Confidentiality in a Digital World<br />David Whelan, Manager, Legal InformationThe Law Society of Upper Canada<br />
Be aware<br />
Risk Exists Without Technology<br />
Risk Exists Without Technology<br />
Risk Exists Without Technology<br />
Risk Exists Without Technology<br />“<br />I'm in a Starbucks & bunch of lawyers are talking about a client's email trail ...
Location, Location, Location<br />
Laptops and Mobile Devices<br />2009 ABA Legal Technology Survey Report<br />
Checklist<br />
Risk Assessment Checklist<br />		Unintended Portability<br />
Assume Everything is Portable<br />Lock office doors<br />Place server(s) in locked room<br />Physically secure  all devic...
Avoid Security Through Obscurity<br />
Avoid Security Through Obscurity<br />US $39, getaheadcase.com<br />
We May Be the Weakest Link<br />~12,000 laptops<br />LOST<br />each week at<br />U.S. airports<br />Only 1/3d Recovered<br...
Risk Assessment Checklist<br />		Unintended Portability<br />		Defend Against Attacks<br /> 	Review defaults<br />		 	...
Review Defaults<br />Network hardware<br />Internet<br />Passwords<br />What’s Shared<br />What’s Broadcasting<br />Passwo...
Passwords<br />Lots and lots of passwords<br />E-commerce and banking Web sites<br />E-mail accounts in your firm and on t...
Passwords<br />Most popular password?  123456<br />Try for eight characters or more<br />Use a site like Passwordmeter.com...
Passwords<br />Know where your passwords are<br />Gawker Media hacked December 12, 2010<br />200,000 passwords cracked imm...
Harden Your Defenses<br />Network hardware<br />Internet<br />Software<br />Anti-virus<br />Anti-malware<br />Browser secu...
Risk Assessment Checklist<br />		Unintended Portability<br /> 	Defend Against Attacks<br /> 	Review defaults<br />		 	...
Encryption Reduces Impact of Loss<br />“<br />Client’s notebook PC & removable hard drive were stolen . . . .  Hard drive ...
Encrypt Your Data<br />Partial Disk<br />Full Disk<br />May require you to start the encryption tool<br />Encrypts everyth...
You Can Take It With You:  Don’t!<br />The need for portable media is nearly gone<br />If you have Internet access, use cl...
Encrypt from End to End<br />https://<br />http://<br />Username<br />*********<br />https://<br />
3 Reasons to Leave Data Behind<br />Storage devices are getting smaller and easy to lose<br />Someone who finds your lost ...
Protect Your Data<br />Back up your data<br />Use a secure online backup like Mozy, Carbonite<br />Use a portable drive th...
Risk Assessment Checklist<br />		Unintended Portability<br /> 	Defend Against Attacks<br /> 	Review defaults<br />		 	...
“Sharing, Sharing, Sharing”*<br />* Beaver Scouts motto<br />
Manage Your Mobility<br />Disable Bluetooth and wireless antennas when you’re not using them<br />Disable Windows File Sha...
Risk Assessment Checklist<br />		Unintended Portability<br /> 	Defend Against Attacks<br /> 	Review defaults<br />		 	...
Conclusion<br />Maintain control of your data<br />Requires prior planning to prevent loss<br />Requires creating practice...
Thank You!<br />David Whelan<br />Manager, Legal InformationThe Law Society of Upper Canada<br />dwhelan@lsuc.on.ca<br />T...
Upcoming SlideShare
Loading in …5
×

Confidentiality in a Digital World

900 views
830 views

Published on

This presentation was given to lawyers preparing to start practice in Ontario, Canada, as part of an introductory course. It is meant to provide an introduction to some considerations relevant to lawyers who store confidential client information electronically. It was given on December 16th in Toronto.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
900
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Confidentiality in a Digital World

