0
Dont Diligence -Information Security for LawyersCloud Security, the Law Society and what every lawyerneeds to knowDarren T...
Information technology solutions forhigh and medium security officeenvironmentsSecure data storage, sharing &retrieval
Our Clients IncludeEdelmann & Company Law Office●Helps Law Corporation●Wilson, Buck, Butcher and Sears●Browning, Ray, Soga...
Who Are You?
What size is your firm?- Solo- 2 to 5- 6 to 20- 21 to 75- Over 75- Crown Counsel
Security breaches are    happening every day.Reputation is the first thing to be effected when a breach           occurs.
What is the cloud
Cloud Services●   DropBox●   Google●   iCloud●   AmazonCloudDrive●   WindowsLive
Law Specific Cloud Services●   PCLaw / TimeMatters - LexisNexis●   EsiLaw.com●   Clio●   AmicusAttorney.com●   Rocketmatte...
Report Of The Cloud Computing           Working GroupLaw Society of B.C.   Gavin Hume, QC (Chair)   Bruce LeRose, QC   Pet...
Cloud Issues●   Location of data and jurisdictional issues●   Security and data privacy issues●   Legal compliance issues●...
Where is my data?
Jurisdictional Issues There are several problems with lawyers havingtheir business records stored or processed outsideBrit...
Jurisdictional Issues●   US PATRIOT Act●   Alberta, Canada: “Bill 54” and Personal    Information Protection Act (PIPA)●  ...
Security and Data Privacy●   Confidentiality provisions●   SAS 70●   Statement on Standards for Attestation    Engagements...
Legal compliance issues●   The Personal Information Protection and Electronic Documents Act    Personal Information Protec...
Potential impact on Rule 4-43...the Law Society revised Rule 4-43 (in 2008) to create a process toprotect personal informa...
Ownership issues            My data, right?●   Google has recently been sued    for mining data●   Can your data be export...
Access and Retention Issues●   Litigation Hold●   Audit Trail
How is my data stored?      - Virtualization      - Multi-tenancy          - Other
Other issues●   Force Majeure Issues    natural disaster, act of war, etc.●   Liability Issues    services and not respons...
Security Incidents
DropBoxThe problem child of cloudservices
Not just cloud services
The dangers..and your obligations●   Unprotected computers infected/hacked    within minutes of connecting to Internet●   ...
Information Security Best Practices ●   How much time, effort and     money do you invest?     ●   Absolute security is im...
Keep your electronic             data secure and private    Steps you must ensure:●   Install all latest software updates●...
Keep your electronic    data secure and private (cont.)●   Lockdown and encrypt your data●   Harden your wireless connecti...
Install updates...●   Microsoft products particularly prone●   Update all software regularly!●   Microsoft / Apple Macs●  ...
Further update issues●   Turn on Automatic Updates●   Automatic vs. ask to install●   Periodically check Microsoft website...
A few thoughts on passwords   How many of you re-use        passwords?Use a your childs or pets name        or birthdate?
Top used passwords 1) password 2) 123456 3) 12345678 4) 1234 5) qwerty 6) 12345 7) dragon 8) pussy 9) baseball 10) footbal...
Use strong passwordsFrankiepoo1 = BADm%")FZTm"d*A = DECENTa{3xQXbDZ`k=/T8z>Mx = GOOD
Proper use●   Passwords are the keys to    “unlock” your computer●   Essential for securing your    electronic data and en...
Proper use●   Don’t use the same password    for everything●   Don’t tell anyone your    passwords, EVER!!●   Be wary of s...
Proper use●   Never write them down●   If you must store them securely (safe)●   Be careful about storing passwords on    ...
Anti-virus software Essential●   Protect your computer and data from malware    - Viruses    - Worms    - Trojan Horses   ...
Anti-Virus Use●   Decent free anti-virus is available    Microsoft Security Essentials●   Needs to set up correctly●   Dai...
False Security●   The anti-virus game is one of    catch-up●   20 % of viruses will get past most    anti-virus products
Use a Firewall●   A gatekeeper that ensures incoming and    outgoing communications are legitimate●   All computers on the...
E-mail dangers●   Protect access with passwords●   Use privacy statements     Please note that this email correspondence i...
Smart email use●   Read email in text format not html●   Be wary of phishing emails●   Be wary of links & attachments    i...
metadata●   Data About Data●   MS Offices Products●   Adobe pdfs●   Photos
Lockdown and encrypt your data●   Startup & Users passwords●   Put a password on your screensaver●   Data stored on comput...
Harden your wireless connections●   Disable SSID Broadcast●   MAC Filtration●   Change Defaults●   Enable Logging●   Use E...
Learn how to safely surf the Web●   Safe browser choices = No IE●   Disabling some browser features●   Controlling which c...
Change key default settings●   File Sharing●   Administrator account●   Normal user account for everyday use●   Domain nam...
Technology use policy●   Does your office have one?●   Law Society has templates●   Internet and Email Use Policy
Backup solutions●   Secure●   Encrypted●   Onsite●   Offsite
Backup details●   Who’s Responsible●   Full Backup●   Daily Backups●   Establish Alerts●   Files●   E-mail●   Logs
Further information●   The Law Society of BC – practice    docs/tips●   CBA - Guidelines for Practicing    Ethically with ...
Questions?Contact Information  Darren Thurstondarren@hardbox.ca  www.hardbox.ca
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
Upcoming SlideShare
Loading in...5
×

