how to secure your ios device and keep client data safe
DESCRIPTION
There’s a lot more to mobile security than enabling the password on your iPhone or iPad. Unfortunately, very few small law firms have the proper measures in place to protect their confidential client data. If needed, could you convince a Board of Ethics that you had done your due diligence to protect your client’s data? Strong iOS security starts with becoming familiar with the most common threats to compromising firm data on your iPhone or iPad. While many assume they are not at risk since they are not a ‘big’ law firm, the opposite is true.TRANSCRIPT
![Page 1: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/1.jpg)
How to Secure Your iOS Device &
Keep Client Data Safe
Tom Lambotte
![Page 2: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/2.jpg)
Less is more.
![Page 3: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/3.jpg)
Story 1:
Christine Senior Paralegal and Office Manager
Ditcher, Quick & Hyde, Divorce Lawyers
![Page 4: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/4.jpg)
Stats on passwords: • Half of iPhone users don’t lock their phones (pre-TouchID). • 10 most common passwords made up 15% of all phones*:
• 1234, 0000, 2580, 1111, 5555, 5683 (LOVE), 0852, 2222, 1212 and 1998. • The top four codes represent 10.8 • Years between 1990 and 2000 are all in the top 50, and 1980 to 1989 are in the
top 100 passcodes • With a 15 percent success rate, about 1 in 7 iPhones would easily unlock
http://www.eweek.com/c/a/Security/Top-10-PIN-Codes-Picked-by-iPhone-Users-637446/#sthash.ihFP9INR.dpuf
![Page 5: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/5.jpg)
Story 1:
Christine Senior Paralegal and Office Manager
Ditcher, Quick & Hyde, Divorce Lawyers
Lesson:
Trust cannot replace implementing proper and enforceable measures.
![Page 6: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/6.jpg)
Story 2:
“Johnny” Project Manager
GlobalMac IT
![Page 7: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/7.jpg)
Stats on disgruntled employees: • Corporate Executive Board survey that showed that 75% of people who leave
their jobs are disgruntled when they do so. • There is high risk for lawsuits where private information is revealed:
• medical records, mental health treatment records, and drug and alcohol treatment records.
• Even bigger problem in smaller firms, where we all know each other and trust everyone. This can lead to complacency which can come back to bite you later on, when least expected.
You have a duty to protect client confidences – did you take all reasonable steps to do so? Were your actions appropriate to the risk,
considering the capabilities of your firm’s data security?
![Page 8: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/8.jpg)
Story 2:
“Johnny” Project Manager
GlobalMac IT
Lesson:
Disgruntled Employees Can Cause Chaos
![Page 9: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/9.jpg)
Story 3:
“Saul Goodman” Attorney
Saul Goodman Attorney at Law
![Page 10: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/10.jpg)
Stats on theft and stolen devices: • More than 3 million handsets were stolen in 2013 • Theft has increased by 26% in Los Angeles since 2011, 23% in San Fransisco,
and 18% of all grand larcenies in New York City last year involved Apple products.
http://www.businessinsider.com/smartphone-theft-statistics-2014-5#ixzz3GnMj29cM
![Page 11: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/11.jpg)
Stats on the reporting of thefts: • Only 50% of respondents reported a loss or theft within one day. • 38% took between 1 and 2 days • Nearly 10% took up to five days to notify their employer.
19% of the businesses surveyed reported an incident of a lost or stolen device, and experienced some form of related data loss, meaning businesses have approximately
a one-in-five chance of losing data if a corporate mobile device is stolen.
*Kaspersky Lab survey of global IT security professionals, 9/2014.
![Page 12: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/12.jpg)
Story 3:
“Saul Goodman” Attorney
Saul Goodman Attorney at Law
Lesson:
Theft happens and are often not immediately reported.
![Page 13: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/13.jpg)
Story 4:
“Johnny B. Goode” Senior Partner
Screwem, Goode & Hart Attorneys at Law
![Page 14: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/14.jpg)
Stats on accidental damage: • Theft is scary, but accidental damage is 10 times more common than loss or
theft • A study by SquareTrade in 2012, showed that damaged iPhones have cost
Americans $5.9 billion since their introduction in 2007. • The top five iPhone accident scenarios according to the study are:
• Phone dropped from my hand • Phone fell into a toilet, sink, hot tub, swimming pool, lake, etc. • Phone dropped from a lap • Phone knocked off a table • Phone drenched by some liquid
How quickly could you get back up and running if your phone bit the dust?
