The document discusses the risks associated with technology in maintaining confidentiality, particularly for legal professionals. It emphasizes the need for robust security measures, such as using strong and unique passwords, encrypting data, and secure backups, as well as the management of mobile devices to prevent data loss or theft. Ultimately, it calls for careful planning and awareness in handling sensitive information in a digital environment.

1. Confidentiality in a Digital WorldDavid Whelan, Manager, Legal InformationThe Law Society of Upper Canada

2. Be aware

3. Risk Exists Without Technology

4. Risk Exists Without Technology

5. Risk Exists Without Technology

6. Risk Exists Without Technology“I'm in a Starbucks & bunch of lawyers are talking about a client's email trail problem: clearly see their own speech trail as no problem”- from Twitter April 29, 2010

7. Location, Location, Location

8. Laptops and Mobile Devices2009 ABA Legal Technology Survey Report

9. Checklist

10. Risk Assessment Checklist Unintended Portability

11. Assume Everything is PortableLock office doorsPlace server(s) in locked roomPhysically secure all devicesDesktopsLaptopsHandheldsOn 7/7/07, <NAME PROTECTED> <EMAIL PROTECTED> wrote:SUBJECT: Stolen ServerOne of my clients is a law firm… on the 4th of July, someone broke into their office and stole the server as well as all of their computers. Luckily they had a good backup plan, so they didn't lose any data from the server.

12. Avoid Security Through Obscurity

13. Avoid Security Through ObscurityUS $39, getaheadcase.com

14. We May Be the Weakest Link~12,000 laptopsLOSTeach week atU.S. airportsOnly 1/3d RecoveredAirport Insecurity: The Case of Missing & Lost Laptops, Ponemon Institute, 2008

15. Risk Assessment Checklist Unintended Portability Defend Against Attacks Review defaults  Passwords  Harden your defenses

16. Review DefaultsNetwork hardwareInternetPasswordsWhat’s SharedWhat’s BroadcastingPasswordsPasswordsAdd SecurityChange Name

17. PasswordsLots and lots of passwordsE-commerce and banking Web sitesE-mail accounts in your firm and on the WebTo access your phone, your laptop, WindowsMake them complexMake them uniqueTest themWrite them down

18. PasswordsMost popular password? 123456Try for eight characters or moreUse a site like Passwordmeter.com to get tipsIdeal password is random – good luck with thatStart with something you can recallWeak 15%: commonlawBetter 70%: C0mm0nl&wBest 92%: C03m0nL&w

19. PasswordsKnow where your passwords areGawker Media hacked December 12, 2010200,000 passwords cracked immediately1,958 used password681 used qwertyOther popular: 123456, 12345678, abc123Exploit AExploit BExploit CPassword AGawker.comPasswords B/CTwitter.comCampfire.comPasswords D/E/…Other staffOther non-staff

20. Harden Your DefensesNetwork hardwareInternetSoftwareAnti-virusAnti-malwareBrowser securityFirewall HardwareFirewallIntrusion Detection

21. Risk Assessment Checklist Unintended Portability Defend Against Attacks Review defaults  Passwords  Harden your defenses Reduce Your Risk Encrypt your data  Don’t carry any data you don’t have to  Protect the data you leave behind

22. Encryption Reduces Impact of Loss“Client’s notebook PC & removable hard drive were stolen . . . . Hard drive was unencrypted and contained 10+ yrs of personal and business financial data . . . . ”E-mail to Solosez discussion list, November 2009

23. Encrypt Your DataPartial DiskFull DiskMay require you to start the encryption toolEncrypts everything you place in the encrypted volumeCan be closed without turning off computerCan be treated as fileStarts with computerEncrypts everything whether it needs it or notNo user interaction

24. You Can Take It With You: Don’t!The need for portable media is nearly goneIf you have Internet access, use cloud-based file access toolsSynchronization ( Dropbox, Sugarsync )Synchronize files between your computer, their servers, and your other devicesDelete a file, and it is deleted from their serversTonidoCreates an encrypted tunnel to your files

25. Encrypt from End to Endhttps://http://Username*********https://

26. 3 Reasons to Leave Data BehindStorage devices are getting smaller and easy to loseSomeone who finds your lost device can almost always recover deleted data from itA laptop traveling in standby or hibernation mode retains your decryption keys in memory

27. Protect Your DataBack up your dataUse a secure online backup like Mozy, CarboniteUse a portable drive that you can physically secureUse preventative measures on handheldsRemote locating appsRemote destruction apps

28. Risk Assessment Checklist Unintended Portability Defend Against Attacks Review defaults  Passwords  Harden your defenses Reduce Your Risk Encrypt your data  Don’t carry any data you don’t have to  Protect the data you leave behind Manage Your Mobility

29. “Sharing, Sharing, Sharing”** Beaver Scouts motto

30. Manage Your MobilityDisable Bluetooth and wireless antennas when you’re not using themDisable Windows File SharingUse an encrypted connection AND connect to encrypted resourcesBaaaaaa…..Firesheep

31. Risk Assessment Checklist Unintended Portability Defend Against Attacks Review defaults  Passwords  Harden your defenses Reduce Your Risk Encrypt your data  Don’t carry any data you don’t have to  Protect the data you leave behind Manage Your Mobility

32. ConclusionMaintain control of your dataRequires prior planning to prevent lossRequires creating practices to minimize possibility of lossEmbrace technology thoughtfullyYou can be efficient and carefulBe aware of where you are and be mindful of what you are doing and sharing

33. Thank You!David WhelanManager, Legal InformationThe Law Society of Upper Canadadwhelan@lsuc.on.caTwitter: @davidpwhelan