♫ Got a secret
Can you keep it?
Swear this one you’ll save
Better lock it in your pocket…♫
Music, lyrics and recorded by The Pierces.
(This post was just posted to Slawtips.ca and I thought it fit here as well).
Prism, the National Security Electronic Surveillance program operated by the United States National Security Agency (NSA) has caught a great deal of press lately. This surveillance program has raised questions as to how individuals can protect their data from being snooped upon. These revelations have led to discussions on ways that allow people to use encryption for protection.
I have been advising lawyers to use encryption technology for some time. When contacted by a lawyer who has had a laptop stolen from a car or elsewhere my first question to them is: “Did you have the laptop encrypted or just password protected?” I have yet to encounter a yes to encryption. Unfortunately it is all-too-easy to break a Windows password or otherwise gain access to the data on the laptop – for example, see: How to Break Into a Windows PC (and Prevent it from Happening to You).
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
So what is encryption and how do you use it?
Wikipedia states: “In cryptography, encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.”
Encryption can be used to encode messages as well as encrypt files or folders on a hard drive (or the entire drive itself).
From a management perspective (for this column is intended to be about management tips) it behooves a law firm to ensure that there is as much protection around their and their client’s data as possible. After all, wouldn’t you prefer to say to a client that the firm had a laptop stolen but all the data on it was encrypted with a state-of-the-art algorithm over saying that you had a laptop stolen or lost that only had a Windows password….
Let’s look at disk encryption. Windows version 7 in the Ultimate and Enterprise editions comes with Bitlocker. Bitlocker can encrypt the entire drive and any file that you create.
Macs come with FileVault that is built into OSX. Once you turn it on, it encrypts everything – all disk contents and actively encrypts and decrypts data on the fly. Techhive has a blog post on how to encrypt a hard drive.
What about the endpoint security that Edward Snowden was speaking about as being so terrifically weak that it poses a problem for encryption?
In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.
Usually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).
Endpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.
Accordingly, management must be concerned with both encryption as well as possible access to the network via wireless devices and laptops to ensure high IT security and prevent ways to get around that highly secure encryption.
After all, we all want to keep our secrets now, don’t we?This entry was posted on Thursday, June 20th, 2013 at 10:08 pm and is filed under Adding Value, Change Management, Firm Governance, Issues facing Law Firms, Law Firm Strategy, Leadership and Strategic Planning, Technology, Tips, Trends. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
One Response to “Protect Your Data (from Snoops and others…)” Leave a Reply