This is the first column in a series exploring technology risks facing in-house counsel and their clients. The first part of this series will deal with the risks of deploying technology when on the road and what can be done to mitigate those risks.
As in-house counsel, it is often necessary to travel to meet clients, business partners or other lawyers. While the benefits of face-to-face meetings go without saying, lawyers should be cognizant of their use of different technologies while traveling and while in the offices of other firms and businesses. This article will discuss some of the main risks surrounding these technologies that corporate counsel should be aware of and how to mitigate those risks.
Probably the simplest but most prevalent risk facing lawyers when they travel is the physical security of their devices. I am often asked to work with clients on finding solutions to prevent hacking and other methods of data loss and most clients are amazed when I tell that the primary risk is that their computer or smart phone will be stolen. Very few lawyers or other business travelers take basic precautions when traveling with their computers and smartphones. A few of the ones that every lawyer should follow are:
- Never leave your laptop or your smartphone in your hotel room unsecured. If you must travel with your laptop, always either take it with you when you leave the room or secure it in the safe provided in your room.
- Always password protect your laptop. While most criminals are merely seeking to sell your laptop for its value on the black market, unsecured laptops present the risk of data theft. Increasingly, the theft of corporate secrets is becoming a primary reason for the theft of laptops and smartphones.
- A good practice is to take a security cable with you so that even if your hotel does not have an in-room safe, you can secure it to some other object in the room.
- Another good practice with respect to laptop security is whole disk encryption. This allows for the entire hard drive of the laptop to be encrypted with access only possible via the correct password. If the hard drive is encrypted and the laptop is stolen, the perpetrator can sell the laptop for its value on the black market, however they cannot access critical corporate secrets.
Smartphones present their own challenges with respect to security. Many times smartphones have access to corporate email, calendars and potentially corporate data bases. Due to their small size, smartphones are easily misplaced or stolen. Some good practices to observe with respect to the smartphones are:
- Always lock your screen with a pin code or password. While this will not deter a determined thief, it does add an extra layer of security to prevent casual browsing of your email or documents.
- Always use encryption when possible. Even though not every smartphone platform offers encryption, if your platform does, it should be utilized. I note that it is possible to extract data from smartphones even when they are protected with a pin code.
- Increasingly, viruses are being targeted to smartphones. As such, it is becoming a best practice to install anti-virus software on your smartphone. People often forget that smartphones are just small portable computers that also happen to make phone calls.
- Install remote wiping or disabling software. Most major operating systems can be configured with some type of remote locking, remote wiping or GPS location applications. This can be crucial in the event your smartphone is stolen and you need to protect your data by wiping the contents of your phone.
- Always back up your data. Just like the computer at your desk, your smartphone contains valuable data which should be backed up on a regular basis.
- Always be aware of websites visited. All smartphones have web-enabled browsers. As such, users can visit websites using their smartphones. Many users do not think of their browsing habits on their smartphone in the same way that they do their desktop computers. However, the same websites that contain malicious code that can infect your desktop computer can also infect your smartphone. The bottom line is to always be aware of where you are browsing.
One of the increasingly popular methods of data breach by hackers is to use unsecured Wi-Fi access points. Many times, unscrupulous persons will set up what seem to be a normal Wi-Fi access points in airports, restaurants and coffee shops, among other places. Using these fake access points, hackers can see the unsecured transmissions of their victims. If you are using one of these access points, they can see your email, documents that are being transmitted via your computer, and in certain cases, even access documents contained on your computer. The simplest way to avoid issues with respect to these fake access points is to not use unsecured access points.
I note that a good practice is to get a data air card from a wireless telephone vendor. While there will be monthly charges associated with this method, it will allow you to correspond and transmit data in a secured fashion. Lastly, I note that the same rules that apply with respect to using unsecured Wi-Fi networks with your laptop apply with using unsecured Wi-Fi networks with your handheld devices.
In summary, the above represent a few of the things that you can do in order to protect your company's sensitive data while traveling. While many of these things might seem like inconveniences, the inconvenience of losing your company's trade secrets or allowing unfettered access to your company's networks would be greater. Data security is truly a place where a little bit of planning can go a long way.
Read Roy Hadley's next column.