How to Secure Your Smartphone
Disclaimer : ALPS presents this publication or document as general information only . While ALPS strives to provide accurate information , ALPS expressly disclaims any guarantee or assurance that this publication or document is complete or accurate . Therefore , in providing this publication or document , ALPS expressly disclaims any warranty of any kind , whether express or implied , including , but not limited to , the implied warranties of merchantability , fitness for a particular purpose , or non-infringement .
Further , by making this publication or document available , ALPS is not rendering legal or other professional advice or services and this publication or document should not be relied upon as a substitute for such legal or other professional advice or services . ALPS warns that this publication or document should not be used or relied upon as a basis for any decision or action that may affect your professional practice , business or personal affairs . Instead , ALPS highly recommends that you consult an attorney or other professional before making any decisions regarding the subject matter of this publication or document . ALPS Corporation and its subsidiaries , affiliates and related entities shall not be responsible for any loss or damage sustained by any person who uses or relies upon the publication or document presented herein .
By Mark Bassingthwaighte
Smartphones can be a significant cybersecurity risk , in part because many owners take a lackadaisical view when it comes to properly securing them and attackers know it . Couple this with the reality that smartphones are network connected devices that store all kinds of data , to include passwords , personal and financial information , location data , documents , photos , and client confidences , and the reason smartphones are such an attractive target becomes selfevident . Now , add into the mix there is no work from home or personally owned device exception to the rules of professional conduct and your obligations as a lawyer become clear . Every smartphone anyone is using for firm business must be properly secured . There can be no exceptions .
What type of threats do we need to be concerned about ?
The following are the most common concerns :
Phishing attacks that use social engineering tactics in order to trick someone into doing something that enables a successful attack – The attack vectors vary . It could be anything from placing a malicious link in an email or text message , leaving a concerning voicemail , sending numerous multifactor authentication ( MFA ) prompts at 1 a . m ., hoping the target will eventually accept one , and the list goes on . Should someone click on the malicious link , return the wrong call , or approve that annoying MFA request , it ’ s game over . Making matters worse , the victim will often not even be aware their actions enabled a successful hack .
The downloading of a malicious app – Malicious apps may be available for free or for a price and can even be hidden inside wellknown useful , free apps . Malicious apps typically exploit software vulnerabilities on the smartphone that can allow a hacker to access device data .
Connection threats – A smartphone ’ s ability to connect to a network via GPS , Bluetooth , Wi-Fi , or cell service can be exploited by hackers in multiple ways . A few examples include users being tricked into logging into fake sites , unwittingly connecting to rogue networks or access points , or unintentionally allowing access to their geolocation data .
Device theft – Smartphones are small , easy-to-steal devices that contain a treasure trove of valuable information .
What steps should we be taking to address the problem ?
While there are additional things that can be done , such as regular user training on how to spot a phishing , smishing , or vishing attack , if your firm is able to accomplish all of the following , you ’ re going to be off to a great start .
Secure all smartphones – Set pins and passwords and make them as strong as possible . For device passwords , this means all passwords should be comprised of a combination of numbers and letters
ALPS Risk Manager Mark Bassingthwaighte , Esq . Since 1998 , he has been a risk manager with ALPS , the nation ’ s largest direct writer of professional liability insurance for lawyers . In his tenure with the company , Mr . Bassingthwaighte has conducted over 1,200 law firm risk management assessment visits , presented numerous continuing legal education seminars throughout the United States , and written extensively on risk management , ethics , and technology . Mr . Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association , where he currently sits on the ABA Center for Professional Responsibility ’ s Conference Planning Committee . He received his J . D . from Drake University Law School .
14 THE GAVEL