Small & Home Office
Safeguarding Your Firm's and Clients' Confidential Data
How to keep the good guys in and the bad guys out.
By Albert Barsocchini
COMPUTER security is the process, procedures, or tools that assure that data entered into a computer today will be retrievable at a later time by, and only by, those authorized to do so. Another words, it is about keeping the good guys in and the bad guys out. It is a human problem.
Tips and Tricks
Here are some common sense steps you can take to keep you client confidences secret without spending any money:
1. Use strong passwords. Choose passwords that are difficult or impossible to guess.
2. Make regular backups of critical data. Incremental backups must be made at least once each day. Perform a full backup weekly and incremental backups every day. At least once a month the backup media should be verified.
3. Use virus protection software and check daily for new virus signature updates.
4. Use a firewall.
5. Turn off your DSL router when not in use. Either shut them off or physically disconnect them from the Internet connection.
6. Do not open e-mail attachments from unknown third parties.
7. Regularly download security patches from your software vendors.
8. Be aware that anytime you send a Word or WordPerfect document the document properties should be checked to make sure you are not sending more than what you originally intended. In other words, be sure to strip unnecessary hidden text and metadata from shared documents. (See, Microsoft Support Knowledge Base, re: hidden information in Word files.
9. If you are running Outlook as your e-mail client and are wondering how vulnerable you are to the various known security holes, check out a free tool from GFI Ltd.
10. Visit Gibson Research Corp. and run ShieldsUP! to check your workstation port security.
11.Don't forget Web browser security. Be sure to set your security properties, empty your Web history folder, and update security patches monthly!
Full scoop: infosecuritymag.com; sans.org; counterpane.com.
* * * *
Do you use passwords?
Do you use a virus scanners?
Do you have a firewall?
Do you back up?
Do you secure your storage media?
Do you have a disaster plan?
Do you secure your laptops and handheld devices?
Do you have a software, e-mail and Internet policy?
Do you have Web browser security?
Do you encrypt your e-mail?
Just a short time ago, computer security was an afterthought for most law offices. The attitude was, "What Me Worry?"
Now, after September 11, the need to stay connected, the increase in computer viruses, the continuing news of computer vulnerabilities, and the desire of third parties to gather as much information as they can about you -- computer security cannot be ignored any longer. Some of the world's best known companies have become victims of security vulnerabilities and those same companies are now helping to make security a critical part of any computer system.
Additionally, there are both legal and ethical obligations implicated by computer security that cannot be ignored. As a starting point, lawyers have an obligation to use technology properly and to keep client confidences and secrets secure. Firms that fail to deal with computer security are putting at risk their client information, their reputation and their practice!
Security starts with properly securing your law office premises, securing your workstation from unauthorized access or removal, hardening your operating system and local area network, thinking about secure access control for remote users, protecting your programs and data against virus attacks, using a good firewall, securing and backing up vital work product, monitoring all content that leaves the office electronically via content control, using encryption for information sent electronically and to enforce it all you need a good security and disaster policy too!
What may be a daunting task to a large law firm is not that complicated for the small law office or home office. All you need is a little money, a good consultant and the right software and/or hardware!
Here is my recommended shopping list.
Antivirus: For Virus protection, either Norton AntiVirus by Symantec Corp.; VirusScan Online by McAfee.com Corp.; or PC-cillin by Trend Micro Inc. should do the trick. Remember to configure it to automatically update virus definitions.
Firewalls: They come in two flavors: i.e. software or hardware. For software, I recommend ZoneAlarm Pro by Zone Labs Inc., Tiny Personal Firewall by Tiny Software Inc., or the firewall products offered from Symantec or McAfee.com. I use Tiny Personal Firewall for standalone workstations. The other firewall option is to use a combination router/firewall such as Checkpoint NG (Next Generation) firewall by Check Point Software Technologies Ltd.; SonicWall SOHO Telecommuter by SonicWALL Inc.; or Linksys EtherFast by Linksys Group Inc.
Digital Couriers: For secure digital couriers that will encrypt, track and protect your client confidences and secrets sent via e-mail, PrivateExpress Inc. is my favorite. Using a service like this will eliminate Spam mail and viruses as well as prevent your documents from falling into the wrong hands. If you just want to secure a document once and a while for e-mail transport, use the password protection feature in WinZip Computing Inc.'s WinZip, or try a more comprehensive document encryptor called e-cryptor, from SoftClan Computer Security.
Servers: For secure remote access to your server, I recommend using virtual private networking (encrypted tunnel between your computer and your office server). Microsoft Corp.'s Windows 2000 comes with VPN software, or check out Citrix Systems Inc.
If you are on a budget or do not want to fiddle with setting up a VPN, then pcAnywhere by Symantec Corp. at symantec.com will work just fine. There is also an interesting web-based remote access product from Expertcity Inc. called GoToMyPC (subscription based).
Biometrics: Now there is an inexpensive fingerprint-recognition system for PCs: U.are.U Personal for Microsoft Corp.'s Windows XP, from DigitalPersona Inc. No one likes passwords. There are too many usernames, account numbers, and passwords to remember and they're a pain to enter.
This fingerprint-recognition device plugs into any USB port and works with Windows XP. Just touch the small pad and it will remember the password and verify your identify by your thumb print! It replaces all of the passwords you use at Web sites or on your computer with a touch of your finger on the sensor. Whether logging onto Windows, a secure Web site, or encrypting a message, this device will make it so you never have to remember a password again!
Spam: For controlling spam mail and viruses entering via e-mail, Postini Corp.'s namesake product is the product for you. They claim very good spam catch rates, and shunt all filtered messages to a (secure) Web site for deleting, viewing, forwarding to your wireless device too.
For a simple client-based spam control, try SpamEater Pro by High Mountain Software. It will get rid of approximately 95 percent of your Spam mail. If you are inclined to not spend any money then I suggest you use the junk mail eater within Microsoft Corp.'s Outlook. Also use an e-mail address with your own domain name rather than Aol, @home, etc., and keep your business e-mail addresses separate from your personal address.
As you can see it is easy to get carried away with security. But remember, it is a new world on the Internet and security should be the lynchpin to all legal business conducted over it.
California attorney Albert Barsocchini is an e-practice consultant with The Lawtek Group, based in San Rafael, Calif. He is a member of the LTN Editorial Advisory Board.