  1. 1. Confidentiality in a Digital World<br />David Whelan, Manager, Legal InformationThe Law Society of Upper Canada<br />
  2. 2. Be aware<br />
  3. 3. Risk Exists Without Technology<br />
  4. 4. Risk Exists Without Technology<br />
  5. 5. Risk Exists Without Technology<br />
  6. 6. Risk Exists Without Technology<br />“<br />I'm in a Starbucks & bunch of lawyers are talking about a client's email trail problem: clearly see their own speech trail as no problem<br />”<br />- from Twitter April 29, 2010<br />
  7. 7. Location, Location, Location<br />
  8. 8. Laptops and Mobile Devices<br />2009 ABA Legal Technology Survey Report<br />
  9. 9. Checklist<br />
  10. 10. Risk Assessment Checklist<br /> Unintended Portability<br />
  11. 11. Assume Everything is Portable<br />Lock office doors<br />Place server(s) in locked room<br />Physically secure all devices<br />Desktops<br />Laptops<br />Handhelds<br />On 7/7/07, <NAME PROTECTED> <EMAIL PROTECTED> wrote:<br />SUBJECT: Stolen Server<br />One of my clients is a law firm… on the 4th of July, someone broke into their office and stole the server as well as all of their computers. Luckily they had a good backup plan, so they didn't lose any data from the server.<br />
  12. 12. Avoid Security Through Obscurity<br />
  13. 13. Avoid Security Through Obscurity<br />US $39, getaheadcase.com<br />
  14. 14. We May Be the Weakest Link<br />~12,000 laptops<br />LOST<br />each week at<br />U.S. airports<br />Only 1/3d Recovered<br />Airport Insecurity: The Case of Missing & Lost Laptops, Ponemon Institute, 2008<br />
  15. 15. Risk Assessment Checklist<br /> Unintended Portability<br /> Defend Against Attacks<br /> Review defaults<br />  Passwords<br />  Harden your defenses<br />
  16. 16. Review Defaults<br />Network hardware<br />Internet<br />Passwords<br />What’s Shared<br />What’s Broadcasting<br />Passwords<br />Passwords<br />Add Security<br />Change Name<br />
  17. 17. Passwords<br />Lots and lots of passwords<br />E-commerce and banking Web sites<br />E-mail accounts in your firm and on the Web<br />To access your phone, your laptop, Windows<br />Make them complex<br />Make them unique<br />Test them<br />Write them down<br />
  18. 18. Passwords<br />Most popular password? 123456<br />Try for eight characters or more<br />Use a site like Passwordmeter.com to get tips<br />Ideal password is random – good luck with that<br />Start with something you can recall<br />Weak 15%: commonlaw<br />Better 70%: C0mm0nl&w<br />Best 92%: C03m0nL&w<br />
  19. 19. Passwords<br />Know where your passwords are<br />Gawker Media hacked December 12, 2010<br />200,000 passwords cracked immediately<br />1,958 used password<br />681 used qwerty<br />Other popular: 123456, 12345678, abc123<br />Exploit A<br />Exploit B<br />Exploit C<br />Password A<br />Gawker.com<br />Passwords B/C<br />Twitter.com<br />Campfire.com<br />Passwords D/E/…<br />Other staff<br />Other non-staff<br />
  20. 20. Harden Your Defenses<br />Network hardware<br />Internet<br />Software<br />Anti-virus<br />Anti-malware<br />Browser security<br />Firewall <br />Hardware<br />Firewall<br />Intrusion Detection<br />
  21. 21. Risk Assessment Checklist<br /> Unintended Portability<br /> Defend Against Attacks<br /> Review defaults<br />  Passwords<br />  Harden your defenses<br /> Reduce Your Risk<br /> Encrypt your data<br />  Don’t carry any data you don’t have to<br />  Protect the data you leave behind<br />
  22. 22. Encryption Reduces Impact of Loss<br />“<br />Client’s notebook PC & removable hard drive were stolen . . . . Hard drive was unencrypted and contained 10+ yrs of personal and business financial data . . . . <br />”<br />E-mail to Solosez discussion list, November 2009<br />
  23. 23. Encrypt Your Data<br />Partial Disk<br />Full Disk<br />May require you to start the encryption tool<br />Encrypts everything you place in the encrypted volume<br />Can be closed without turning off computer<br />Can be treated as file<br />Starts with computer<br />Encrypts everything whether it needs it or not<br />No user interaction<br />
  24. 24. You Can Take It With You: Don’t!<br />The need for portable media is nearly gone<br />If you have Internet access, use cloud-based file access tools<br />Synchronization ( Dropbox, Sugarsync )<br />Synchronize files between your computer, their servers, and your other devices<br />Delete a file, and it is deleted from their servers<br />Tonido<br />Creates an encrypted tunnel to your files<br />
  25. 25. Encrypt from End to End<br />https://<br />http://<br />Username<br />*********<br />https://<br />
  26. 26. 3 Reasons to Leave Data Behind<br />Storage devices are getting smaller and easy to lose<br />Someone who finds your lost device can almost always recover deleted data from it<br />A laptop traveling in standby or hibernation mode retains your decryption keys in memory<br />
  27. 27. Protect Your Data<br />Back up your data<br />Use a secure online backup like Mozy, Carbonite<br />Use a portable drive that you can physically secure<br />Use preventative measures on handhelds<br />Remote locating apps<br />Remote destruction apps<br />
  28. 28. Risk Assessment Checklist<br /> Unintended Portability<br /> Defend Against Attacks<br /> Review defaults<br />  Passwords<br />  Harden your defenses<br /> Reduce Your Risk<br /> Encrypt your data<br />  Don’t carry any data you don’t have to<br />  Protect the data you leave behind<br /> Manage Your Mobility<br />
  29. 29. “Sharing, Sharing, Sharing”*<br />* Beaver Scouts motto<br />
  30. 30. Manage Your Mobility<br />Disable Bluetooth and wireless antennas when you’re not using them<br />Disable Windows File Sharing<br />Use an encrypted connection AND connect to encrypted resources<br />Baaaaaa…..<br />Firesheep<br />
  31. 31. Risk Assessment Checklist<br /> Unintended Portability<br /> Defend Against Attacks<br /> Review defaults<br />  Passwords<br />  Harden your defenses<br /> Reduce Your Risk<br /> Encrypt your data<br />  Don’t carry any data you don’t have to<br />  Protect the data you leave behind<br /> Manage Your Mobility<br />
  32. 32. Conclusion<br />Maintain control of your data<br />Requires prior planning to prevent loss<br />Requires creating practices to minimize possibility of loss<br />Embrace technology thoughtfully<br />You can be efficient and careful<br />Be aware of where you are and be mindful of what you are doing and sharing<br />
  33. 33. Thank You!<br />David Whelan<br />Manager, Legal InformationThe Law Society of Upper Canada<br />dwhelan@lsuc.on.ca<br />Twitter: @davidpwhelan<br />

×