Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
[email protected] | 407.409.8828LawTech Partners
SECURING MOBILE DEVICES
[email protected] | 407.409.8828LawTech Partners
Session Description
It's an unstoppable trend: lawyers and support staff are using laptops, tablets, iPhones, iPads, and Android devices. While this may be great for productivity and reacting to client needs, the influx of personal smartphones and tablets in the workplace can pose a significant risk to a firm’s security if they don't have a strategy for dealing with these new threat vectors.
❑Risks of mobile computing
❑VPN’s and encrypted connections on the road
❑Minimize device risks
[email protected] | 407.409.8828LawTech Partners
Risks of Mobile Computing➢ Lost or stolen devices store large amounts of data
➢ Are highly portable
➢ Frequently unprotected
➢ Wireless communications can be intercepted
➢ Malware may result in crippled devices, personal data loss, disclosure of non-public data
➢ May provide access to other services that store or display firm data
[email protected] | 407.409.8828LawTech Partners
Florida Information Protection Act of 2014
[email protected] | 407.409.8828LawTech Partners
Breach TriggerWhat qualifies as a breach?
◦ “Breach of security” or “breach” means unauthorized access of data in electronic form containing personal information
◦ does not include information that is
encrypted, secured, or anonymized
◦ Trigger: breach compromises of 500+ Florida residents
[email protected] | 407.409.8828LawTech Partners
What is PII Under FIPA?First name or first initial and last name +
◦ Social security number
◦ Drivers license or ID card number
◦ Military/Govt ID number
◦ Financial account number or credit or debit card number with security code
◦ passport number
◦ medical history
◦ mental or physical condition
◦ medical treatment or diagnosis
◦ health insurance policy number (or any unique identifier health insurers use to classify individuals)
Usernames/passwords/security question for online accounts
[email protected] | 407.409.8828LawTech Partners
Breach Notification
Must notify within 30 days of the
breach discovery
Florida Department of Legal Affairs
Each affected or likely affected resident
Decide not to notify?
$1,000 per day for the first 30 days and $50,000 for each subsequent 30-day period under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA
Florida's 30-day breach
notification deadline is one of the
strictest in the country.
[email protected] | 407.409.8828LawTech Partners
Notice to AG Must Include
A synopsis of the events surrounding the breach
The number of individuals in Florida affected
Services being offered or to be offered (without charge) and instructions
A copy of notice sent to victims
AG May Request
A police report, incident report, or computer forensics report.
A copy of the policies in place regarding breaches.
Steps that have been taken to rectify the breach
[email protected] | 407.409.8828LawTech Partners
Aren’t Law Firms Exempt?Any commercial or governmental entity, including a health care provider and health plan, that acquires, maintains, stores or uses personal information of individuals in the state of Florida is subject to this law
[email protected] | 407.409.8828LawTech Partners
[email protected] | 407.409.8828LawTech Partners
You do NOT Have to Report IF
After proper investigation with federal, state, or local law enforcement, it’s determined that the breach will likely not result in identity theft or other financial harm to individuals whose personal information was accessed.
But written documentation of the determination must be kept by you for at least five years after the breach.
Personal information has been encrypted, secured, or so that PII is rendered unusable
[email protected] | 407.409.8828LawTech Partners
What Can You Do To Mitigate Risk?
[email protected] | 407.409.8828LawTech Partners
Smartphones and TabletsLabel your device with your name and a phone number where you can be reached to make it easy to return to you if it is lost, even if the battery is dead
Configure a GOOD passcode to gain access to and use the device
Set an idle timeout that will automatically lock the phone when not in use
Keep all software up to date, including the operating system and installed apps
Enroll your device in a managed environment if possible
Engage Find My iPhone or an equivalent service
[email protected] | 407.409.8828LawTech Partners
LaptopsUse a strong password, biometrics if possible
Use a firewall, built-in firewalls with Windows and Mac OS X are good!
Turn off your Bluetooth signal unless you are using it, other devices can pair with your device and steal your data
Remove bloatware
[email protected] | 407.409.8828LawTech Partners
Email and Apps
Require password to
open Outlook
Make sure your
account settings in
Gmail, Twitter,
Facebook and other
tools are set for the
highest privacy and
security settings Regularly review these
settings
Do not stay logged
into ANY site
Do not open unknown
unexpected
attachments from
unknown senders (use
preview)
[email protected] | 407.409.8828LawTech Partners
Encryption
Whole disk encryption—no exceptions
USB drives and backup media should be encrypted
Make sure the data is encrypted in transit and while being stored
Be sure that employees of the backup or cloud vendor do not have access to decrypt keys
[email protected] | 407.409.8828LawTech Partners
Windows -BitlockerBuilt-in data protection
Integrates with the operating system
Addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers
Provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later.
◦ TPM is a hardware component installed in many newer computers by the computer manufacturers.
◦ May not be available on all machines but can usually be activated
[email protected] | 407.409.8828LawTech Partners
Mac -FileVaultBuilt-in data protection
Integrates with the operating system
Addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers
Available in OS X Lion or later
[email protected] | 407.409.8828LawTech Partners
Privacy ScreensPrevent “shoulder surfing”Invest in a privacy screen for your laptop (even for your phone or iPad)
Available for cellphones, tablets, laptops and even desktop monitors
http://bit.ly/2SwMkgu
[email protected] | 407.409.8828LawTech Partners
WirelessPublic wifi – to avoid or not?
◦ See if there is an option to get a secure connection to the cloud. (https:// as part of the URL!)
◦ Be especially careful if you’re required to pay for the connection and have to input your credit card and billing information while you are at the activation screen
◦ Do not enter any of this sensitive information without an https:// connection
[email protected] | 407.409.8828LawTech Partners
Aircards / Broadband Cards
Preferred wireless connection because the data is secured from the very beginning!
Uses cellular connection
You don’t have to worry about whether you have an https:// session or not
$40 – 60 / month
[email protected] | 407.409.8828LawTech Partners
Adriana Linares
LawTech Partners
407.409.8828
www.lawtechpartners.com
Adriana Linares is a legal technology consultant with her company, LawTech
Partners. Using her practical and personal approach to technology she helps
legal professionals use technology to maximize skills and investments through
training and consulting. She served as Chair of ABA TECHSHOW 2017; works as a
technology consultant to the Florida Bar Board of Governors and serves as the
Member Technology Officer of the San Diego County Bar Association. Listen to
Adriana as she hosts monthly episodes of the New Solo podcast on the Legal
Talk Network.
Please contact us with questions
and your future training needs!