Engadget reports that Symantec pitted iOS’s security against Android’s in an effort to help corporate IT staffs try to figure out which of the two devices is best to hand out to employees. Each had advantages and disadvantages but iOS got the best marks, this largely attributed to Apple’s App Store approval process. The study, however, pointed out that both are still vulnerable, especially when it comes to “socially engineered” malware.

So how can a law firm start taking mobile phone and data security seriously? Here are a few ground rules you can start using today:

  1. Password protect your phone. It may take three extra seconds, but could prevent a lot of damage if the phone gets lost or stolen.
  2. Both Android and iOS have free apps that allow you to track the location of a lost phone, take a photo from the camera to reveal its location, and/or remotely wipe all of its data. It’s not ideal to lose a phone but if you do you can still protect the firm’s client list. Try Mobile Recovery by Asurion.
  3. Don’t download apps you’ll never use. For instance, Chuck Norris Facts – while amusing the first time you use it, chances are you’ll never end up using it again. The app just sits on your phone collecting and reporting data back to the developer. Learn how to protect yourself from spyware.
  4. Don’t save passwords on your phone (be it in a document or via the web browser).
  5. Report suspicious activity to your MSP or internal IT staff. In other words, don’t be the hero who didn’t cry wolf.
  6. Create a company policy regarding mobility – and then enforce it. Make sure your employees know what sites are or are not appropriate, explain what appropriate use does for them, and then make yourself accessible and approachable when they have questions or suggestions.