In today’s world, it’s common, if not downright expected that you and your support staff use mobile devices to timely communicate with clients and access firm documents and resources. While this may be great for productivity and reacting to client needs while away from the office, the influx of laptops, tablets and mobile phones in the workplace can pose a significant risk to a firm’s data if they are lost or stolen. On top of that, California, like most other states, has breach notification laws that require all business entities (yes, law firms included) to report breaches that may have lead to the unauthorized access of “personally identifiable information” of 500+ California residents (if your practice is multi-jurisdictional you’ll have to comply with those state laws too).
Here are some suggestions for making sure devices that store or have access to client (or firm!) data are properly cared for:
Encrypt, Encrypt, For Crying Out Loud – ENCRYPT Those Hard Drives
At this point in the security game, encryption hasn’t been broken. That means, it still actually works and may, under certain conditions, act as a safe harbor for lost or stolen devices when it comes to some breach notification laws. California amended its breach notification laws to modify the safe harbor pertaining to encrypted data, so be sure to understand your duties and obligations under state laws. Foley and Baker Hostetler both maintain charts that summarize nationwide laws.
Encrypting Windows Laptops, Tablet and Even PC’s
BitLocker (don’t confuse it with BitCoin or Bit.ly) is Microsoft’s built-in encryption program for that will encrypt your entire drive (aka “whole disk encryption”) and mitigate risk against unauthorized changes to your system.
The catch with Bitlocker is that it may not be available on your machine – it’s native to machines running Windows Vista, Vista Enterprise, 7 Ultimate, 7 Enterprise, Windows 8.1 Pro, Windows 8.1 Enterprise, or Windows 10 Pro. How will you know if Bitlocker is available? Either run a search from the Start button for Bitlocker or look in the Control Panel. If it pops up, you’ll easily be able to enable it. Here’s a great guide to help you understand Bitlocker from PCWorld.
If you’re a Mac user, you’ll look for a similar service built into the OS called FileVault, which is available on all Macs with OS X from 10.7 through macOS 10.13. Learn more about it and how to enable it here.
Use Complex and Unique Passwords
Is one of these your password?
If so, congratulations, you have one of the most common and worst passwords of 2017. Consider two things to up your password game: 1) complex pass phrases and 2) a password manager.
Passphrases are more like sentences – they don’t have to make sense, and they can contain spaces, capitals and special characters. Think about your favorite line from a song, a poem or thought of the day. I regularly use passphrases that remind me of my beloved second city-home, New Orleans. Passphrases like “Laissez le bon temps rouler.” or “Makin’ groceries 2018.” While some programs or services may not let you use passphrases, try using a variation (underscores instead of spaces) where you can. Read a few more tips about passphrases here.
You may also consider using a password manager outside those built into browsers and devices. Rocket Matter, a popular case management system for lawyers has a great post explaining the how and why’s of password managers.
Help A Good Samaritan Find You
I’ve always feared losing my iPhone. Don’t you? Well, I’ve long carried a backup phone (today, it’s a Google Pixel). I’ve also long adhered small stickers, asset tags to all my portable devices. On those bright orange stickers there is a simple message, “If Found Please Call….(3 different phone numbers listed)” – both phones, and my mother’s phone (nobody would be more thrilled to get a call like this than Gina Linares).
All this seemed for naught until the day my iPhone slipped out of my winter coat on the AirTrain from JFK to Jamaica Station. I was already a transfer in when I realized it was gone. Seriously, imagine my horror. As I was reaching for the backup phone to call it, the Pixel was ringing with a call from an unknown caller. A good, no a GREAT Samaritan, was calling to let me know they had my phone and would wait for me to come back and get it.
A simple search for “asset tags” will offer you a bevy of affordable options. Do yourself and your clients a favor by making it as easy as possible to get lost devices back into the right hands.
This article was originally published on the SDCBA's Blawg401.