Keeping Safe from the Bad Guys
I am flying home from Santa Fe, New Mexico, where I attended the GPSolo Division’s Fall meeting and taught two classes in the National Solo and Small Firm Conference. I developed the idea for this column while presenting there at a session that focused on the question of whether one can successfully run a law office on a Mac. Of course, we all know the answer to that question: Yes!
You may not know that New Mexico considers itself the land of enchantment. I am not exactly sure why, but they do. (Maybe it is all the artists and galleries.) While I did not think the class was enchanting, I considered our program on the Mac law office the class of enlightenment, in recognition of the light bulb that goes off when attorneys finally realize that they can, indeed, run a law office quite handily on the Mac platform and, even better, that they can do so, in most cases, without the necessity of their own IT department, making it ideally suited for the small firm or sole practitioner. A brief survey revealed that about half the attendees at the class had already reached a level of enlightenment, as they used Macs in their practice. They attended to get some ideas about how they could utilize their Macs more effectively. The other half came to the class seeking enlightenment. I actually had several attendees come to me before the class and tell me that they were ready to be convinced to switch to the Mac and that they came for the purpose and with the intent of becoming convinced that they could run their office on a Mac. (I love an easy sell!) At the end of the class, several people told me that they intended to get Macs.
We held the event at the Hotel Santa Fe. The hotel has a free and unprotected Wi-Fi network for the convenience of its guests. I had a MacBook connected to a projector for the program. As I talked, I looked at my MacBook’s screen and discovered that the “shared” section of the Finder Window listed a number of computers (Mac and PC) that shared the open network. I noticed that a MacBook Air belonging to a friend of mine appeared on the list (I knew it was his because he had named it after himself). I clicked on his computer, instantly opening it up. As it only showed other folders, I projected it on the screen at the front of the room, knowing I would not reveal any confidential information. I did that to make a point. I believed that most of the people on the network had simply opened their computer up to everyone else on the network, as my friend had, without thinking about it or, perhaps, even knowing that they had done so. I suspect that I reached the right conclusion as, when I started to talk about the exposure, I saw a look of concern on the faces of many in the audience (likely a number of which faces belonged to some of the other computers showing on the network as several people in the room had laptops open on their tables).
While much of the information on our computers may not have any confidentiality issues, because we are attorneys, undoubtedly some of it does. Some of the information may reflect our own personal matters, accounts, and activities that we would rather not share with others. Moreover, if we allow others open access to our computers, they have the ability of adding something to the computer that we likely do not want in our computer.
We spent several minutes addressing the security issue, and I thought it might prove a useful topic for this column. Now that you know how we got here, let’s talk about how we protect against inadvertent disclosure of information or some bad agent adding something to or deleting something from our computer. Fortunately we have a number of solutions that can make things a bit safer for us. Unfortunately, virtually all of them introduce a level of inconvenience to our computing experience that, at times, will make us want to disengage all of them. No matter how tempting it may feel to do that, resist the temptation or run the risk of computer invasion.
Staying off of public Wi-Fi networks and any unprotected network will reduce your exposure. Now we deal with some inconvenience. If you need Internet access on the road and want to stay off of unsecure networks, you need to acquire a cellular modem of one or another style and an Internet access account. That requires the payment of a monthly fee. You will learn that presents a mixed blessing. Having the card means something else to carry and, depending on how and where you travel, may increase your expenses. On the other hand, having the cellular modem may decrease your expenses if you stay in hotels that charge $10 or $15 a night for Internet access. Additionally, the card gives you Internet access almost everywhere a cell phone works. Note that some cards will not work in foreign countries, and, with others, even though they do, you will pay a premium for bandwidth outside of the United States.
Sometimes you don’t have a choice. If you want Internet access and you find yourself in a place where your cellular modem does not work, you have to use what you can find or do without, even if that means an unprotected public network.
Presumably, you have already set up a password to protect access to your computer. If not, please drop everything you are doing and set one up right now! You should use a “strong” password. A strong password consists of a mixture of at least six characters, not in an obvious order (such as your name or your birth date). Random collections provide the best protection and the least convenience, as they can prove difficult to remember. Mixtures of alphabetical and numeric characters provide better protection than just letters. If you want to make it even stronger, venture beyond a simple alphanumeric password and use a symbol or two. It strengthens the password.
You will probably want to write the password down some place so that you can access it if you forget it. Although a password gives you some privacy and protection, you do not want to lock yourself out of your own computer with it. Do not leave it electronically in your computer, as that will defeat the purpose of the backup. Do keep it separate from your computer. I have seen some people remove the battery and write it in the battery compartment or on some other part of the computer or computer accessory. I do not advocate that approach. I consider it comparable to using the rhythm method for birth control. If you are lucky it works. If not, oh well . . .
By the way, if you decide to get a cellular modem, think about getting one that connects through the USB port rather than one that resides on a PCMCIA or Express 34 card, even if your current laptop has a slot for such a card. I make that recommendation to you for several reasons. First, not all computers have such a slot. In fact, more and more laptops lack such connectivity. Your next computer may not have the slot, and virtually all computers made today have at least one USB port. Second, if you use more than one computer and one has a slot while the other doesn’t, the USB connection lets you easily shift from one computer to another and share the access while paying only one monthly fee. Third, you can separate the USB connecting device from the computer by using a USB connection cable rather than plugging the device directly into the computer. As the signal may work better with elevation or with the device on a windowsill than next to the computer, that can prove a significant advantage. Note that an increasing number of computers offer a built-in cellular card for Internet access as an available feature. These will restrict you more than any other approach if you have more than one laptop, as you cannot readily use the access account with other computers. You really don’t want to have multiple accounts when one suffices.
On another note, if you have not yet heard, Apple has refreshed its entire laptop line as well as most of its iPod line. Stop by www.apple.com or your local Apple store and check out the new equipment. We will have more to say about it later.
Jeffrey Allen is the principal in the law firm of Graves & Allen with a general practice that, since 1973, has emphasized negotiation, structuring, and documentation of real estate acquisitions, loans and other business transactions, receiverships, related litigation, and bankruptcy. Graves & Allen is a small firm in Oakland, California. Mr. Allen also works extensively as an arbitrator and a mediator. He serves as the editor of the Technology eReport and the Technology & Practice Guide issues of GPSOLO Magazine. He regularly presents at substantive law and technology-oriented programs for lawyers and writes for several legal trade magazines. In addition to being licensed as an attorney in California, Jeffrey has been admitted as a Solicitor of the Supreme Court of England and Wales. He holds faculty positions at California State University of the East Bay and the University of Phoenix. You can contact Jeffrey via email at firstname.lastname@example.org. Mr. Allen blogs on technology and the law at www.jallenlawtekblog.com.
© Copyright 2008, American Bar Association.