Smart phones are becoming commonplace in firms of all size today, with most owners and managers using them to access their contacts, calendar and email. The beauty of these devices is that they can be an extension of the owner’s desktop, allowing them to work from anyplace and at anytime in a near real-time format. This promotes better client service and more timely responses to employee questions, as virtually everything in the owner’s Outlook account can be made available. Most firms are very aware of the benefits of smart phones, but they often don’t appreciate the risks until one is misplaced or stolen. Without proper preparation, the firm’s confidential client list can easily be exposed, as well as the phone owner’s email and any attachments that may be within the system. That’s why it is imperative that firms ensure that their computer policies are updated to take into account the impact of these new devices on the firm’s confidential information.

Before anyone can synchronize a smart phone to the firm’s network, they should be required to have a password that is at least four characters long that must be entered to access the device. The password screensaver should also be set to revert to this password screen if it is not used within five or ten minutes. If for any reason the password is entered incorrectly five times in a row, the phone should be set to automatically wipe all of the data on the phone, which will minimize the firm’s risk in the event the phone falls into the wrong hands. The firm should also mandate a platform that allows the IT staff to manually erase the smart phone if the owner notifies them that the device has been lost or possibly stolen. If the phone is “wiped” for any reason and then subsequently found, it can be easily re-synched with the network, so the information can be restored. 

The policy should also outline procedures on how firm members notify the IT staff when a smart phone has been lost or misplaced. The IT staff should document and test procedures that allow them to remotely wipe and restore the data on the firm’s smart phones. When someone leaves the firm, information should be erased from their smart phone, as well as all firm network access. These best practices should be included in the firm’s computer usage polices and new employees should formally agree to adhere to them. Firms should also update staff annually on new threats to smart phone privacy as well as on the importance of adherence to existing policies.