October 23, 2012

A Road Warrior's Guide to Mobile Security

Issue Cover Law Practice Magazine Logo




July/August 2006 Issue | Volume 32 Number 5 | Page 36


By Tom Mighell

Nowadays, it's hard to walk into a hearing, meeting or deposition and see a lawyer who isn't using some form of mobile technology. Use of laptops, smart phones, tablet PCs and BlackBerry devices has greatly increased in the past few years, providing lawyers with an amazing set of tools to better serve their clients, both at home and on the road. We now have the power to access vital practice information from almost anywhere. But as the saying goes, with great power comes great responsibility.

Just as you need to take care to protect the client data inside your office, so also must you be cautious when using technology while traveling or out of the office in general. In fact, you need to exercise special precautions, given the security issues involved in making on-the-road Internet connections and the theft-friendly nature of lightweight portable devices. Consider that hundreds of thousands of laptops and handhelds are lost or stolen every year, resulting in the loss of millions of dollars worth of proprietary information—and, in the case of lawyers, confidential client data—and you'll get the point.

Yet with a little common sense, awareness and advance planning, you can take your technology on the road with relative security. To help ensure that your journeys are safe, here is a brief guide to mobile security for road warriors.


Tools to Safeguard Data on Laptops and Tablet PCs

Before you even leave the office, make sure your portable computer is equipped with the basic, necessary security tools—the same kind you use to protect the data on your desktop PC. If you're observing good security practices in your office, you'll already have most of the following programs.

A firewall. A good software firewall is essential to making sure intruders are blocked from getting into your laptop or tablet PC. Probably the best software firewall available is ZoneAlarm. The basic version is free to use. There are also more full-featured releases that cost up to $50.

Antivirus software. Most legal professionals are now using antivirus software, but many don't realize they are supposed to keep the virus definitions updated for constant protection from the newest viruses. To do this, enable your antivirus software to automatically download and install the latest virus definitions as they become available.

Anti-spyware software. Spyware is considered more problematic than viruses these days, owing to the relative ease with which PCs can become infected. You can get spyware simply by visiting a Web site, or by downloading and installing a program, so you must have a good anti-spyware program that will regularly scan your computer. My absolute favorite is Spyware Sweeper, available for $30. But I also like Windows Defender and SpyBot Search & Destroy, which are both available for free. Spy Sweeper and Windows Defender both automatically download new updates and provide real-time protection.

Windows Update. Speaking of automatic updates, make sure you configure Windows Update to automatically download and install critical patches to your computer. These updates can help keep hackers from gaining access to your laptop through vulnerabilities in the operating system software.

You might also consider whether you want to limit administrator rights to your laptop or tablet PC. If you configure your computer so that only an "administrator" can load software onto it, you'll prevent others from attempting to install malicious software. This will, of course, limit your own ability to install software when you're on the road.


Physical Security Steps

On the road, there are a number of physical precautions to consider to protect your laptop and other portable devices. The first and most obvious step is to obtain a lock or similar security device. Targus (www.targus.com) has several affordable options in its Defcon line, and Kensington's Microsaver is also a good choice. For a more high-tech approach to physical security, try a biometric USB drive. It will only grant access to an approved fingerprint.

When you're on the move, be sure to keep your laptop or other device close to you at all times, most especially in high-traffic areas such as airports. Place them under lock and key whenever you must leave them someplace, such as a hotel.

Of course, even with well-laid precautions, the unexpected can still occur. So to prepare for the possible loss or theft of your portable technology, it is essential that you have a plan for backing up your data while on the road. Pick a backup option that works for you—a USB drive, online or remote backup, a portable hard drive, or even burning your data onto CDs or DVDs. Then perform the backup operations routinely. And keep your backups somewhere other than in your laptop case, so that if someone walks away with the case, you'll still have a copy of your data. A good backup plan will safeguard your information and, more important, your clients' data.

An additional step you might take to prepare for the event of theft is to sign up for a service such as Absolute Software, which for a modest subscription fee assists in tracking and recovering stolen laptops.


Security Tips for Handhelds

Maybe you're not taking your laptop with you. Perhaps you're just headed across town with your BlackBerry, Treo or other handheld to keep you connected to your office and clients. All the more reason to be concerned with the safety of your personal data, since smaller devices are much easier to lose, misplace or steal.

