don't diligence information security for lawyers
DESCRIPTION
Dont Diligence -Information Security for Lawyers : Cloud Security, the Law Society and what every lawyer needs to know - Darren Thurston - hardBox SolutionsTRANSCRIPT
![Page 1: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/1.jpg)
Don't Diligence -Information Security for Lawyers
Cloud Security, the Law Society and what every lawyer needs to know
Darren Thurston – hardBox Solutions
![Page 2: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/2.jpg)
Information technology solutions for high and medium security office environments
Secure data storage, sharing & retrieval
![Page 3: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/3.jpg)
Our Clients Include
●Edelmann & Company Law Office
●Helps Law Corporation
●Wilson, Buck, Butcher and Sears
●Browning, Ray, Soga, Dunne, Mirsky & Ng
●Phillip A. Riddell
●Don Morrison
![Page 4: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/4.jpg)
Who Are You?
![Page 5: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/5.jpg)
- Solo
- 2 to 5
- 6 to 20
- 21 to 75
- Over 75
- Crown Counsel
What size is your firm?
![Page 6: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/6.jpg)
Security breaches are happening every day.
Reputation is the first thing to be effected when a breach
occurs.
![Page 7: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/7.jpg)
![Page 8: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/8.jpg)
What is the cloud
![Page 9: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/9.jpg)
![Page 10: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/10.jpg)
Cloud Services
● DropBox● Google● iCloud● AmazonCloudDrive● WindowsLive
![Page 11: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/11.jpg)
Law Specific Cloud Services
● PCLaw / TimeMatters - LexisNexis● EsiLaw.com● Clio● AmicusAttorney.com● Rocketmatter.com
![Page 12: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/12.jpg)
Report Of The Cloud Computing Working Group
Law Society of B.C.
Gavin Hume, QC (Chair)
Bruce LeRose, QC
Peter Lloyd, FCA
Stacy Kuiack
http://www.lawsociety.bc.ca/docs/publications/reports/CloudComputing_2012.pdf
![Page 13: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/13.jpg)
Cloud Issues
● Location of data and jurisdictional issues
● Security and data privacy issues
● Legal compliance issues
● Ownership issues
● Access and retention issues
● Force majeure issues
● Liability issues
● Termination issues
![Page 14: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/14.jpg)
Where is my data?
![Page 15: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/15.jpg)
There are several problems with lawyers having their business records stored or processed outside British Columbia. Lawyers have a professional obligation to safeguard clients’ information to protect confidentiality and privilege. When a lawyer entrusts client information to a cloud provider the lawyer will often be subjecting clients’ information to a foreign legal system. The foreign laws may have lower thresholds of protection than Canadian law with respect to accessing information. A lawyer must understand the risks (legal, political, etc.) of having client data stored and processed in foreign jurisdictions.
Jurisdictional Issues
![Page 16: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/16.jpg)
Jurisdictional Issues● US PATRIOT Act
● Alberta, Canada: “Bill 54” and Personal
Information Protection Act (PIPA)
● UK Regulation of Investigatory Powers Act of 2000
● EU Data Protection Directive
● India Information Technology (Amendment) Act,
2008 (the IT Act)
![Page 17: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/17.jpg)
Security and Data Privacy
● Confidentiality provisions● SAS 70● Statement on Standards for Attestation
Engagements No. 16 (SSAE 16)● ISO 27002● Annual independent audits or
assessments● Incident Response Plan
![Page 18: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/18.jpg)
Legal compliance issues
● The Personal Information Protection and Electronic Documents Act
Personal Information Protection Act, B.C. of 2003
● Sarbanes-Oxley Act of 2002 (SOX)
● Health Insurance Portability and Accountability Act of
1996 (HIPAA)
● Health Information Technology for Economic and
Clinical Health (HITECH) Act
● Gramm-Leach-Bliley Act (GLB)
● Payment Card Industry Data Security Standard
(PCIDSS)
![Page 19: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/19.jpg)
Potential impact on Rule 4-43
...the Law Society revised Rule 4-43 (in 2008) to create a process to protect personal information. The balance that was sought recognized that the Law Society has the authority to copy computer records and investigate lawyers, but the process of making a forensic copy of computer records can capture irrelevant personal information. In light of this, the Law Society created a process to allow irrelevant personal information to be identified and segregated, so it was not accessed by the Law Society. Cloud computing creates a situation where that process might not be able to be followed.
![Page 20: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/20.jpg)
Ownership issuesMy data, right?
● Google has recently been sued
for mining data● Can your data be exported -
PCLaw?!?@#
![Page 21: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/21.jpg)
![Page 22: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/22.jpg)
Access and Retention Issues
● Litigation Hold
● Audit Trail
![Page 23: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/23.jpg)
How is my data stored?
- Virtualization
- Multi-tenancy
- Other
![Page 24: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/24.jpg)
Other issues● Force Majeure Issues
natural disaster, act of war, etc.
● Liability Issues
services and not responsible for their downtime
● Termination Issues
exit strategy
![Page 25: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/25.jpg)
Security Incidents
![Page 26: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/26.jpg)
DropBox
The problem child of cloud services
![Page 27: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/27.jpg)
![Page 28: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/28.jpg)
Not just cloud services
![Page 29: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/29.jpg)
The dangers.. and your obligations
● Unprotected computers infected/hacked
within minutes of connecting to Internet● Lost / stolen cell phones or laptops● Theft of client, firm or personal data● Rules of professional conduct
oblige you to protect client data
![Page 30: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/30.jpg)
![Page 31: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/31.jpg)
Information Security Best Practices
● How much time, effort and
money do you invest?● Absolute security is impossible● Safety vs. convenience
● Find balance between:● Allowable risk● Acceptable cost/effort
![Page 32: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/32.jpg)
Keep your electronicdata secure and private
Steps you must ensure:
● Install all latest software updates
● Use strong passwords
● Antivirus software is essential
● Install a firewall on your Internet
connection
● Avoid the dangers of e-mail
● Beware the dangers of metadata
![Page 33: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/33.jpg)
Keep your electronicdata secure and private (cont.)
