SC Small Firm.com

Archive for the ‘Security’ Category

Did Santa Claus bring you a new electronic item? Or did you purchase new hardware as a year-end capital expense? Whatever the reason, if you find yourself with old computers or electronics that are too old to benefit anyone (even the National Cristina Foundation won’t take Pentium II computers anymore), you need to responsibly dispose of the old clunker.

Being responsible means taking or shipping it to a government or private recycling center. It means doing a little research on the Internet to find out where to go and which location accepts what.  It means sanitizing hard drives and other storage media so that you don’t breach your ethical and legal duties to safeguard your client’s property (not to mention your own personal data). This can be done using software like Darik’s Boot And Nuke, Disk Wipe or Eraser .

You can also use a physical device to erase, like Drive eRazer, which works well if you have miscellaneous hard drives without the computer case. CD’s, DVD’s, floppies and tapes are the Tribbles of the law office – they have a way of self-proliferating. Most new paper shredders can shred CD’s and old floppies.

Once your computer is sanitized and free of data, you need to find someone who will accept it for proper disposal. It is not proper to put a computer in a landfill!  For a list of e-cycling websites, go to the PMAP pages of SC Bar.com and find “old computers.”  Be sure to read the article there on disposing of computers responsibly –  by yours truly and Ross Kodner: “Dumpster Disasters.”  Good luck and happy e-cycling!

Maybe you’ve heard about a thing called “metadata.” Say what? Usually, dropping buzzwords and using plain English is helpful, but not here – since metadata means “data about data” or “information about information.” Gee, thanks.

Metadata is actually the code or words contained in electronic documents that help the document function better somehow; for example, making it easier to search for the document on the computer. According to Catherine Sanders Reach, Director of the ABA Legal Technology Resource Center, “Metadata helps users save and retrieve documents more readily, by capturing information such as author, editor, “date created” and “date revised” in the hidden part of the document.

“However, other information about the document is also captured, such as additions, deletions, revisions, versions, comments, and other information about the document that an attorney may not want to share with others”

So, while metadata is useful, it can also be dangerous. Anyone with the inclination and a little know-how can look at metadata. Unfortunately, well-publicized stories of metadata embarrassments abound. Usually, they involve an electronic copy of Microsoft Word emailed or otherwise transmitted (intentionally or otherwise) to another person who exploits the information contained in the metadata to suit his or her own ends.

It’s not difficult to see that this could be particularly dangerous for lawyers, whose ethical duties to clients could be breached as well. Although South Carolina has not weighed in with an ethics opinion, the majority of states with opinions held that lawyers have a duty to exercise reasonable care to avoid disclosing confidential information via metadata when transmitting electronic files. To see all existing opinions, visit the ABA Legal Technology Resource Center’s metadata ethics opinion comparison chart.

The question then is “how do I get rid of metadata?” (I wish to clarify that we are discussing the metadata in documents the attorney creates, not metadata which may be present in electronic evidence in a lawsuit, which may be subject to the federal and state rules or laws.)

Many “solutions” to the metadata problem aren’t practical – such as not transferring electronic files; scanning documents and saving in a new format; or copying and pasting into a plain text editor. A more realistic solution is to clean the documents before you share them. Microsoft attempted to address the issue with Office 2003 by releasing an add-in removal patch for Word, Excel and PowerPoint files. In the year since it was released, there have been many reports of it failing to do a complete job of metadata removal, so I do not recommend relying on it.

Office 2007 comes with more built-in metadata removal tools, including Document Inspector. For a more in-depth discussion and instructions on metadata removal in Office 2007, see http://bit.ly/1pS6OM.

For most lawyers, third party software remains the best means of removing or minimizing metadata. Two products to consider are Metadata Assistant by Payne Consulting  (priced from $80.00 for single workstation and more for enterprise-wide versions) and Workshare Protect (starting at $29.95).

While most of the problems with metadata arise from Microsoft software, to a lesser degree metadata is in other products as well, such as WordPerfect and PDF files. For pointers on dealing with WordPerfect, see www.corel.com and search for metadata in the knowledgebase.

Adobe Acrobat (PDF) is usually a secure format for transferring documents electronically if the document is secured or restricted. For more on securing Acrobat PDF files, see http://www.adobe.com/support/security/.

The most important thing to know about metadata is that it exists and to exercise caution when transferring electronic files, utilizing removal tools when necessary.

To the people of Mississippi and Louisiana, Katrina is the big one. For south Florida, it is Andrew. But for the people of South Carolina, Hugo is our big hurricane. Hugo was the most intense hurricane ever to strike the US coast north of Florida*.  It killed 35 people in the U.S. and caused billions of dollars in damage.* Everyone who lived through that hurricane has a story to tell and most of us will never forget it. One of the things that made Hugo so unforgettable was that it wasn’t limited to only the coastal communities. Hugo roared inland, cutting a huge swath across South Carolina. Even Charlotte suffered, with parts of the city without power for nearly two weeks.

Today, September 21, is the twenty year anniversary of Hurricane Hugo.  (Since the eye of Hugo actually made landfall near midnight on the 21^st, we officially remember both the 21^st and 22^nd as the Hugo anniversary.)  If you don’t remember Hugo, or you want to reflect on it after the passage of twenty years, the Charleston Post and Courier has posted photos, stories, videos and more online. You can also find links to helpful hurricane preparedness resources there. The SC Bar disaster and emergency preparedness page contains even more links to other resources. Be sure to click the link to request a free copy of the Bar disaster preparedness handbook, Prepare, while you are there (or follow this link).

Perhaps we should set aside September 21 every year to review and update our firm’s disaster procedures. Even solos should do this, particularly where technology is concerned. Everyone should be able to answer this question with certainty: “If something happened to my computer today (theft, hard drive failure, flood, fire) can I be up and running on another computer – with all my previous work and programs – quickly and simply?”  If you can’t answer this question in the affirmative, contact me.

If you were practicing law during Hugo, please comment below and share your memories and tips — they may benefit other lawyers.

How can you prevent law office theft, fraud and embezzlement? One way is to be aware of the potential problem areas so that you can be alert and vigilant. Blogger Laura Calloway, the practice management advisor of the Alabama State Bar, has collected an excellent list of procedures you can put in place to prevent problems in your office. Example: Always reconcile bank statements within two days of their arrival in the office. To see the whole list, go to the September 16 post on The Last Word.

I did it. I backed up files from my PC at work to the CoreVault “vault” in the sky (well, really it’s two secure locations a mid-west state).  Last week, I decided to find out first hand how easy or difficult it would be to backup some of the critical folders of data on my PC using CoreVault’s services.  Turns out it’s easy. A CoreVault representative (Edward) called me at an appointed time to assist me in the process. In a matter of thirty minutes, I was ready to backup. Read the rest of this entry »