Everyone does it. After a long day, you forgot to do one simple thing that could compromise confidential information: You forgot to turn off your office computer! Though it’s common sense, there are a number of things lawyers routinely do or don’t do that could lead to problems down the road, according to computer forensic, legal technology, and information security experts John Simek and attorney Sharon Nelson.
Technology blunders: Simple things lawyers can do, or don’t do, to protect information
As a reminder, Nelson and Simek offer some basic tips that can help lawyers secure information, and avoid other common technology mistakes:
You don’t have a screen-saver password. Usually, your computer logs itself out after a period of inactivity. If not, you should direct it to do so. Without a screensaver password, anyone could log back in to your computer. If you leave your computer running without a screensaver password, for any reason, there’s an open invitation for someone to browse your files or download inappropriate material.
You never turn your computer off. Computers, you have noticed, are imperfect. Processes don’t terminate the way they should, applications get tangled, and your own tendency to have 15 programs running at once tends to create collisions. As John puts it, “lots of stuff hangs around impeding the performance of your machine.” The fix is easy – either turn the machine off every night – or if you need to leave it running for remote access (that is, after you’ve installed a screensaver password!), turn it off when you go to lunch. Once a day is the rule. No exceptions.
Your password is your birthday. Passwords must 12 characters long. Anyone with any IT sophistication can crack your eight-character password, no matter what it is, in less than two hours. With 12 characters, it takes 17 years. Most bad guys can’t wait that long. Make it easy on yourself and create a passphrase: GoingonanAlaskancruisein2011! is perfect – and easy to remember.
You hide your password in an easy-to-find location. Passwords are meant to be remembered, but are easily forgotten. When we visit law firms to give advice on security and technology issues, we often find passwords on monitors, under keyboards, and in the top right-hand drawer of the desk. Surely, the bad guys can figure those places out, too.
You download illegal software. Being penny wise and pound foolish is common – however, the installation of illegal software in law offices is horrifying. The Business Software Alliance (BSA) is not amused by illegal software – and at $150,000 per copyright violation, you are unlikely to be amused if discovered. By the way, most of the BSA’s leads come from employees. Do all of your employees adore you?
Your backup media goes bad. Inevitably. No matter what kind of backup you use (and shame on you if you’re not backing up), you must – absolutely must – do test restores of the data to ensure that all is well. That is true even if you are using an online backup provider. We once saw a major online back-up provider lose five years of law firm data – they had never done a test restore. Make sure your provider is doing this. Note: Read Ross Kodner’s Wisconsin Lawyer article, “Saving Your Practice: Backup That Works,” for more information on this topic.
You use autocomplete. Autocomplete is your enemy. This is the Outlook function that helpfully suggests an email address when you begin to type. In the last week, we have received three emails meant for other people. John turns his off. Sharon likes autocomplete, but she has a firm rule. When the email is finished, her hands come off the keyboard until she has verified that the addresses on the email are what she intended. Without this rule, she acknowledges she, too, would be among the hordes of lawyers who have, at the very least, embarrassed themselves. One lawyer meant to send a very important email to co-counsel and ended up sending it to a New York Times reporter instead. Take your hands off the keyboard.
You don’t have a PIN on your smartphone. Remember the ethics rule about keeping client data confidential? If you don’t have a PIN on your smartphone, run, do not walk, and get one installed. We once found a SAIC phone lost at an airport. No PIN. The owner was lucky that we were honest folks and turned it over to security.
About the authors
John Simek and attorney Sharon Nelson are the president and vice president of Sensei Enterprises, Inc., a computer forensics, legal technology and information security firm based in Fairfax, Va.
Multiple experts on technology and law practice will convene at the Wisconsin Solo and Small Firm Conference, Oct. 27-29, at the Kalahari Resort in Wisconsin Dells. To view the full schedule and to register, visit the Wisconsin Solo and Small Firm Conference webpage, at wisbar.org.