The State Bar Association of North Dakota Spring 2015 Gavel Magazine | Page 22

CYBERSECURITY FOR LAWYERS PART II: HOW DATA IS LOST the device over the internet from continuing to have access. For laptop computers, all of the protections listed above apply, plus users must guard against physical loss through theft or owner neglect. A 2008 study commissioned by Dell Computer found 12,000 laptops were lost in airports every week. The study has been criticized as reporting unrealistically high loss rates, but the point remains that hundreds if not thousands of computers are lost every week which is a whole bunch of cyber-insecurity. JUSTICE DANIEL CROTHERS North Dakota Supreme Court My Winter 2015 Gavel article introduced the topic of cybersecurity for lawyers and defined cybersecurity as “protection of electronically stored information from theft, destruction, premature (or any) dissemination, or delayed access.” The article noted the lawyers’ duty to reasonably protect confidential client information. This article visits some ways lawyers and law firms can practice cybersecurity. Reasonably protecting against electronic data loss usually does not require extraordinary efforts or technical prowess; rather most cybersecurity can be practiced with moderate training, using steps that are simple to understand and deploy. Controlling physical access to devices Step one in protecting against data loss is controlling who can access the devices holding information. In the desktop computer world, this means using meaningful passwords, locking computers when not in use and shutting down or at least restarting computers at the end of a workday. This last step may prevent malicious users who have gained access to 22 THE GAVEL authorized users cannot use the device or access information on the device. Controlling electronic access to devices For tablets, smartphones and other highly portable devices, all of the above-mentioned measures of limiting access apply. One consumer protection magazine estimates 3.1 million American smartphones were stolen in 2013. I have been unable to find reliable estimates of the number of smartphones lost each year, but if my daughter and her friends are a barometer—it is a staggering number. Because these types of portable devices so easily can be lost or stolen, it is essential that they also have access control measures in place such as passwords or multi-digit codes. Since 2013, some devices have biometric security like a finger scan. However, you only have 10 fingerprints to use during this lifetime and biometric technology is not impervious to hacking, so caution should be used before using biometric-based access control. Locking or logging off devices when not in use also will prevent others from unauthorized use of your system. There literally is no end to the types of unauthorized use one could experience but they range from using a CD or thumb drive to load malicious software onto the device to using CDs or thumb drives to copy information off the device. An unlocked device also is subject to having the password or access code changed so that you or other The second step in preventing electronic data loss is keeping malicious users from gaining access to your devices. Most often, unauthorized access is gained using the Internet. Keeping operating systems, software and apps up to date This step requires maintenance of all software that makes an electronic device useful. Operating systems are routinely updated to patch security flaws and to increase resistance to penetration. Operating systems such as Microsoft Windows XP have run their product life and support has been discontinued. When manufacturer support ends, use of that operating system should end because known vulnerabilities make those computers subject to hacking and cyber-intrusion. Non-operating software such as Word or WordPerfect, and iPad apps such as GoodReader, The Weather Channel or iAnnotate, also must be maintained to avoid cyber-in