Category: Uncategorized

Are Your Computers Fated to Be Hacked?

I know it’s a dangerous world for computing “out there,” but it might be a lot worse than I thought.   Computer security has long been a topic of concern for me.   You may want to review some past posts including:
Improving Computing Security with Stronger Passwords
Disposable Email Addresses
Who Uses iPad? Has AT&T’s Security Breach Left Them Vulnerable?
Another Attorney Trust Account Hit By Online Fraud
A Dangerous New Worm Affecting Apple iPhone and iPod
Online Banking and the Next Generation of Trojans
Malicious Web Sites Increasing Your Security Risk Exposure
Another Huge Security Breach
How to Avoid Dangerous Web Sites
More on Socially Engineered Viruses
Safeguarding Confidential Information
Trojan Infects 260,00 Android Devices
and many more, which can all be found under the Security category of this blog.    These are just a sampling of the posts which have appeared on this topic regularly, all the way back to 2005, when the blog got started.

My June issue of ABA Journal Law News Now — yes, I am behind in my reading — contained a link to a news article entitled “Hackers Breached 90% of US Companies Surveyed in Past 12 Months” which immediately compelled me to click on the link.  It’s a very short story, which you can easily read for yourself, but the bottom line is that 90 percent of 583 U.S. companies surveyed said their companies’ computers were breached at least once by hackers within the past year.  Some reported two or more breaches.

The article concludes, as do I, that it’s really not a question of IF your firm will experience a data breach at some point, but rather WHEN your firm will experience the breach.  This is no different than the line that many of my colleagues and I use when talking about the need for complete computer backup every single day — it’s not a question of IF your hard drive will fail or a document will become corrupted, it’s a question of WHEN.  It’s an eventuality you can’t afford to ignore or avoid preparing for and safeguarding against.

Lawyers are bound by ethical rules to safeguard client property, which includes confidential documents and other information.  Just because your firm has anti-virus software and a firewall, and backs up faithfully every night, doesn’t mean your worries are over.  There was a time when that would have been a sufficient standard to meet to protect yourself from possible disciplinary action, or a malpractice suit, in the event of a data breach.  But the standard has continued to move upward as the threat level has escalated.

Let me pose a few questions, and you can judge how well you’re able to answer them.

  1. Does everyone in the firm need to use a password to log onto their computer?
  2. Are computers left on at the end of the day — say for remote logon, or just because someone forgot — set up to use a screen saver and a screen saver password?
  3. Are laptops equipped with boot passwords?
  4. Are Smartphones in use by the firm’s lawyers set up with passwords?
  5. Did a professional install your firm’s internet router, and confirm they changed the manufacturer’s default password upon installation?
  6. Does your firm have a written internet and computer-use policy?
  7. Does your firm regularly remind employees and owners about the dangers of opening unexpected attachments or clicking on links to unknown sites?
  8. Do any of the firm’s attorneys use a home computer to do work they take back and forth on flash drive or disk, or to dial in remotely and work, when that computer is also “shared” with other family members?  (If you answered yes to this one, and any of those family members is a teenager, please don’t let me know, as I will experience immediate palpitations!)
  9. Has your firm ever hired a computer forensic expert to perform a relatively inexpensive remote test of your network and website’s security?

I could ask further questions, but let’s face it, you have to get back to work, and now I’ve probably added a little more to your long to-do list.  If you need help to make sure you’ve taken all the reasonable steps necessary to fulfill your ethical responsibilities, then get it.  Remember, it’s not a question of IF, it’s a question of WHEN, unless your firm is one of the few in that lucky 10% safety zone.  Want to bet your license on it?  I didn’t think so.

 

WordPress Themes