YourABA June 2012 Masthead

Help prevent law-firm data breaches with these security basics

Don't be lulled into thinking that law firms aren't being attacked by hackers or suffering data breaches just because their clients do not seem to be affected. The FBI issued a warning in 2009 that law firms are now specific targets of hackers, say John W. Simek and Sharon D. Nelson of Sensei Enterprises Inc.

In their recent Law Practice Magazine article, "Preventing Law Firm Data Breaches," the legal technologists note that hackers are realizing that law firms have on their networks valuable economic intelligence related to business deals, mergers and acquisitions—and their security is dreadful.

While Simek and Nelson acknowledge that there is no silver bullet for law-firm data security, they offer several security basics that every lawyer should heed.

Use a strong password of at least 12 characters, and change it regularly. "No matter how strong an eight-character password is, it can now be cracked in two hours. A strong, 12-character password takes roughly 17 years to crack," advise the authors.

Change system defaults. The default user ID and passwords for any software or hardware installation are well known—even for Apple products.

Protect laptops with whole disk encryption—and enable it. Lawyers may want to consider additional measures such as biometric access, as laptops are a primary source of data breaches.

Encrypt backup media. If you use a backup service in the cloud, "make sure the data is encrypted in transit and while stored," say Simek and Nelson.

Use a PIN for your smartphone. And "don't use ‘swiping' to protect your phone, as thieves can discern the swipe the vast majority of the time due to the oils in your fingers," warn the authors.
Set and enable proper security on wireless networks. Nelson and Simek note that WEP encryption can be cracked, and the only ones that have not yet been cracked are the WPA and AES encryption standards.  

Use a single, integrated product to deal with malware, viruses and Spam. Nelson and Simek recommend Kaspersky Internet Security 2012 for solo and small firms, and Trend Micro for larger firms.

Upgrade to a supported version of security software. "If software is no longer being supported, your security may be in jeopardy," caution the authors.

For remote access, use a VPN or other encrypted connection.

Dispose of technology products securely. For computers, a free product such as DBAN can securely wipe data, say Simek and Nelson.

For the entire list of security tips, view the full article.

Law Practice Magazine is a publication of the Law Practice Management Section.

Back to top




Screen nonlawyer employees for conflicts of interest


Evaluating cloud-computing providers


Taking paper out of the law office


10 ways to keep clients happy so you don't lose them

Advice on balancing life and work

Help prevent law-firm data breaches with these security basics

Thriving after disaster: Tips from Katrina survivors

The do's and don'ts of coaching corporate witnesses

Managing brands in social media: Be proactive, act fast

Are Web-based terms of sale enforceable?

Lawyers with disabilities share strategies for professional success

Culture, access and training all critical to antitrust compliance program


Give yourself a competitive edge with ABA sections, divisions and forums


$400 off an HP Ultrabook™ bundle