Securing Your Data
Research indicates that upward of 2 million laptop computers get stolen every year. Untold millions more get lost or damaged from drops, liquid spills, and other misfortunes. Even more simply fail for one reason or another and go off to the shop for repairs. The owners of 98 percent of the stolen computers never see their hardware again. This means that the data on these computers is in the wind, and whoever gets the hardware may also have access to any and all of the data. I have written about the importance of data encryption on several occasions and will likely continue to do so, given that so much data remains unencrypted. Unencrypted data stored on a device misplaced owing to inadvertence or criminal behavior is immediately available to strangers. Encrypted data has some protection against violation by strangers. Good encryption has a lot of protection, and you should encrypt the data on your computers, especially your laptops.
The flip side of the coin when it comes to data on lost devices is recovering access to your own data. Encryption cannot solve that problem. Failed hardware creates the same potential loss of access. A good backup system provides an answer to loss of access problems, whether owing to hardware failure, loss, or misappropriation. Traditional backup systems use a separate physical storage device for backup purposes. Having a physical backup remains a good idea, but carrying the backup with you also exposes it to loss, damage, or misappropriation. Carrying laptops or other storage devices across international boundaries may also expose them to examination by security agencies.
Cloud Storage Options
Recently, we have seen an expansion of the use of the “cloud” as a means to accomplish data storage, data backup, and data synchronization across a multitude of devices. Storing your data in the cloud provides a number of advantages:
- Your data can be synchronized easily across devices;
- Your data is available anywhere you can get good Internet access;
- Your data is not searchable when you cross international boundaries; and
- Your data won’t disappear with a stolen, lost, or disabled device, thereby offering protection of both access and confidentiality.
There are, of course, also disadvantages of storing data in the cloud:
- Access speed is poor by comparison to wired connections such as USB 3.0 (even with high-speed Internet connections, downloading a large amount of data can take a fair amount of time); and
- Cloud storage raises its own security issues.
Many providers offer a variety of cloud storage services ranging from those, such as iCloud (icloud.com) and Google (google.com), that sync contact information, calendar information, and other data across your devices, to those that offer full backup of computers. Although using iCloud or Google to sync calendar and contact information across computers, tablets, and smartphones will not allow for you to superimpose your own encryption, both these systems incorporate their own encryption protocols.
Apple’s iCloud system encrypts data in transit and while stored on the provider’s servers. For further information about iCloud security, go to tinyurl.com/nf2r73r.
Google does not default to encryption, but you can turn on the feature in your preferences with respect to almost all of the Google Apps; encryption is not currently available for Google video or the Google Start page. For further information about Google security, go to tinyurl.com/c6y477l. Secure Sockets Layer (SSL) connections can provide further security. You will find instructions for setting your preferences to enable SSL connections with Google at tinyurl.com/cn2vquz.
For synchronizing contact and calendar information across your devices, I have found that iCloud and Google both work very well. If you use iOS devices and an Apple computer, you will probably want to use iCloud, as it works better with these devices.
With respect to storing other information in the cloud to make it available to you from any location at which you can get Internet access and/or keeping multiple computers synchronized with the data and/or sharing data with third parties, you can find several services that will do the job. Two of the best-known services are Dropbox (dropbox.com) and Box (box.com). Many law firms have used and are using one or the other of these systems. Both will give you a reasonable amount of free storage space, and both will rent you additional storage space on a subscription basis. Both work equally well on the Windows and the Mac OS platforms and will move data readily from one platform to another. Files retain the same format when they move across devices. This means that neither service converts a file readable only by a Mac to one readable by a Windows computer, but files in formats readable by both will open on computers on either platform. As a general rule, a computer operating on the Mac OS can read almost any file created on a Windows computer. Windows OS–based computers cannot read files created in certain Mac-only formats.
Both services offer the ability to share files with third parties on an invitation-only basis. Both offer access from iOS and Android platform mobile devices. Both have individual- and business-level services, with the business level providing more features and costing more money. To install either service on your computer, go to the service’s website, download the installation software, open the file, and let it install itself on your computer. The software will set itself up to open automatically and connect to the service’s server whenever the device is online. You need to replicate the installation process on each computer you want to keep synchronized with the data. You also need to be sure to sign the computer into the same account if you want to synchronize data automatically across the devices. Computers set to the same account will automatically synchronize the files in the service’s folder. Note that you do not need to have Dropbox or Box on the computer you are using, as you can access your account on the server through a browser window. Be very careful, however, about accessing your data from a public computer! You can find a comparison of the various Box.net program offerings and pricing at box.com/pricing. You can get similar information about Dropbox at dropbox.com/pricing.
Confidentiality and Security Considerations
American Bar Association Model Rule of Professional Conduct 1.6(c) reads:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
As attorneys we have to concern ourselves with the security of confidential client information. The Model Rules require lawyers to keep current on changes to technology that affect the practice of law. Model Rule 1.1, concerning Competence, comment , reads:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
Although the Model Rules do not control in all states, all states that do not use the Model Rules impose requirements respecting confidentiality of client information and the attorney’s duty to protect it. It would seem hard to claim that you took reasonable steps to prevent inadvertent or unauthorized disclosure of client information if you stored it in a cloud facility without doing some investigation of the service.
No cloud storage system can ensure that it will never suffer a security breach. Dropbox has had some issues with respect to passwords stolen from users through unrelated malware. This brings up a very important point. If you set up a Dropbox or a Box account (or any other online account), use a strong password, change it regularly, and keep it secure. Strong passwords do not immediately connect to you (e.g., your name or initials), should contain at least eight characters (more is better), and should mix upper- and lowercase alphabetical characters with numeric characters and (if the service allows) symbolic characters. For example: *AB3cz690#. A longer pass phrase gives you even better protection owing to its length, but mixing upper- and lowercase alphabetical, numeric, and symbolic characters remains a good idea.
Both the iTunes App Store (apple.com) and the Google Play Store (play.google.com) have Box and Dropbox apps you can add to your iOS and Android tablets and smartphones, giving them access to the accounts and the information you have stored on the server. The mobile apps do not automatically load the full content of the folder onto your mobile device, as that would likely create storage issues. But they do allow you to access the server and select what files you will download to the mobile devices. The bottom line is that you have access to the files through your smartphone and/or tablet, should you want or need to access the files that way. One caution, however: If you impose your own encryption over a file, you may find that you need to use a similar device to unencrypt it (i.e., a computer to a computer or a mobile device to a mobile device). Not all encryption programs for computers work on mobile devices and conversely. There are some that do, although they are not necessarily the strongest encryption programs available. If you want to encrypt a file and still access it on your mobile device, be sure to use a program that works with both your computer and your mobile device. One encryption program that I have recently discovered and am currently experimenting with, Cloudfogger (cloudfogger.com), has iOS, Android, Windows, and Mac OS versions available.