![Page 15: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/15.jpg)
Story 4:
“Johnny B. Goode” Senior Partner
Screwem, Goode & Hart Attorneys at Law
Lesson:
Sh*t happens.
![Page 16: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/16.jpg)
If needed, could you convince a Board of Ethics that you had
done your due diligence in protecting your client’s
information?
![Page 17: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/17.jpg)
Use a Mobile Device Management
solution (MDM)
My Top 3 List:
#1
![Page 18: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/18.jpg)
iCloud is NOT an MDM solution• made for end users, not business • cannot scale up • enforces nothing • once added onto your staff’s devices, they can:
• track where you are • turn on your personal email, notes and photo
stream. • access all your iCloud data. • can also be easily disabled
![Page 19: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/19.jpg)
Top 3 MDM Options#1 - Built-in aka Homebrew solution:
Profile Manager in OS X Server • OS X Server, but this is very technical and is a lot of work. Some of the things
you’ll need: • Static IP, FQDN, SSL certificate, configured Server with proper DNS settings
and more. • This is for the DIY person, who’s a techie at heart who also happens to be an
attorney and does not mind sinking hours into this project. • iOS only, Windows and Android not supported.
Here is an excellent play-by-play manual for those who want to go this route: http://krypted.com/mac-os-x/using-profile-manager-3-in-mavericks-server/
(email me - for the link if you’d like it)
![Page 20: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/20.jpg)
Top 3 MDM Options#2 - Free solution:
Meraki Systems Manager MDM • Very robust solution, developed by Meraki, owned by Cisco. • Cloud-based MDM package with which you can get up and running fairly
easily. • Supported Mobile Devices: iOS, Android, Windows Phone • Drawback:
• no support included with free version • there is a new paid version ($40/device per year) with many additional
features.
https://meraki.cisco.com/products/systems-manager
![Page 21: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/21.jpg)
Top 3 MDM Options#3 - Paid solution:
MaaS360 by Fiberlink, an IBM company
• Maas360 - owned by IBM, paid service ($5/device per month) • All inclusive pricing. They never charge extra for set up, activation, or their
24x7x365 live support. • Supports all platforms (iOS, Android, BlackBerry, WebOS, Windows
Mobile) • No device minimums
![Page 22: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/22.jpg)
Add company data onto iOS devices through profiles
(using MDM solution)
My Top 3 List:
#2
![Page 23: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/23.jpg)
The problem with adding info manually,
is that you have no control; it CANNOT be removed remotely.
Changing the password is NOT the same.
![Page 24: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/24.jpg)
7 Profiles You Must Use
![Page 25: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/25.jpg)
1. Passcode
![Page 26: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/26.jpg)
2. Wifi
![Page 27: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/27.jpg)
3. VPN
![Page 28: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/28.jpg)
4. Mail
![Page 29: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/29.jpg)
5. Calendar
![Page 30: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/30.jpg)
6. Contacts
![Page 31: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/31.jpg)
7. Apps
![Page 32: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/32.jpg)
Have a BYOD policy in place
My Top 3 List:
#3
![Page 33: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/33.jpg)
BYOD boils down to a well-drafted and comprehensive policy
that spells out the rights for both companies and employees.
Such a policy covers a company’s: • right to monitor, access, review and disclose
company or other data on a mobile device • the employee's expectations of privacy with
respect to that device.
*http://www.cio.com/article/2386235/byod/how-to-craft-the-best-byod-policy.html
![Page 34: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/34.jpg)
What does a good BYOD policy look like?
It goes through general rules about personal mobile device usage:
• company's rights with respect to monitoring, accessing and reviewing all the data on the device.
• employee's obligations with respect to keeping the device secure, password requirements, all the things you'd expect to see in a general IT policy.
• what happens if you're terminated or decide to leave the company.
![Page 35: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/35.jpg)
How to get a policy in place?
• No two BYOD policies are or should be alike. Here are 5 BYOD policy templates to help you start:
• 4 samples here, along with steps to implement: http://tek.io/1uLWDsC
• Our MDM Toolkit with a BYOD template here: globalmacit.com/milomdm
![Page 36: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/36.jpg)
![Page 37: How to Secure Your iOs Device and Keep Client Data Safe](https://reader034.vdocument.in/reader034/viewer/2022042521/55941e5d1a28ab5c768b45ff/html5/thumbnails/37.jpg)
facebook.com/globalmac
linkedin.com/in/tomlambotte
@LegalMacIT
www.globalmacit.com/book/
Get a FREE copy of my book: Hassle Free Mac IT Support for Law Firms
Q & A