Accordingly, make sure you secure your handheld with a strong password. Even better, consider using software that will lock out the user or automatically erase all the data on your handheld after an incorrect password has been entered a certain number of times. If your handheld has Bluetooth or wireless capabilities, either turn them off when they aren't in use or configure them so they are invisible to nearby intruders.

Lastly, if your handheld is accessible from your office, your IT department or others in your office may be able to remotely delete all critical data without actually having possession of the device.

Cautions about Wireless Security and Using the Internet

Of all the activities that can cause problems for the security-minded lawyer on the road, access to and use of the Internet may be the greatest concern. And with the now widespread deployment of wireless Internet access just about anywhere you go, safe computing is even more important. The reason: Wireless technology is just not completely secure—yet. Here, then, are a few tips to make sure your wireless Internet experience doesn't attract hackers and the like.

Find a real connection. First and foremost, make sure you're really connecting to a legitimate access point. Believe it or not, the bad folks can create "rogue" access points that fool you into thinking they are real—it's only after you have given up your credit card information that you realize you've been duped. Use a site like JIWire to confirm the location of a legit wireless provider, and don't configure your laptop to automatically connect to just any available network.

Disable printer and file sharing. There is a setting in Windows XP that allows you to share and print files with other computers on a network. However, this feature also provides a gateway for anyone wanting easy access to your laptop. Fortunately, it's a snap to fix. Just open the Control Panel and select Network and Internet Connections, then click on Network Connections. Find your wireless connection, right-click on it and select Properties. On the General tab, scroll down the list of items used by the wireless adapter, and uncheck File and Printer Sharing for Microsoft Networks. Click on Okay.

Consider encryption. While data that you send and receive from secure Web sites (those beginning with "https:") is generally protected, information sent through other sites can be intercepted easily by someone nearby using something called a "packet sniffer." Think about using an encryption program such as Pretty Good Privacy that will encrypt your e-mails and attachments.

Use a VPN. A VPN (which stands for virtual private network) is software that basically creates a private network through a public network via a "tunnel" between the two end points, which generally cannot be hacked. Your firm may provide VPN software, or you can try JiWire SpotLock.


When You Absolutely Have to Use a Public PC

As the final topic in our quick guide, let's say you're traveling without any of your own portable devices and you want to connect to the Internet. One word of advice when using public computers to access e-mail or work files: don't. It's just not safe to use a system with which you are not familiar.

But if the call is truly irresistible and you must use a computer at an Internet cafe, library or airport, adhere to the following basic rules.

Be aware. Look around to make sure no one is looking at your screen or keyboard while you're typing.

Watch out for keyloggers. Hackers have been known to install "keylogging" programs that can capture your keystrokes—and therefore your passwords, credit card numbers, or anything else you type on a keyboard. There are two ways to get around this. First, use the on-screen keyboard to enter passwords with your mouse. Just select Start, then Accessories, then Accessibility, then On Screen Keyboard. Another way to enter passwords is to type your password with a lot of other letters, numbers or both in the middle, then remove those items with your mouse.

Erase your history. If you use a browser on a public computer, make sure to clear your browsing history before you go. In Internet Explorer, select Tools, then Internet Options, then click on Delete Files, Delete Cookies and Clear History. In Firefox, click on Tools, then Clear Private Data, if you're using a more recent version of Firefox. For older versions, select Tools, then Options and then Privacy, and clear your cache, history, passwords, cookies and other history items.

To-go software. Better yet, use a browser, word processor and password manager that leave no trace of your computer activity when you're done. Carry John Haller's Portable Firefox or Portable Open Office or Pass2Go on your USB drive—with each, you can surf the 'Net, edit documents and fill in forms securely. When you unplug your USB drive from the public PC, all traces of your activity go with you.


The Ultimate Word in Safety

Of all the tips provided here, the most important is the lowest-tech: common sense. Keep aware of your immediate surroundings and the people around you while on the road, and make sure your mobile technology stays with you at all times. By exercising common sense and following the practical, relatively simple procedures outlined in this guide, you'll be able to literally take your office with you on the road and still keep your client data safe.