Mark Garnett, partner and head of the forensic technology team at McGrathNicol, told Lawyers Weekly that he often works with lawyers who haven’t encrypted their mobile phone or laptop in any way, risking confidentiality disclosure.
“Loss of data is the most common threat to sensitive information and it’s the easiest to address – but it’s amazing how many firms don’t address it,” he said.
Garnett fears that many practitioners view mobile devices, such as smartphones and tablets, as a “necessary evil” and are failing to educate themselves on the security risks associated with them.
“These are the lawyers who are so far behind the curve that it’s going to be difficult for them to catch up,” he said.
He advised lawyers to approach mobile devices with the knowledge that they are more vulnerable than desktop computers. This includes resisting the temptation to access confidential information on public wireless networks, like in airport lounges, Garnett added.
“You don’t know who’s on that network with you and how secure the network is.”
Private networks are not immune, he continued. Specialising in seizing and analysing digital evidence, Garnett has handled a number of cases where a threat, such as a keylogging program that can track keystrokes on a keyboard, has accessed a private network and transmitted information to an external party.
Manufacturers and software developers regularly upgrade mobile devices and their operating systems to address security vulnerabilities, said Garnett.
“But it’s still a game of catch up,” he added.
A simple preventative measure lawyers can adopt is a good password procedure, said Garnett. Strong passwords start at eight characters, consist of uppercase and lowercase letters and include numbers and special characters.
Despite repeated recommendations by technology experts like Garnett, most users fail to choose strong enough passwords, according to a study by computer scientist, and researcher at Cambridge University, Joseph Bonneau.
Bonneau shared the results of his analysis of the passwords of around 70 million Yahoo! users at the 2012 IEEE Symposium on Security and Privacy last month (23 May). He claimed in his report that experiments to actively encourage users to choose stronger passwords have largely failed.