This post was authored by Eric Pesale, a soon-to-be attorney who recently graduated from the New York Law School. Eric contributes regularly to the Logikcull blog, focusing on the legal impact of emerging technologies. He can be reached at firstname.lastname@example.org or on Twitter at @ericpesale.
Hacking can spell disaster for law firms of all sizes. While larger firms may be targeted for the sensitive client data they possess, smaller firms are equally vulnerable, sought out for the sensitive financial information that all small businesses hold.
Cybercrime can also pose prosecutable ethical issues for attorneys if they fail to take reasonable steps to keep their firm's and clients’ ESI from being compromised. ABA Model Rule 1.6 and similar state ethics codes require lawyers to take reasonable steps to safeguard attorney-client communications and ensure attorney-client confidentiality, so your law license could be on the line if you fail in this regard. Since October is National Cyber Security Awareness Month, here are five cyber security tools you can try out to see if they are appropriate for protecting your firm’s client communications, documents and other data.
While Gmail, Outlook, and other email systems often include built-in encryption, these features alone aren’t sophisticated enough to dissuade hackers from hacking into your accounts and compromising your confidential client communications. Furthermore, whatever happens to any emails after you press the “Send” button is out of your control, which could open the door to a number of liability and accidental disclosure issues. Fortunately, programs such as Virtru solve these problems for attorneys. Virtru utilizes client-side encryption that can be installed on any email system, and can be used to encrypt attorney communications with clients, opposing counsel, and third parties. All you’d need to do is activate Virtru’s encryption settings in your email draft before sending your message or documents. What’s also unique about Virtru is that its capabilities go well beyond encryption and give you total control over who accesses and forwards your emails. For example, Virtru can actually allow you to disable email forwarding on the receiver’s end, expire messages, and revoke access privileges to individual receivers of already-sent messages.
Many cyber security experts advise on using two-step authentication as a way to confirm a computer or program user’s identity. The issue with this approach, however, is that most two-step authentication applications and software utilize smartphones, text messages and emails -- all of which can be easily hacked. To ensure safer and more secure access to extremely sensitive information, try a USB drive authentication key such as Yubico’s Yubikey. Yubikey -- which is used by companies such as Google and Facebook -- automatically generates a number of one-time usage multi-character passwords each time you attach it to a laptop, tablet, or mobile device. Since each key generated by Yubikey expires immediately upon login, it would be impossible for a hacker to steal your password and log in successfully since a different one would be instantly activated.
If you’d rather not use a USB-based encryption device such as the Yubikey, a cloud-based password storage program such as 1Password could be a better solution. 1Password, which can be used as either a browser extension or a smartphone app, allows you to store all of your program passwords, bank logins, credit cards and even social security numbers using AES-256 encryption. Whenever you need to enter a password, all you need to do is tap the 1Password logo in your smartphone app login page, or select the appropriate website, app, or software program name from 1Password’s browser drop-down menu, to autofill your login credentials and automatically log in.
If your law firm or office runs on Windows and you are looking to replace your existing computers, you should consider installing a “zero filling” program such as Lowvel on your old computers to ensure any client data on those hard drives are irreversibly erased. Although most computers come with built-in hard drive formatters that are supposed to erase all existing data, these programs can still leave traces of the computer’s original data in the hard drive in such a way that a sophisticated cyber criminal could potentially recover (http://www.dedoimedo.com/computers/low-level-formatting.html ). Lowvel solves this issue by using a process called low-level formatting, or “zero filling,” that renders all data on a computer hard drive to be unreadable and irretrievable. While Lowvel is not compatible with Apple computers, it’s a good data-formatting program for law firms running Windows to consider.
Let’s say you wanted to work on a client project at home, or you’re a contract attorney or a solo who is working remotely or in a shared office space. If you want to do online case research or send a client communication safely and securely on a shared or public wireless network -- which can likely occur at a bring-your-own-device workplace -- then a multi-device encryption app such as Hotspot Shield can help hide your device information and data while using the network. All you would need to do is install Hotspot Shield a desktop browser extension or app, and Hotspot Shield will automatically encrypt your wireless connection regardless of whether the WiFi network you’re on is public or private. The program also has built-in malware protection, anonymous web surfing capabilities, and encryption protection for text messages, passwords, financial transactions, and other sensitive data. While Hotspot Shield does offer a paid version, most of these features are included in its free version.