How to Keep Data Secure on Devices that Leave the Office
July 31, 2017
An important issue confronting many professionals, including lawyers, is how to safeguard their personal devices, such as laptops or tablets, while they are at the office. There are certain steps that lawyers can take to secure their devices and the client data they contain in the event of a loss or theft.
While the engineers and developers at Apple, Microsoft and some third parties, have built effective security features into their operating systems, it is up to the user of the device to activate them.
Upon purchasing an Apple computer, you may be asked whether you would like to enable FileVault. Enabling the program encrypts the hard drive. With just one click, you can achieve NIST-level security that would require a considerable amount of time and effort to decode. This level of security, which was developed by the National Institute of Standards and Technology, focuses on a number of areas, including, but not limited to, insider threats, software application security, social networking and privacy.
Choose a strong password
Another crucial step for security is the creation of a password that is impossible for anyone to surmise. It is recommended that you form a string of characters consisting of upper- and lower-case letters, numbers and symbols that could be meaningful to you, but of no significance to anyone else.
Be aware of the risk of re-using passwords. If a hackers has cracked a password on one site, they will attempt to use that password on other sites. Instead, use a password manager, which is a program that assists you in producing strong passwords, and stores them securely so that you do not have to recall them. However, you do have to know one strong password in order to use the password manager. Some popular password managers are LastPass, 1Password, Dashlane and KeePassX.
Multi-factor authentication can help prevent you from typing your passwords into phishing sites, which are sites that look like any website. Phishing sites are malicious and have deceived many individuals into revealing their passwords. In order to securely login into a system, you must complete one or more “authentication factors.” Such factors can include something you know, such as a password, something you possess, such as a key, or something you are, such as biometrics like your thumbprint.
Single-factor authentication is where the system needs just one password. Multi-factor authentication offers greater security. Even if a hacker obtains your password, they can not gain access to your device without your key or your thumb. Therefore, if you fall victim to a phishing site, and reveal your password, it will not be sufficient to hack into your system because hackers will not be in possession of the second authentication step.
Once you enable multi-factor authentication, you will start the login process in the usual manner by typing a username and password. Upon acceptance of the password, you will be asked to enter a special code, which you will receive from an app on your phone. The most widely used multi-factor authentication app is Google Authenticator. Others include Authy and Microsoft Authenticator, which are accessible on iOS and Android.
In lieu of an app, some sites will transmit an authentication code by way of text message. There are benefits and disadvantages of this mode of transmission. Since text messages are susceptible to attack, if you are given a choice, it is best to choose app-based over text-based codes. Several popular websites and services provide multi-factor authentication. Email providers Google, Microsoft and Yahoo provide it. Included in this list is Office 365, which several law firms use. Other websites that offer multi-factor authentication are Dropbox, Box, Facebook and Twitter. Some services that are especially geared toward lawyers, such as Clio, also offer this service. If it is available, always enable it.
It is imperative that you keep your software up-to-date through patching. A patch is a piece of software created to update a computer program or its supporting data. If you use a Mac, open the App Store app, and check to see if there are any updates. Your computer will regularly check for updates automatically. Windows also automatically checks for updates, which normally arrive on a Tuesday.
Inasmuch as Windows no longer issues security updates for some of the older operating systems, it is recommended that you not use Windows XP, or more antiquated versions of Windows. Additionally, your iPhone or other iOS device will automatically check for updates. If you learn about an update, and have not yet received a prompt for its installation, you can update the system by clicking on Settings, then General, and then Software Updates.
Avoidance of malware
Furthermore, lawyers can take certain measures to avoid malware, including ransomware, which is where hackers obtain access to a firm’s server, hold the firm’s data hostage, and demand funds in exchange for the return of the data to the firm. Law firms function on data, including client files, memos, client information, research, etc. The majority of that data is confidential. Maintaining the safety and security of that data should be of utmost importance to your firm.
Among the steps lawyers can take to avoid falling victim to malware is to stay away from torrent sites, which have a tendency to be corrupted by malware. Other suspicious sites are compensated by the placement of ads from ad networks that do not sufficiently examine their inventory, and such ads can contain malware. Web ads that contain viruses are referred to as malvertising. However, if your software is patched, this is less likely to be an issue. Lastly, do not disable the firewall on your operating system, or your virus scanner.
Other security measures
Moreover, upon purchasing a Mac computer, lawyers should enable “Find My Mac” as part of their iCloud settings. One useful feature of Find My Mac is that you can trigger it from a remote location. In the event your computer is lost or stolen, you can trigger “Find My Mac” on an iPhone app, and the next time the user attempts to connect the laptop to a Wi-Fi network, it would also communicate to Apple the location of the network.
Another useful feature of Find My Mac is remote wipe, which triggers the total erasure of your hard drive, which can take a few hours. Microsoft offers a similar service called Find My Device for determining the whereabouts of a computer that is lost or stolen. It also provides BitLocker for the encryption of disks, and Intune for remote wiping.
In the interest of safety for your computer, your clients and yourself, allocate an hour or two to check your device and password security. An even better option is to make certain that your practices are updated every six months, and to take the time to enable the security features on your device.