date operating system, or OS. Every update to your device’s OS is important, frequently addressing a variety of issues, including minor adjustments and bug fixes. Most importantly, though, the updates usually include fixes for vulnerabilities that hackers use to access your device. It’s important to note that updates aren’t just important for your OS, but also for your apps. Usually, app updates tend to discuss feature additions/modifications or aesthetics.
However, important security protections are oftentimes a part of these updates as well. While some recommend setting your device to auto-update, there has been some concern voiced about potential app permissions that may actually make your device easier to hack if you do so. Personally, I just make it a priority to check for new app updates every couple of days. Frequently updating your OS and your apps means that you’ll always have the most recent anti-virus and anti-malware protections available.
Configure Privacy and Security Settings
You also need to configure your device’s privacy settings. For attorneys, this can be an extremely important, yet highly overlooked, step. Nearly all new smartphones and tablets have the ability to know and track your location. Most devices have that ability activated by default. In addition, almost every app you download will also attempt to track your location, and unless you adjust your settings, they will do so automatically. Some make sense, like Google Maps. Some don’t. On my phone, the Epicurous cooking app and ESPN both want my location.
You also probably want to deactivate geo-tagging of your photos and social media posts. Geo-tagging tracks your exact location when you create content, then save that location. For a photo, that might not be terrible. Making your location easily available for anyone following you on Twitter? Not so smart. As far as security settings go, the first thing you should do is enable remote-wiping of your device.
On iOS, use Find My Phone, on Android, use Android Device Manager. This way, if your device is ever stolen or lost, you’ll be able to prevent any of your clients’ confidential information from being accessed by deleting it from your device. (You should also back up your device to the cloud, ensuring that you won’t lose important data if you have to use this feature.)
You should also disable Bluetooth and NFC (Near Field Communication) except when you want to use them. They’re definitely useful features. However, hackers can access your device through active, unused ports. (The same is true for Wi-Fi, so if you’re not actually using it, turn it off!) If your law firm has a BYOD policy, you’ll likely be installing some form of security app. If not, but you’re interested in what security apps are out there, check out this site.
One More Thing: Lost amidst your fawning over your new device is the fact that your old smartphone or tablet is probably loaded down with confidential information. What are you going to do with it? Give it away? Sell it? Before you do, make absolutely certain that you have completely erased its internal memory.
It certainly wouldn’t be fun to explain to an ethics committee how confidential information was lifted from a lost or stolen device. Imagine how much worse it would be to have to explain that you forgot to erase the information before selling your phone on the internet.
Check out this article for instructions on erasing your device’s hard drive. Brian Focht is a civil litigation attorney at Stiles, Byrum & Horne, LLP in Charlotte, North Carolina, and co-founder of the Information Technology Consulting Company B&R Concepts, LLC. Brian is also the author of the blog The Cyber Advocate, which seeks to educate and inform attorneys and legal service professionals about how they can improve their practices—and better serve their clients—through technology.
Keep up to date with more resources on protecting your law firm by signing up for a Clio trial today; and not only get access to software but content such as Brian Focht’s succinct guide on 12 Steps to Cybersecurity for your Law Firm.