Protecting the Attorney-Client Privilege: Security in a Mobile-driven Legal World

When people talk about security in terms of industries, verticals such as finance, retail and healthcare tend to pop up a lot. Surprisingly, legal is placed lower on the security-focus rung even though law firms are recognizing the need for security.
Case in point, last week I had the privilege to present at the conference “Securing the Law Firm” in London. These are a series of conferences dedicated to security professionals in the legal sector.

In fact, legal has its own set of unique characteristics which require a high level of security. Particularly, when it comes to mobile, the security issues are exacerbated by the pure nature of those who work in the legal industry:

1. 1. Lawyers are always mobile. They’re always on the go – whether to client meetings, courthouses, signing agreements – with their smartphone and tablet in hand. These devices have effectively become the lawyers’ pen and paper essential for ongoing business.

2. 2. Mobile is the nexus of all legal information. Confidential information can include M&As, contracts, patents and legal advice. Today’s iPhones hold 64GB of data. That is more space than deemed necessary to store the legal-associated docs. And while not all docs are stored locally, that information is still within their fingertips – literally. That same data flows through the device via the browser, dedicated apps, and Virtual Desktop Infrastructure (VDI) solutions.

3. 3. Not all legal information is documented. This is the data that is passed over the actual phone, as well as communicated face to face. Phones were invented to, well, be a form of audio communication. Much of the legal advice is basically carried out over the mouthpiece. Other legal information is discussed face to face – let it be negotiations, advisories, and the sorts.

Accordingly, the threats to mobile devices in the legal sector are severe. Consider mobile Remote Access Trojans (LacoonMobileSecurity/an-overview-of-mrats” target=”_blank”>mRATs) and surveillance software. These can not only surreptitiously turn on controls and features such as the device’s recorder, track locations and retrieve all information entering and leaving the device; these executables have proven to be capable of bypassing all other mobile solutions such as MDMs, containers and VDI –in essence, defeating the purpose of these solutions.

Mobility in the legal is vital for conducting business and addressing pressing issues in a timely manner. For that reason, mobile security in this vertical has not just become a business differentiator – it’s become a compulsory practice.