Every minute in the U.S., 113 smartphones are lost or stolen. That comes to an estimated 30 million smartphones lost or stolen in the U.S. per year with potentially as much as 10 percent of the population losing a smartphone. What does that mean for your company’s confidential information and communications? Certainly you have communicated about sensitive topics with people within your company, or with outside counsel on your smartphone. Are the communications you have with those individuals properly protected should you or your attorneys be one of the people so unfortunate as to misplace a smartphone?
Attorneys have an ethical obligation to protect client confidences and communications. However, for most attorneys and law firms smartphones appear to be an after-thought. If someone got ahold of an attorney’s smartphone, that person could have access to documents with sensitive company data or emails with confidential communications. Below are some steps you can take to reduce the risk that your company’s sensitive information will be accessed by others through a lost or stolen smartphone.
- Require password protection for smartphones. Your company should require all of its attorneys, including outside counsel, to have a password protection system on smartphones used for business purposes. There are many apps available—some are very basic, while others are more advanced.
- Basic security. Most smartphones are equipped with the basic security option of setting a pin number to lock the device. This is sufficient to keep the kids off of the smartphone; however, it is insufficient protection against more sophisticated users and hackers.
- Better security. Products are available which require more sophisticated passwords than a four-digit pin. These apps require a longer password with various characters, similar to what most companies now require for desktop passwords. Taking it a step further, there are apps that will wipe the smartphone clean of data if the password is incorrectly entered too many times.
- Best security. The top of the line security products allow the user to lock the smartphone and SIM card remotely, wipe important information from the smartphone and activate the internal GPS to locate the lost or stolen smartphone. These systems are a bit more costly and often come with an annual or monthly fee, but are generally simple to install and receive live updates. Probably a cost well worth it when an attorney considers the cost of sensitive information falling into the wrong hands.
- Other options. Dual level passwords are also available for smartphones. With this type of system, your can have a password protection system to unlock the smartphone itself, but then require a second password to gain access to specific types of functions, such as email. Smartphone encryption apps are also available for text messages, email and other critical communications.
- Conduct security audits of outside firms. You should ask your outside counsel what security measures, policies and procedures the firm has established to protect client confidences on smartphones. This can be as simple as asking the attorney contact at the firm, or as involved as conducting a full security audit of the firm. Basic computer security audit checklists are available for free online, and can provide you with a starting place for developing questions you should ask the law firms that conduct work for your company. Moreover, you can further ensure smartphone security by adding a section to the fee agreement regarding your expectations for such security related to your company’s communications and documents with attorneys in that firm.
With some planning and the installation of some simple applications, you can avoid any uncomfortable conversations with your legal counsel regarding the loss of or access to sensitive information, and reduce the risk of sensitive information falling into the wrong hands.