this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

I.T in practice: Security in hand

Every Issue

Gadgets such as smart phones and PDAs need to be as secure as fixed computers.

Security on desktop and notebook computers features large in any consideration of keeping data safe and of maintaining client confidentiality. Security in computing has two meanings: one relates to backing up important information so it may be recovered from a secondary source if required; the other relates to ensuring that only those authorised to view information have access to it.

Practices expend varying quantities of resources ensuring data security in both senses of the word. Often, those practices that have suffered a data loss or security breach spend more than those that haven’t. Expenditure runs to backup software, off-site storage, anti-virus and anti-spam programs, firewall devices or software and similar physical tools. Reinforcement of this through a firm’s protocols relating to passwords, notebook usage, websites and acceptable email use will often provide a rounded strategy that could be considered best practice.

There is a hidden sting in the tail that accompanies a firm’s techno savvy which will see it be very aware of security issues. Often, there is a proliferation of hand-held devices in those firms, ranging from smart phones through to portable data access (PDA) devices. These devices are exceptional “icing on the cake” for firms that are highly client-focused, giving a higher level of accessibility to key practice knowledge at times when clients need it and enhancing strategic competitive advantage (recognising of course the work/life balance issues that also need to be considered).

However, in the information technology community PDA and smart phone security is seen as a pressing and significant risk. Many users of these devices consider the information stored on them is unimportant or not worth protecting. Passwords are rare, and data backups are even more so. This is disappointing, given that most smart phone and PDA vendors provide tools for data security, including – in some cases – encryption.

Also of concern is the belief that smart phones or PDAs will not fall into the wrong hands. Consider the simple but symbolic test of asking the most techno-savvy user in the firm to hand their smart phone or PDA to a passer-by in the street. The immediate visible cringe of a stomach-wrenching realisation that a simple slide of a finger unlocks confidential information for viewing by complete strangers will soon be followed by concrete action to deal with data security.

When dealing with data security on a smart phone or PDA, there will always be the need to ensure that any initiatives are not so overly oppressive as to materially impinge on the ease of use of the gadget. In addition, it is necessary to deal with security both in the device and that of the process of synchronising any device with the practice’s network system – a virus which has no effect in a PDA can be synchronised to an unprotected notebook computer (and practice network) along with valuable and necessary email content.

While some PDAs can handle a lot of the security aspects automatically (by identifying “private” data), nothing takes second place to user awareness of the issue, and continuing training where practical.

The smart phone and PDA market

continues to expand. The richness of features on these devices is growing as competing vendors try to leapfrog each other’s technology offerings. Prices are coming down, and user acceptance is rising. Capacity issues on these devices is becoming such a non-issue that people are beginning to take advantage of what is evolving into the end-point of the convergence of the various technologies – phone networks, user interfaces, music, data, web surfing, emails, SMS and images (camera and video). With many users, there is now a “value inversion”, where the content of information is now worth more than the device that the information is stored on. As this happens, users should be aware of the need not to confuse the disposability of the device with the importance of the content it stores.

TO DO LIST

  • Ensure that all PDAs and smart phones have any PIN feature activated.
  • Set any PDAs and smart phones to have the same level of password protection as the firm’s network, ensuring there is still a balance of security and convenience.
  • Encrypt PDA and smart phone data where possible.
  • Investigate PDA, smart phone, and corporate mail system features which allow remote locking and data deletion.
  • Ensure that synchronisation processes are fully virus-protected.
  • Train smart phone and PDA users in data security awareness for their gadgets.

ADAM REYNOLDS is the principal of Proficio, an independent IT consulting firm. For more IT in-practice information, see the contributions of the LIV Legal Practice Management Committee and IT e-Marketing Department at http://www.liv.asn.au/members/sections/lpm/it.

Comments




Leave message



 
 Security code
 
LIV Social
Footer