the SOCIETY RECORD - Nova Scotia Barristers' Society
the SOCIETY RECORD - Nova Scotia Barristers' Society
the SOCIETY RECORD - Nova Scotia Barristers' Society
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
LIANS<br />
TIPS FROM THE RISK AND PRACTICE MANAGEMENT PROGRAM<br />
Electronic data protection<br />
BY STACEY GERRARD<br />
LIANS Counsel<br />
Many of us have a healthy<br />
skepticism about flying<br />
in “<strong>the</strong> Cloud”. We worry<br />
about our client information being<br />
compromised and tend to keep<br />
our data stored a little closer to<br />
home. So imagine arriving to work<br />
one day, turning on your computer<br />
and instead of accessing your<br />
client files, a digital ransom note<br />
appears: “If you pay our ransom<br />
demands, we will restore access<br />
to your computer.” This scenario<br />
may sound farfetched but it’s what<br />
a law firm in Alberta recently encountered.<br />
Its lawyers were <strong>the</strong> victims of a “ransomware” attack in<br />
which hackers burrowed deeply into <strong>the</strong>ir computer network, infiltrating<br />
and encrypting <strong>the</strong>ir electronic records. No cloud required.<br />
This kind of attack on your system can be mitigated by ensuring<br />
your system has up-to-date antivirus software and anti-spyware<br />
software. Ensure that you install <strong>the</strong> updates and patches released<br />
by <strong>the</strong> software manufacturer. Back up your data regularly and store<br />
that backup off-site to minimize <strong>the</strong> harm of blocked access. Get a<br />
good firewall in place or use a network security gateway. If you don’t<br />
know how to do all of this yourself, talk to a computer professional<br />
about <strong>the</strong>se and o<strong>the</strong>r recommendations for your system.<br />
LIANS has reported at various times about email users (Yahoo!<br />
Mail and o<strong>the</strong>rs) having <strong>the</strong>ir accounts compromised after a<br />
hacker retrieved passwords from <strong>the</strong> cookies stored in computer<br />
browsers. Hackers use this access to forward an email containing a<br />
malicious link to <strong>the</strong> yahoo account’s address book contacts.<br />
This kind of attack can be avoided by using a strong password and<br />
changing your password on a regular basis. A “strong” password<br />
is 12 to 15 characters in length and contains a number, a special<br />
character and a capital letter. You might try using a song phrase<br />
or motto. According to Splashdata, <strong>the</strong> most vulnerable (weakest)<br />
passwords are: password, 123456; 12345678; abc123; qwerty;<br />
monkey; letmein; dragon; 11111; and baseball.<br />
Online hackers have also threatened lawyers’ bank accounts. You<br />
should ensure that your trust account is “read only” internet<br />
access. Regular monitoring of your accounts will alert you to suspicious<br />
transactions. In Manitoba, a hacker gained access to a law firm’s<br />
general account, set up an automatic transfer of $5,000 to ano<strong>the</strong>r<br />
bank and <strong>the</strong>n transferred money to a prepaid credit card. They did <strong>the</strong><br />
same thing <strong>the</strong> following day. Because <strong>the</strong> accounts were monitored<br />
regularly, <strong>the</strong> firm’s bookkeeper caught <strong>the</strong> transactions on <strong>the</strong> second<br />
day. The firm <strong>the</strong>n froze <strong>the</strong> online access, changed its password and<br />
reported <strong>the</strong> incident to <strong>the</strong> bank and <strong>the</strong> RCMP.<br />
As <strong>the</strong>se examples demonstrate, data protection – whe<strong>the</strong>r it is your<br />
firm’s data or your clients’ – is becoming a much higher priority<br />
for lawyers and law firms. Data loss can be as simple as losing a<br />
document that took you hours to create, or as catastrophic as losing<br />
all data due to a virus or a server crash. A hacker can not only cause<br />
you to lose data, but can damage your reputation as well.<br />
Here are <strong>the</strong> top 10 ways you can protect your data and prevent this<br />
from happening to you:<br />
1. Maintain physical security: lock your office door, file room<br />
and your server doors when you leave at night, or lock away<br />
sensitive information if you have afterhours cleaning staff. If you<br />
have a laptop, ei<strong>the</strong>r bring it with you at <strong>the</strong> end of day or lock<br />
it away. Avoid putting printers and fax machines in high-traffic<br />
areas – consider putting <strong>the</strong>m in your file room or ano<strong>the</strong>r room<br />
with a locked door.<br />
2. Maintain virtual security: password protect your laptop and<br />
smartphone. This way if you leave your device behind in a<br />
washroom or taxi, you won’t have <strong>the</strong> added worry of someone<br />
accessing your private information. To password protect your<br />
laptop: to go <strong>the</strong> start menu > control panel > User Accounts ><br />
create password. On your smartphone, go to settings or options<br />
> security > Screen lock (exact words may vary).<br />
3. Protect your computer by using an operating system that<br />
requires users to be “au<strong>the</strong>nticated”. This can restrict what<br />
individual users can see and do on <strong>the</strong> computer.<br />
4. Use strong passwords and change <strong>the</strong>m regularly.<br />
5. Back it up: back up your data, and test your backups<br />
regularly. Make sure to back up your email as well.<br />
6. Keep a copy of your data offsite: if you’re not ready to store<br />
information in <strong>the</strong> Cloud, you can use an external hard drive for<br />
data backup. They are portable, inexpensive, and can store a<br />
large volume of data. In fact, buy two.<br />
36<br />
The <strong>Society</strong> Record