LAWYERS could be taking big risks with confidential client information by storing it on their personal mobile devices, according to a recent survey.
Data protection technology provider Credant Technologies surveyed 100 law firms across the UK and found that one in five lawyers used their personal mobile devices to store corporate information and effectively bypass their firms’ security procedures.
The survey found that information being stored on these personal devices — BlackBerries are lawyers’ preferred choice — includes highly sensitive information, including work and client contact details, client records, contracts, case files and even security details such as passwords and access codes.
According to Credant’s vice president of global marketing, Michael Callahan, the concern with using personal devices is that it creates an “uncontrollable” environment for the firm’s IT staff who can no longer ensure that the firm’s data is secured and able to be centrally managed and controlled.
DLA Phillips Fox’s General Manager for IT, John Duckett, agreed that the risk of confidential information leakage has increased along with the growing popularity of mobile devices.
“Since the introduction of mobility in notebooks, you’ve got heightened risks of people leaving them in taxis or in lifts … and a handheld or PDA (personal digital assistant) is even easier to misplace. So it’s definitely a greater risk,” Duckett said.
However he was sceptical that lawyers would be bypassing security procedures simply because they were using their own personal devices.
“I imagine at most firms, and certainly the larger ones, if you have a personal device and want to access your firm’s data then you would be subjected the same rules and regulations and the same security concerns that you would be if the firm provided the device,” he said.
The Credant Technology survey also suggested that many lawyers are careless when it comes to security. Almost a quarter of respondents admitted to having misplaced at least one mobile device containing confidential documents, of which only 13 per cent had their data encrypted.
Could this be a product of naivety? More than 90 per cent of the respondents said that they believe their data is adequately protected by passwords, and 4 per cent don’t use any security protection at all.
Security IT consultant Robert Schifreen — who is also a former hacker — explained that passwords are an inadequate means of protecting confidential information. “You can download cracking software from Google that can break the average password in less than 30 minutes … The only answer is if you store sensitive data, you must encrypt it.”
In Australian, however, Duckett believes that many firms do use security beyond passwords, including encryption or even remote wipe, whereby IT teams can clean data from a mobile device if it’s stolen or misplaced.
“We use [remote wipe] on our latest devices … and to my knowledge those facilities are pretty standard with BlackBerries, at least for the major firms in Sydney,” he said.
Duckett is also more optimistic about lawyers’ regard for confidential information. “I don’t think I can speak for lawyers … [but] lawyers are obviously aware of the confidentiality they have with a client and therefore you’d like to think they would respect any information they have or may have access to, whether they carry it around in a PDA or a notebook,” he said.