Secure Your Mobile Documents

Secure Your Mobile DocumentsI had a conversation with an attorney the other day and she was telling me how her law firm is getting Apple iPads for all the attorneys.  She said there was a lot of resistance, at first, from her IT department.  That’s been the case with many law firms, but improved productivity has won the day. 

In fact, according to the 2011 ILTA/InsideLegal Technology Purchasing Survey, which examined the purchasing trends of law firms with 50+ Attorneys, 25% of respondents said that the iPad would be one of the major technology purchases over the next 12 months.  11% of firms had already purchased iPads for their attorneys and 55% reported providing IT support for employees who purchase and use their personal devices.

Many law firms and other businesses are concerned about leaking the most sensitive information in their business.  As with many organizations, law firms use documents to store client and case materials.  Some of them are in a case management system, but many are on people’s laptops, desktops, mobile devices and file servers.  I asked the attorney what would happen if those documents got out of the company and into the hands of other law firms, the media or other businesses?  She said it would be devastating.  Letting her client correspondence, legal briefs and strategies out would ruin them. Their clients would lose all trust in them and it would most likely put them out of business.

In some circles, there is an assumption that iPads are insecure, but they can securely access corporate networks and protect data on the device.  The iPad provides strong encryption for data in transmission, proven authentication methods for access to services, and encryption for all data stored on the device.  It also provides secure protection through passcode policies that can be enforced and delivered over the air.  If the device is lost or stolen, attorneys and IT administrators can initiate a remote wipe to erase information.

One of the big issues with using iPads and smart phones is they are not always secure for documents.  If documents are the lifeblood of a business, then securing them is critical.  This same issue exists with laptops and desktops, but given the popularity of mobile devices and the ease with which they are lost or misplaced, the problem is exacerbated.  There are lots of apps for developing documents on an iPad, like Documents To Go, Apple Pages and GoodReader, so creating, editing and reading them is a snap.

If an attorney creates a document on an iPad, the information inside it is fair game to anyone who has the device.  There are data encryption policies on the devices, but once a thief has the keys to the castle, they can read anything.  If an attorney emails that document to a colleague, opposing council or a client, the information inside is available to anyone.  This is even more critical if you are using cloud-based services to store and share information.

Securing documents is made easier through a persistent security policy that travels with the document.  It encrypts a document and you control who can access the information inside it.  If a law firm only wants certain attorneys to see a legal brief, they can give that group the right to view and edit the documents.  If anyone else tries to access them, they can’t read the information inside. The strong encryption makes the data look like random characters.  Many law firms believe their documents are protected because they’re in a case management system.  That’s true when they are in the system, but not when someone takes them out.  Since anyone accessing the document must be given specific rights to it, someone with a stolen iPad would have a bunch of useless files.

Another advantage of persistent security is that you can revoke a document’s rights, if you suspect it got out inadvertently.  If an attorney accidentally shared a document with the wrong person or company, that information is in the wild.  This happened in August 2011 when a memo was accidentally posted on the FCC website by a law firm working for AT&T that caused major problems for the T-Mobile acquisition.  Once realized, the firm could have revoked the document’s access rights and effectively killed it.  Anyone trying to read the information inside would read a bunch of random characters.

iPads and other mobile devices have made life easier for attorneys, doctors, engineers and lots of business people.  New services like Apple’s iCloud are making it easier to share documents and collaborate with these systems, so it’s critical to protect your documents from prying eyes.  With all the data breaches in the news, the last thing you want is to wake up, fire up your iPad and see your company in the headlines.

 

Photo credit The MacLawyer

Leave a Reply

Your email address will not be published. Required fields are marked *