The latest iteration of iOS aims to make whether or not a device is being managed by a company very clear. The lock screen will now say “This iPhone/iPad is managed by your organization” and when you go into Settings>General and look at the About screen the message will read “This iPhone/iPad is supervised. [Company Name] can monitor your internet traffic and locate this device.” Transparency appears to be the main goal here. There is some confusion out there as to whether or not the message can be turned off, although I did find a post from Meraki, a free MDM solution provided by Cisco, implying that it could. That post can be found here. As a whole it is an interesting move by Apple as they continue to make security and privacy a main focus.
Legal Tech Blog
Archive for the ‘Security’ Category
Smartwatch Security in the Workplace
Smartwatches have been around for awhile, but the upcoming release of the Apple Watch has the potential to bring them into the mainstream. While the Apple Watch, and other Smartwatches, have the potential to increase efficiency, they also provide another device that can store and/or access corporate data. This presents another device that will need to be incorporated into a business’s BYOD security policy as well as another device to manage.
Read more…
Microsoft Outlook for iOS and Android not Enterprise Ready Yet
A new app from Microsoft, Outlook for iOS and a Preview version for Android, shows that Microsoft is committed to designing for other platforms. Some reviews have been positive, like this one from The Verge, while others have said that this app is still a little rough around the edges, like this article from Infoworld. I tend to agree with The Verge, but there is a larger security concern for companies using the ActiveSync protocol (this includes Exchange, IBM Notes Traveler). Read more…
Employee Mistakes Still to be Main Source of Data Breaches in 2015
The Law Technology News just published the top six data breach predictions for 2015 as outlined in Experian Data Breach Resolution’s 2015 Second Annual Data Breach Industry Forecast. That article can be read in full here. I am focusing on the prediction regarding employee mistakes, as this seems to be one of the hardest areas for companies to rectify. As the article points out, both in its title and when discussing employee mistakes, businesses will continue to ignore the employee side in favor of protecting against cyberattacks. There are various reason for this, from the cost of security in general, to the sticky issue of balancing user efficiency and security, to cyberattacks being very much in the news currently. Read more…
Sony Data Breach Fallout and Lessons
The FBI has concluded that the North Korean government was behind the Sony data breach that exposed embarrassing emails that have harmed the reputations of the company and its executives, forced the cancellation of the release of the “The Interview” amid terrorist threats, and put thousands of employees’ private information at risk. This latest breach should cause IT professionals and business owners to review their privacy and security protocols and address weaknesses, and it should serve as a reminder that, while there will always be significant risk, there are some steps we can all take to be more secure online. Read more…
US Courts Issue Warning re eJuror Scam
The Administrative Office of the U.S. Courts reports that citizens in several federal court districts have been targeted by a new scam, in which the victim is asked to disclose Social Security number, driver’s license number, date of birth, cell phone number or other sensitive information. The fraudulent request claims to be affiliated with the online registration program, eJuror, which is used in 80 U.S. court districts. A link to the U.S. Courts’ warning and tools to locate local district contact information for anyone who suspects they’ve been targeted by the scam can be found here: http://www.uscourts.gov/FederalCourts/JuryService/JurorScams.aspx.
ABA Will Consider Resolution Regarding Cybersecurity Policies
A Resolution under consideration by the American Bar Association “urges all private and public sector organizations to develop, implement and maintain an enterprise security program in accordance with internationally accepted standards. [109].” You can read the full press release here and the Resolutions here.
A Continued Disconnect Between the Idea of Security and Actual Practice
Lexis Nexis recently conducted a survey, which the Law Technology News wrote about here, regarding the importance of file sharing in law firm collaboration. The survey showed that, while many firms continue to express concerns about security, over two thirds of those who participated in the survey use unencrypted email to share files. The survey points out that these firms rely solely on the confidentiality statement within an email for protection. Read more…
What Heartbleed means for attorneys and third-party storage of client materials
The Heartbleed bug, which surfaced at the beginning of last week, is one of the worst security breaches that the internet has had to deal with. It has been around for approximately two years, undetected by anyone except for, potentially, the NSA. The vulnerability allows attackers to grab usernames, passwords, and actual content, as well as impersonate services, and there is currently no way to detect whether it has been exploited or not. This vulnerability not only affects websites, but also hardware such as wifi routers and firewalls. So, what practical steps should be taken to protect any client materials stored at third party locations?
The first item on the list would be to assure your client that you are contacting the vendors involved. The next step would be to find out if any of the vendors you use were affected by the bug, and to learn as much as possible about what steps the vendor has taken and is taking to protect your client’s data. There are tests that can be done regarding whether websites have been patched, one of them can be found here. A list of hardware vendors to check can be found here. Even if the vendor assures you that the hardware has been patched, you will want to check your own hardware against the list. Once you have confirmation that all vendor services have been patched, the last item is to change your passwords for these services. Although it may be obvious to do so, keep the client informed throughout this process, find answers to any questions the client has, and maintain communication with the vendor so that you, and the client, can rest assured that reasonable steps have been taken to protect their data.
Staying Secure While You Travel
Free public WiFi is everywhere. At cafes, hotels, the airport, courts, and many other locales. Its convenience, and the lack of unlimited cellular data for many, mean many of us use it to connect while we are away from home. Using free public WiFi increases your risk of a data breach, given how easy it is to download tools to snoop for information on these networks. Firesheep is one such tool, and is easy to use. Wireshark is another one; it takes a little more technical know how but also allows hackers to grab unencrypted data from unsuspecting victims. Luckily, there are some solutions out there that can help keep you secure when using free public WiFi. Read more…