● Lockdown and encrypt your data
● Harden your wireless connections
● Learn how to safely surf the Web
● Change key default settings
● Implement a technology use policy
● A backup solution, can save your practice
![Page 34: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/34.jpg)
Install updates...
● Microsoft products particularly prone● Update all software regularly!● Microsoft / Apple Mac's ● Don’t forget non-OS software!
Java / Flash / Adobe PDF● Check on a regular schedule
![Page 35: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/35.jpg)
Further update issues
● Turn on Automatic Updates● Automatic vs. ask to install● Periodically check Microsoft website● Critical updates ASAP● Watch for “optional” software● Backup before you install updates● Create Restore point (Windows)
![Page 36: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/36.jpg)
A few thoughts on passwords
How many of you re-use passwords?
Use a your child's or pet's name or birthdate?
![Page 37: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/37.jpg)
Top used passwords1) password
2) 123456
3) 12345678
4) 1234
5) qwerty
6) 12345
7) dragon
8) pussy
9) baseball
10) football
11) letmein
12) monkey
13) 696969
14) abc123
![Page 38: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/38.jpg)
Use strong passwords
Frankiepoo1 = BAD
m%")FZTm"d*A = DECENT
a{3xQXbDZ`k=/T8z\>Mx = GOOD
![Page 39: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/39.jpg)
Proper use
● Passwords are the keys to
“unlock” your computer● Essential for securing your
electronic data and entire corporate
network● You need to be conscientious about
how to set them up and use them
![Page 40: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/40.jpg)
Proper use
● Don’t use the same password
for everything● Don’t tell anyone your
passwords, EVER!!● Be wary of saving passwords
in your browser
![Page 41: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/41.jpg)
Proper use● Never write them down
● If you must store them securely (safe)
● Be careful about storing passwords on
your computer – Use an encrypted
password safe
● A security breach can compromise your
entire network
● Rotate important passwords every
60 to 90 days
![Page 42: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/42.jpg)
Anti-virus software Essential
● Protect your computer and data from malware
- Viruses
- Worms
- Trojan Horses
- Key Stroke Recorders
- Backdoors
- Rootkits
![Page 43: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/43.jpg)
Anti-Virus Use
● Decent free anti-virus is available
Microsoft Security Essentials● Needs to set up correctly● Daily scans of all data● Regularl updates of your
virus definition or signature files
![Page 44: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/44.jpg)
False Security
● The anti-virus game is one of
catch-up● 20 % of viruses will get past most
anti-virus products
![Page 45: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/45.jpg)
Use a Firewall
● A gatekeeper that ensures incoming and
outgoing communications are legitimate● All computers on the Internet can see
one another● Lines of communication are established
through ports● Open ports can allow unwanted
access to a computer
![Page 46: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/46.jpg)
E-mail dangers● Protect access with passwords
● Use privacy statements Please note that this email correspondence is *not* encrypted or secured in any way. If you are sending sensitive information or attachments you may wish to send them in another format. If you choose to communicate with us by email, you agree to accept the possible risk of loss of privacy.
The information in this internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this internet email by anyone else is unauthorized.
![Page 47: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/47.jpg)
Smart email use
● Read email in text format not html● Be wary of phishing emails● Be wary of links & attachments
in emails● Implement a spam filter
![Page 48: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/48.jpg)
metadata
● Data About Data● MS Offices Products● Adobe pdf's● Photo's
![Page 49: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/49.jpg)
Lockdown and encrypt your data
● Startup & Users passwords● Put a password on your screensaver● Data stored on computers and
on external drives should
ALWAYS be encrypted● USB Drives !
![Page 50: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/50.jpg)
Harden your wireless connections● Disable SSID Broadcast● MAC Filtration● Change Defaults● Enable Logging● Use Encryption WEP is not secure● WPA2 with AES Algorithm● WPS can be hacked w/ Reaver
![Page 51: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/51.jpg)
Learn how to safely surf the Web
● Safe browser choices = No IE● Disabling some browser features● Controlling which cookies can be stored on
your computer● Preventing pop-ups● Plug-ins turned off by default
![Page 52: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/52.jpg)
Change key default settings
● File Sharing● Administrator account● Normal user account for everyday use● Domain name● Workgroup name
![Page 53: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/53.jpg)
Technology use policy
● Does your office have one?● Law Society has templates● Internet and Email Use Policy
![Page 54: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/54.jpg)
Backup solutions
● Secure ● Encrypted● Onsite● Offsite
![Page 55: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/55.jpg)
Backup details
● Who’s Responsible● Full Backup● Daily Backups● Establish Alerts● Files● E-mail● Logs
![Page 56: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/56.jpg)
Further information
● The Law Society of BC – practice
docs/tips● CBA - Guidelines for Practicing
Ethically with New Information
Technologies● Give us a call
![Page 57: Don't Diligence Information Security for Lawyers](https://reader034.vdocument.in/reader034/viewer/2022051412/548795e8b4af9f730d8b54b2/html5/thumbnails/57.jpg)
Questions?Contact Information
Darren Thurston
www.hardbox.ca