SC Small Firm.com

Archive for the ‘Security’ Category

Many small firm lawyers are looking for ways to keep their computer technology costs down, particularly costs associated with networking.  Google Apps is hosted tools for business. Google Apps suite includes: Gmail, Google Calendar, Google Docs, Google Sites, Google Apps Marketplace and more. Apps offers customized email addresses (smith@smithlawfirm.com, for example), mobile email, calendar, and IM access. The cost begins at around $50 a year per user.

By using a web-hosted solution instead of an Exchange Server, there are no additional hardware or software costs. Google handles spam filtering. Apps claims to offer 24/7 email and phone support and 99.9% uptime guarantee. Naturally, there are also long-standing security concerns with Google and all other online service providers. Google has a white paper available http://bit.ly/awqMS8 in PDF.

Google now offers two-step verification which is similar to what large law firms and major companies use. Two-step verification requires two means of identification to sign in to a Google Apps account, something you know: a password, and something you have: a mobile phone. It doesn’t require any special tokens or devices. After entering your password, a verification code is sent to your mobile phone via SMS, voice calls, or generated on an application you can install on your Android, BlackBerry or iPhone device. This makes it much more likely that you’re the only one accessing your data: even if someone has stolen your password, they’ll need more than that to access your account. You can also indicate when you’re using a computer you trust and don’t want to be asked for a verification code from that machine in the future.

We’ve talked so much about online data backups, that it’s almost refreshing when a hardware product gets attention. I’m talking about the ioSafe http://www.iosafe.com/, an external hard drive that has been compared to a “black box” on an airplane. Fireproof, waterproof and nearly indestructible, this might be the in-office or in-home backup you are looking for. If you would like to see a comparison of ioSafe products, go here: http://www.iosafe.com/products-solo. While you’re there, watch the video where they demonstrate the safe being torched, doused in water, and crushed.

A few years back, a professor at a well-known law school told me how his university dealt with old computer hard drives. “We used to pay students to smash them with sledge hammers,” he recalled, “until someone got a piece of metal in his eye. Then we stopped.” Around the same time I heard this tale, I discovered an experiment by MIT researchers. The students at the MIT Laboratory for Computer Science (I’m sure you have a visual of what they might have looked like) purchased used hard drives from eBay and other sources. Of the approximately 170 drives, they found only 12 that were properly sanitized. The rest all contained data, including credit card numbers and medical records. Doh! This study sparked another project, this one involving “drive slagging.” If you know that slag relates to molten metals, you probably figured out that drive slagging means melting down your hard drive. If you’d like to see some neat pictures, check out the link. I think you will agree, there’s no way to rescue that data!

Aside from melting, foolproof ways of sanitizing a hard drive so that it can be disposed of are few and the techniques for rescuing data on hard drives have improved over the last few years. I’ve heard experts in computer forensics state that data can be retrieved from hard drives that were submerged in sea water, burned, and otherwise abused. Such feats are not inexpensive, of course. Spending $1000 for one drive would not be unusual (which is why you’re glad you made that backup, right?).

So, what’s the best way to dispose of a hard drive? See my eCycle post from December 2009.

As a lawyer, what would you do if a prospective client contacted you by email and asked for your help collecting a large debt? What if you were sent a retainer check from a new client who contacted you through email? Would the answer be different if the client were a well-known foreign corporation? Lawyers around the country and around the world have been falling victim to well-executed fraudulent schemes involving phony checks (or cheques). Though the scam varies, there’s always a phony check and a request for some of the funds to be wired by the attorney.

Jim Calloway recently blogged about scams against lawyers and linked to an article I recommend: Check Scams That Target Lawyers. Another article I recommend is How Not to Get Stung by Promises of Easy Offshore Work by my colleagues Laura Calloway and David Bilinsky. You might think it couldn’t happen to you, but the perpetrators are very sophisticated. A Houston attorney recently shared his story of being taken for $182,500.

Did Santa Claus bring you a new electronic item? Or did you purchase new hardware as a year-end capital expense? Whatever the reason, if you find yourself with old computers or electronics that are too old to benefit anyone (even the National Cristina Foundation won’t take Pentium II computers anymore), you need to responsibly dispose of the old clunker.

Being responsible means taking or shipping it to a government or private recycling center. It means doing a little research on the Internet to find out where to go and which location accepts what.  It means sanitizing hard drives and other storage media so that you don’t breach your ethical and legal duties to safeguard your client’s property (not to mention your own personal data). This can be done using software like Darik’s Boot And Nuke, Disk Wipe or Eraser .

You can also use a physical device to erase, like Drive eRazer, which works well if you have miscellaneous hard drives without the computer case. CD’s, DVD’s, floppies and tapes are the Tribbles of the law office – they have a way of self-proliferating. Most new paper shredders can shred CD’s and old floppies.

Once your computer is sanitized and free of data, you need to find someone who will accept it for proper disposal. It is not proper to put a computer in a landfill!  For a list of e-cycling websites, go to the PMAP pages of SC Bar.org and find “old computers.”  Be sure to read the article there on disposing of computers responsibly –  by yours truly and Ross Kodner: “Dumpster Disasters.”  Good luck and happy e-cycling!