Don't Diligence Information Security for Lawyers

149

Published on

Dont Diligence -Information Security for Lawyers : Cloud Security, the Law Society and what every lawyer needs to know - Darren Thurston - hardBox Solutions

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
149
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Don't Diligence Information Security for Lawyers"

  1. 1. Dont Diligence -Information Security for LawyersCloud Security, the Law Society and what every lawyerneeds to knowDarren Thurston – hardBox Solutions
  2. 2. Information technology solutions forhigh and medium security officeenvironmentsSecure data storage, sharing &retrieval
  3. 3. Our Clients IncludeEdelmann & Company Law Office●Helps Law Corporation●Wilson, Buck, Butcher and Sears●Browning, Ray, Soga, Dunne, Mirsky & Ng●Phillip A. Riddell●Don Morrison●
  4. 4. Who Are You?
  5. 5. What size is your firm?- Solo- 2 to 5- 6 to 20- 21 to 75- Over 75- Crown Counsel
  6. 6. Security breaches are happening every day.Reputation is the first thing to be effected when a breach occurs.
  7. 7. What is the cloud
  8. 8. Cloud Services● DropBox● Google● iCloud● AmazonCloudDrive● WindowsLive
  9. 9. Law Specific Cloud Services● PCLaw / TimeMatters - LexisNexis● EsiLaw.com● Clio● AmicusAttorney.com● Rocketmatter.com
  10. 10. Report Of The Cloud Computing Working GroupLaw Society of B.C. Gavin Hume, QC (Chair) Bruce LeRose, QC Peter Lloyd, FCA Stacy Kuiackhttp://www.lawsociety.bc.ca/docs/publications/reports/CloudComputing_2012.pdf
  11. 11. Cloud Issues● Location of data and jurisdictional issues● Security and data privacy issues● Legal compliance issues● Ownership issues● Access and retention issues● Force majeure issues● Liability issues● Termination issues
  12. 12. Where is my data?
  13. 13. Jurisdictional Issues There are several problems with lawyers havingtheir business records stored or processed outsideBritish Columbia. Lawyers have a professionalobligation to safeguard clients’ information toprotect confidentiality and privilege. When a lawyerentrusts client information to a cloud provider thelawyer will often be subjecting clients’ informationto a foreign legal system. The foreign laws mayhave lower thresholds of protection than Canadianlaw with respect to accessing information. A lawyermust understand the risks (legal, political, etc.) ofhaving client data stored and processed in foreignjurisdictions.
  14. 14. Jurisdictional Issues● US PATRIOT Act● Alberta, Canada: “Bill 54” and Personal Information Protection Act (PIPA)● UK Regulation of Investigatory Powers Act of 2000● EU Data Protection Directive● India Information Technology (Amendment) Act, 2008 (the IT Act)
  15. 15. Security and Data Privacy● Confidentiality provisions● SAS 70● Statement on Standards for Attestation Engagements No. 16 (SSAE 16)● ISO 27002● Annual independent audits or assessments● Incident Response Plan
  16. 16. Legal compliance issues● The Personal Information Protection and Electronic Documents Act Personal Information Protection Act, B.C. of 2003● Sarbanes-Oxley Act of 2002 (SOX)● Health Insurance Portability and Accountability Act of 1996 (HIPAA)● Health Information Technology for Economic and Clinical Health (HITECH) Act● Gramm-Leach-Bliley Act (GLB)● Payment Card Industry Data Security Standard (PCIDSS)
  17. 17. Potential impact on Rule 4-43...the Law Society revised Rule 4-43 (in 2008) to create a process toprotect personal information. The balance that was sought recognized thatthe Law Society has the authority to copy computer records andinvestigate lawyers, but the process of making a forensic copy ofcomputer records can capture irrelevant personal information. In light ofthis, the Law Society created a process to allow irrelevant personalinformation to be identified and segregated, so it was not accessed by theLaw Society. Cloud computing creates a situation where that processmight not be able to be followed.
  18. 18. Ownership issues My data, right?● Google has recently been sued for mining data● Can your data be exported - PCLaw?!?@#
  19. 19. Access and Retention Issues● Litigation Hold● Audit Trail
  20. 20. How is my data stored? - Virtualization - Multi-tenancy - Other
  21. 21. Other issues● Force Majeure Issues natural disaster, act of war, etc.● Liability Issues services and not responsible for their downtime● Termination Issues exit strategy
  22. 22. Security Incidents
  23. 23. DropBoxThe problem child of cloudservices
  24. 24. Not just cloud services
  25. 25. The dangers..and your obligations● Unprotected computers infected/hacked within minutes of connecting to Internet● Lost / stolen cell phones or laptops● Theft of client, firm or personal data● Rules of professional conduct oblige you to protect client data
  26. 26. Information Security Best Practices ● How much time, effort and money do you invest? ● Absolute security is impossible ● Safety vs. convenience ● Find balance between: ● Allowable risk ● Acceptable cost/effort
