|Oregon State Bar Bulletin FEBRUARY/MARCH 2009|
Your data is in danger. It can be stolen by hackers, lost in a system failure or inadvertently exposed through metadata. You know all this, of course, but what are you doing about it?
Far too many lawyers give data security short shrift. This is surprising — perhaps even shocking — given that the destruction or compromise of data could ruin a lawyer’s practice and expose the lawyer to malpractice, all in an instant.
Larger firms are blessed with information technology specialists to protect and back-up their data. Most sole practitioners and smaller firms have no such luxury. For them, data security is the job of support staff or even the lawyers themselves.
For the data-security do-it-yourselfers out there, there are
websites that can help. To my surprise, however, there is
a shortage of sites that address data security with specific reference to the legal profession.
In fact, the best site I found is not specifically for lawyers, but addresses data security across various industries and academia. It is the website of the Information Assurance Directorate of the National Security Agency, www.nsa.gov/ia/.
The IAD’s mission is to protect the nation’s infrastructure against cyber threats and to develop encryption codes and data protection products. Various sections of its website address its research and its work with different industries. But the most practical section of its site is its collection of security configuration guides.
These guides provide detailed instruction on protecting the security of operating systems, routers, Web browsers and software applications. They are organized into sections covering such topics as wireless communications, VoIP and IP telephony, Web servers and browsers, database servers and routers.
One recent guide, for example, discusses the risks of hidden data in Adobe PDF files and explains how to protect them. Another, "The 60 Minute Network Security Guide," explains how to secure your IT infrastructure.
Of websites targeted primarily at lawyers, the one that seems to have the best overall collection of articles about data security is TechnoLawyer, www.technolawyer.com. It publishes six free e-newsletters on legal technology and maintains an archive of all of its articles dating back to 1997.
My search found hundreds of articles here on data privacy and security from many established writers on legal technology. Recent topics included hard drive shredding, password protection, securing a networked workstation, DNS vulnerability and securing data on a BlackBerry.
You can search the archive for free and produce a list of matching articles and their descriptions. But in order to click through and view the full article, you must have a paid subscription. Fortunately, the price is reasonable — $25 for seven-day access, $50 for a month and $75 for a year.
Another site with a broad range of articles and resources on data security is that of the American Bar Association, www.abanet.org. Because the site is so vast, the best way to find articles on particular topics is through the search tool. I found articles and presentations on topics such as the ethics of online backup, testing data security through "ethical hacking," and best practices for the use of encryption.
Several legal blogs provide useful information on data security issues for legal professionals. Among them:
Ross Ipsa Loquitur, http://rossipsa.com. This is the blog of Ross Kodner, a nationally known consultant, author and speaker on law practice technology. He writes regularly about data protection and in particular about data backup. "Data backup may be the most boring topic in all of legal technology, but one day it will save your practice," he wrote in one recent post.
Jim Calloway’s Law Practice Tips Blog, http://jimcalloway.typepad.com. Calloway is the director of the Oklahoma Bar Association’s Management Assistance Program and a frequent writer and speaker on legal technology. A recurring topic on his blog is managing the risk of technology. He writes about metadata, encryption, back-up and similar topics.
Lawtech Guru Blog, www.lawtechguru.com. Jeff Beard is another nationally known writer and speaker on legal technology. He has more than 80 posts tagged "security." One recent post discussed how encrypted wireless networks can be hacked and how to protect yourself. Another discussed firewall vulnerabilities.
PDF for Lawyers, www.pdfforlawyers.com. Lawyer Ernest Svenson is better known for his other blog, Ernie the Attorney. Here, he focuses on PDF use in the practice of law. The security of PDF is a regular topic here, with a particular emphasis on digital signatures and metadata.
Ride the Lightning, http://ridethelightning.senseient.com. Sharon D. Nelson is president of the computer forensics company Sensei Enterprises and was editor of the ABA book, Information Security for Lawyers and Law Firms. She focuses her blog on electronic evidence, but data security is a frequent topic, particularly as it relates to protecting and discovering evidence.
Technola, http://techno.la. This blog covers technology for legal aid and public interest advocates. It tracks news and developments of interest pertaining to a range of technology topics, including security.
Lawyers are uniquely bound by ethical and professional standards
to secure and protect data. If you are a do-it-yourselfer when it comes to
data security, these sites are well worth your time.
ABOUT THE AUTHOR
Robert Ambrogi, who practices law in Rockport, Mass., is the former editor of National Law Journal and Lawyers Weekly USA. He is internationally known for his writing about the Internet and technology.
© 2009 Robert Ambrogi