Vermont Bar Journal, Vol. 40, No. 2 - Page 19

which-platforms-are-supported-by-virtru / .
Receiving an Encrypted Email
With recent developments in email encryption , the process of opening an encrypted email is less cumbersome than in the past , though it may still be a multistep process . Recently , a colleague sent an email encrypted though the Microsoft Office 365 system . Opening and reading the email required a quick registration with Microsoft for a temporary key to open and read the emails . As long as the receiving system stayed logged in , the key lasted 12 hours . Had I had a Microsoft Office 365 account , the email would have opened without the intermediate step of registration and procuring the key . The reply to the email was also automatically encrypted . Several other firms with whom I correspond regularly use either Zixmail or Sharefile . In each case , when an encrypted email arrives , the email includes a link to the message or files on the server of the service . Typically , a quick registration – email address , name and creating a new password , is all that is required to access the email . One note , some encrypted systems delete or remove mail after it is read or after a time limit passes \ s . If preserving the email is important , the reader may need to capture the email to local storage to retain access to it .
too small to be a target . That is patently false since criminals with limited skills are going to exploit the easiest targets for the quick score . Large criminal organizations may target larger firms with greater density of information , but because they have more sophisticated security systems , they may target the smaller firms as well .
While this particular article looked primarily at encrypting email in transit , it is equally important to consider encrypting information stored on local computer systems and in cloud based storage . For example , files stored in a Spideroak container ( https :// spideroak . com /) are encrypted in transit to the Spideroak servers and while on the Spideroak servers . The same files stored in the Spideroak folder on your hard drive , however , are not encrypted unless your hard drive is encrypted . A cracker with access to your hard drive can read the unencrypted files as easily as you can .
It is possible to encrypt a hard drive , which prevents anyone without the proper credentials from accessing the hard drive . However , if the password to the system is written on a Post-it TM note on the monitor , all the encryption in the world won ’ t prevent access to the system . In addi-
tion , once the system is compromised , so that the cracker has access to the system at the administrative level , encryption no longer prevents the cracker from accessing the information because the cracker has the same level of access as a user of the system , or perhaps even better access . It goes without saying , then , that password protection is also critical to securing your client ’ s information . Perhaps , next up , if by popular demand , an upcoming Tech Tips article on passwords ! ____________________ James Knapp , Esq . is the Vermont Underwriting Counsel for First American Title Insurance Company . His avocation is the application of technology to the practice of law including information security and computer forensics . The information provided in this article are his personal opinions and do not represent the official position of First American Title Insurance Company , though the Company does encourage good practices related to information security and the protection of client information .
Tech Tips : Encryption Practice Pointers
Email Encryption is a Partial Solution
Encrypted email is only part of the security solution . As long as an unencrypted email rests on the firm ’ s or the client ’ s system , it can be read by anyone with access to that system . The recent focus on encryption appears to stem from a number of events where “ crackers ” ( criminal hackers with evil intentions – some hackers are just clever curious people pushing a system ’ s boundary with no evil intentions ) have obtained access to information about financial transactions and through clever social engineering have redirected payments through bogus wiring instructions . The cracker did not likely intercept the emails in transit , but instead read the emails after they had been delivered .
Information security professionals warn that crackers are not just targeting large business and international firms . Law offices , real estate professionals and others , particularly those who use email systems with limited security options such as AOL , Yahoo , free Gmail and Microsoft Outlook accounts , are the targets for a whole range of criminals looking for any information that can be exploited . Unfortunately , most users of systems with poor security options are convinced that their operations are too small or the transactions are
www . vtbar . org THE VERMONT BAR JOURNAL • SUMMER 2016 19
Receiving an Encrypted Email With recent developments in email encryption, the process of opening an encrypted email is less cumbersome than in the past, though it may still be a multistep process. Recently, a colleague sent an email encrypted though the Microsoft Office 365 system. Opening and reading the email required a quick registration with Microsoft for a temporary key to open and read the emails. As long as the receiving system stayed logged in, the key lasted 12 hours. Had I had a Microsoft Office 365 account, the email would have opened without the intermediate step of registration and procuring the key. The reply to the email was also automatically encrypted. Several other firms with whom I correspond regularly use either Zixmail or Sharefile. In each case, when an encrypted email arrives, the email includes a link to the message or files on the server of the service. Typically, a quick registration – email address, name and creating a new password, is all that is required to access the email. One note, some encrypted systems delete or remove mail after it is read or after a time limit passes\s. If preserving the email is important, the reader may need to capture the email to local storage to retain access to it. too small to be a target. That is patently false since criminals with limited skills are going to exploit the easiest targets for the quick score. Large criminal organizations may target larger firms with greater density of information, but because they have more sophisticated security systems, they may target the smaller firms as well. While this particular article looked primarily at encrypting email in transit, it is equally important to consider encrypting information stored on local computer systems and in cloud based storage. For example, files stored in a Spideroak container (https://spideroak.com/) are encrypted in transit to the Spideroak servers and while on the Spideroak servers. The same files stored in the Spideroak folder on your hard drive, however, are not encrypted unless your hard drive is encrypted. A cracker with access to your hard drive can read the unencrypted files as easily as you can. It is possible to encrypt a hard drive, which prevents anyone without the proper credentials from accessing the hard drive. However, if the password to the system is written on a Post-itTM note on the monitor, all the encryption in the world won’t prevent access to the system. In addi- tion, once the system is compromised, so that the cracker has access to the system at the administrative level, encryption no longer prevents the cracker from accessing the information because the cracker has the same level of access as a user of the system, or perhaps even better access. It goes without saying, then, that password protection is also critical to securing your client’s information. Perhaps, next up, if by popular demand, an upcoming Tech Tips article on passwords! ____________________ James Knapp, Esq. is the Vermont Underwriting Counsel for First American Title Insurance Company. His avocation is the application of technology to the practice of law including information security and computer forensics. The information provided in this article are his personal opinions and do not represent the official position of First American Title Insurance Company, though the Company does encourage good practices related to information security and the protection of client information. Tech Tips: Encryption Practice Pointers which-platforms-are-supported-by-virtru/ . Email Encryption is a Partial Solution Encrypted email is only part of the security solution. As long as an unencrypted email rests on the firm’s or the client’s system, it can be read by anyone with access to that system. The recent focus on encryption appears to stem from a number of e [\H8'ܘX\'H ܚ[Z[[X\]][[[[ۜ8$YHX\\H\]\\[\[H\[H\[x&\˜[\H]][[[[ۜH]H؝Z[YX\[ܛX][ۈX][[X[[X[ۜ[Y]\X[[[Y\[]HY\XY^[Y[Y\\[[X[ۜˈHܘX\YZ[H[\\H[XZ[[[] ][XYXYH[XZ[Y\^HYY[[]\Y [ܛX][ۈX\]Hٙ\[ۘ[\]ܘX\\H\\][\B\[\[[\][ۘ[\\ˈ]ٙX\X[\]Hٙ\[ۘ[[\\X[\HH\H[XZ[\[\][Z]YX\]H[ۜX\S XZYHXZ[[ZXܛٝ]X[\HH\]܈HB[Hوܚ[Z[[[܈[H[ܛX][ۈ][H^]Y [ܝ[][K[\\و\[\]܈X\]H[ۜ\H۝[Y]Z\\][ۜ\HX[܈H[X[ۜ\B˝\ܙ‚HTSӕTTS8(SSQT MNB