Be Careful With Confidential Data On Mobile Devices

security_mobiledevices

As much as we all hate remembering passwords and thinking about security, it’s hard to ignore the constant headlines on the front page about hacking and security and privacy.

You’re getting better. You’re well trained to practice safe computing on your home and office computers. With the help of LastPass, many people have begun to use complex passwords for web services. You’ve become more cautious about posting private information on Facebook.

A new security problem is opening up. You need to have it in mind.

You’re probably already using some of the new technology that allows you to have your data available on your smartphones and tablets. It deserves respect and careful consideration, because it can undo some of your security precautions.

Start with the obvious reality: Your business data is confidential. You must keep it secure. If you are a lawyer, your obligation to preserve confidentiality is at the heart of your attorney/client relationship, imposed on you by ethical and legal requirements that cannot be ignored. If you are a businessperson, you have competitive and business reasons to prevent a security breach.

After the explosion of mobile devices in the last two years, almost every lawyer and CPA and businessperson is carrying a phone that displays the entire contents of their mailbox – all the email messages to and from clients and experts and opposing counsel; all the messages about this year’s business plan; the calendar that shows appointments with bankruptcy advisors and divorce counsel; and many more things that might cause you harm if the phone fell in the wrong hands.

Smartphones and iPads are easy to lose and easy to steal. Anyone can pick up your phone or your tablet and access all the apps on it. Theoretically you can lock them so they cannot be used without entering a code or unique gesture but you’re not going to do that. No one does. Instant access is part of the appeal.

It’s easy to see why it might be a problem to have your mailbox exposed but that’s not all.

dropbox

Dropbox led the way with iPhone and Android apps to sync folders to phones and tablets. It is intoxicating to have immediate access to everything in Dropbox folders at the touch of a finger! Dropbox gets more compelling for mobile devices all the time – the most recent Android version automatically uploads photos to a Dropbox folder where they can be viewed on your computer right away. It’s comparable to Apple’s iCloud for photos and fills an important need for Android owners.

If you’re using Dropbox for business documents, all of those documents can be downloaded with a click. That’s incredibly powerful if you’re in a conference room or a courtroom.

That’s incredibly scary if your phone is stolen.

When I realized that confidential documents in Dropbox could be accessed from my phone, I yanked Dropbox off my phone immediately. Here’s the article where I described the risk of syncing business documents to a phone.

The mobile Dropbox app can be protected with a passcode if you are alert. If you’re not alert, then Dropbox on a mobile device can expose your secrets just as quickly as if you dropped off your file cabinets in opposing counsel’s conference room.

Recently I created a workaround. I set up an email alias – a second email address that delivers messages into my primary mailbox. I used the email alias to set up a separate Dropbox account and linked that account to my phone and iPad.

Then I used Dropbox’s sharing feature to share a folder named “Shared Bruceb Mobile Dropbox” with both accounts. If I drop something in it on my computer, I can access it on my phone and my iPad. I use it for videos and music and photos, and never ever for sensitive business files.

There are many more file syncing services being developed. Microsoft intends to make Skydrive more useful. There continue to be rumors that Google will improve its cloud document storage. Apple might take iCloud up a notch by improving its support for documents and data. There are more lined up behind them.

The file syncing services will emphasize cool tricks with photos. It will be up to you to consider the security issues.

onenoteicon2

The same considerations came to mind when I tested Microsoft’s OneNote app for iPads. It’s well-designed and syncing worked smoothly. I could access all of my notebooks on the iPad just as easily as I could open them on my desktop computer and notebook.

And that was the problem. My OneNote notebooks include confidential information that would compromise my clients if it was lost. If there was a way to sync some notebooks and prevent others from being opened, I couldn’t find it.

I’ve uninstalled OneNote from the iPad, which is a shame but quite necessary. It is a dangerous world! You will have no defense if confidential information is compromised because you mislaid a phone.

Be careful out there!