  27. 27. Keep your electronic data secure and private Steps you must ensure:● Install all latest software updates● Use strong passwords● Antivirus software is essential● Install a firewall on your Internet connection● Avoid the dangers of e-mail● Beware the dangers of metadata
  28. 28. Keep your electronic data secure and private (cont.)● Lockdown and encrypt your data● Harden your wireless connections● Learn how to safely surf the Web● Change key default settings● Implement a technology use policy● A backup solution, can save your practice
  29. 29. Install updates...● Microsoft products particularly prone● Update all software regularly!● Microsoft / Apple Macs● Don’t forget non-OS software! Java / Flash / Adobe PDF● Check on a regular schedule
  30. 30. Further update issues● Turn on Automatic Updates● Automatic vs. ask to install● Periodically check Microsoft website● Critical updates ASAP● Watch for “optional” software● Backup before you install updates● Create Restore point (Windows)
  31. 31. A few thoughts on passwords How many of you re-use passwords?Use a your childs or pets name or birthdate?
  32. 32. Top used passwords 1) password 2) 123456 3) 12345678 4) 1234 5) qwerty 6) 12345 7) dragon 8) pussy 9) baseball 10) football 11) letmein 12) monkey 13) 696969 14) abc123
  33. 33. Use strong passwordsFrankiepoo1 = BADm%")FZTm"d*A = DECENTa{3xQXbDZ`k=/T8z>Mx = GOOD
  34. 34. Proper use● Passwords are the keys to “unlock” your computer● Essential for securing your electronic data and entire corporate network● You need to be conscientious about how to set them up and use them
  35. 35. Proper use● Don’t use the same password for everything● Don’t tell anyone your passwords, EVER!!● Be wary of saving passwords in your browser
  36. 36. Proper use● Never write them down● If you must store them securely (safe)● Be careful about storing passwords on your computer – Use an encrypted password safe● A security breach can compromise your entire network● Rotate important passwords every 60 to 90 days
  37. 37. Anti-virus software Essential● Protect your computer and data from malware - Viruses - Worms - Trojan Horses - Key Stroke Recorders - Backdoors - Rootkits
  38. 38. Anti-Virus Use● Decent free anti-virus is available Microsoft Security Essentials● Needs to set up correctly● Daily scans of all data● Regularl updates of your virus definition or signature files
  39. 39. False Security● The anti-virus game is one of catch-up● 20 % of viruses will get past most anti-virus products
  40. 40. Use a Firewall● A gatekeeper that ensures incoming and outgoing communications are legitimate● All computers on the Internet can see one another● Lines of communication are established through ports● Open ports can allow unwanted access to a computer
  41. 41. E-mail dangers● Protect access with passwords● Use privacy statements Please note that this email correspondence is *not* encrypted or secured in any way. If you are sending sensitive information or attachments you may wish to send them in another format. If you choose to communicate with us by email, you agree to accept the possible risk of loss of privacy. The information in this internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this internet email by anyone else is unauthorized .
  42. 42. Smart email use● Read email in text format not html● Be wary of phishing emails● Be wary of links & attachments in emails● Implement a spam filter
  43. 43. metadata● Data About Data● MS Offices Products● Adobe pdfs● Photos
  44. 44. Lockdown and encrypt your data● Startup & Users passwords● Put a password on your screensaver● Data stored on computers and on external drives should ALWAYS be encrypted● USB Drives !
  45. 45. Harden your wireless connections● Disable SSID Broadcast● MAC Filtration● Change Defaults● Enable Logging● Use Encryption WEP is not secure● WPA2 with AES Algorithm● WPS can be hacked w/ Reaver
  46. 46. Learn how to safely surf the Web● Safe browser choices = No IE● Disabling some browser features● Controlling which cookies can be stored on your computer● Preventing pop-ups● Plug-ins turned off by default
  47. 47. Change key default settings● File Sharing● Administrator account● Normal user account for everyday use● Domain name● Workgroup name
  48. 48. Technology use policy● Does your office have one?● Law Society has templates● Internet and Email Use Policy
  49. 49. Backup solutions● Secure● Encrypted● Onsite● Offsite
  50. 50. Backup details● Who’s Responsible● Full Backup● Daily Backups● Establish Alerts● Files● E-mail● Logs
  51. 51. Further information● The Law Society of BC – practice docs/tips● CBA - Guidelines for Practicing Ethically with New Information Technologies● Give us a call
  52. 52. Questions?Contact Information Darren Thurstondarren@hardbox.ca www.hardbox.ca
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×