Download The Zimperium Global Threat Report Get updates on global device vulnerabilities, network and app attacks
Mobile Threat Defense Software
In the legal industry, secure handling of privileged client-attorney information is of the utmost importance. In fact, the very reputation of a law firm often hinges on keeping client information private. Unfortunately, data privacy has been extremely difficult to maintain given the proliferation of mobile devices and the need for lawyers to responsively conduct work outside the office -- amidst an increasingly advanced threat environment. A recent report estimates that as many as 80 of the world’s leading 100 law firms have been compromised by some form of cyberattack since 2011.
Is your law firm prepared in the event any of your devices are lost or hijacked? What is an appropriate legal industry position on mobile threat defense?
Gartner Predicts 2017: Endpoint and Mobile Security, Analyst(s): John Girard | Dionisio Zumerle | Brian Reed | Peter Firstbrook | Bart Willemsen, 16 November 2016
Most law firms establish a mix of security policies and countermeasures to keep client information confidential. These may include employee training, requiring all associates to use specific company-issued mobile platforms (such as BlackBerry), password managers, an approved set of work applications, keeping all client data secure on the firm’s private network (or in paper files!), and applying SSL encryption in emails to keep attorney-client communications secure.
Even if well applied, these types of lockdowns will not do enough to protect law firms from advanced new cyberattacks that focus on the threat surface of mobile devices. According to a recent Workshare study, 94% of legal professionals now say they are using personal (or BYOD) devices for work, and a staggering 100% say they need to access client documents outside the office to get work done. Clearly the potential for device-based exploits will only increase over time, as law firms and the private client data they handle make ideal targets for hackers.
Implementing an Enterprise Mobility Management (EMM) solution across the firm is a great step toward reining in unauthorized use of devices, but it can only take you so far in preventing and remediating threats. Unlike well-secured company-issued desktop computers, the mobile devices legal associates use have much higher privacy requirements. Regulatory controls may not allow the firm to maintain surveillance of a personal device, which makes security very difficult to assure.
Lawyers and clients frequently log onto Wi-Fi networks that may be untrusted when looking for internet access. This can allow a Man-in-the-Middle (MITM) attack to intercept messages and emails between attorneys and clients, or download privileged information passing between the user’s device and a document library or database. Network attacks may even install malware to compromise a device or gain root-level control.
A host of new productivity apps, from time management to document sharing, offer compelling work benefits to lawyers, but these apps also create a high-value attack surface for hackers and unexpected threats. Since smartphone users self-administer their devices, they are not only running approved apps, but potentially installing apps with bad security practices or that abuse user privacy.. Root-level access to a device that interacts with your client data and network is only one malicious email link, message or downloaded app away.
Zimperium offers law firms and their clients the most complete Mobile Threat Defense solution for automatically detecting, reporting and remediating today’s -- and tomorrow’s -- advanced mobile threats.
Our z9 Engine automatically detects threats on-device rather than requiring an Internet connection, sandboxing or tunneling to a cloud service. This approach keeps client data secure on the device without impacting performance. Threats at the network, app and device level are then communicated to the firm’s IT team for responsive issue resolution without compromising information privacy.
With a simple install, zIPS™ provides real-time self-service threat detection and remediation for Android, iOS and Windows mobile devices against network-based (or MITM) attacks, rogue application installs and backdoors. Users are immediately alerted to threats and can resolve or report them. Our patented machine learning and mobile platform research guards against evolving threats to the legal industry.
As many as 71% of legal firms are seeking to gain control over employee device usage by adopting MDM (Mobile Device Management) or EMM (Enterprise Mobility Management) solutions, and Zimperium offers tight integration with the leading solutions, including AirWatch, BlackBerry, MobileIron and others. With zIPS running on the device, threats can be detected and reported in real time and direct action can be taken to remediate a breach or attack, even if the device is not connected to the Internet.