According to the Star Tribune, detailed personal information for 257 people, including social security numbers, was on a laptop stolen about three weeks ago. The laptop belonged to a vendor, Promissor Corp., who apparently does not observe the basic security precaution of encrypting information on portable computers and drives. I bet that would have been cheaper than paying for credit monitoring for 257 people, especially since excellent encryption software like TrueCrypt is free.

PING (Partimage is Not Ghost) is a Linux-based LiveCD for backing up your system by making an image of the hard drive (or smaller partitions, if you have them). In other words, you boot a simplified version of Linux (it doesn’t matter what operating system you normally use on the computer–just pop the CD in the drive and turn the computer on) from the CD drive. It allows you to make an exact copy of any drive or partition on the computer without booting up the operating system on the computer (which can alter the data). It just copies everything to a file that you can store anywhere and that should adequately preserve electronic evidence on a small scale.

Most importantly, it is easy enough to use that you should be able to burn a copy to CD and send it home with your client (with an external hard drive for the image file) so that they can make the hard drive image themselves, which keeps you out of the chain of evidence. (Don’t make this decision without carefully considering the issues and the disadvantages of doing it yourself.)

PING is also a fantastic backup tool. Unlike a regular backup, PING makes a copy of the drive. If you just back up your files and your computer dies, you have to re-install Windows, update it, install all your software, and then restore your files once you are back up and running. With PING, just restore the image to the new hard drive, re-activate Windows, and go. You’ll save hours (or days) of recovery time.

[photo: Chance Agrella]

Adam Engst and Glenn Fleishmann weren’t getting the kind of sales they wanted, so they released their <a href=”http://wireless-starter-kit.com/free_download.html”>great starter guide on wireless networking</a> for free. It is from 2004, but at a glance, most of the information still applies. Particularly useful for attorneys will be the sections on wireless security, both on your own network and on the road.

Great freebie.

Here is the description of the seminar from MCLE:

Tech Tuesday: Computer and Network Security for Lawyers
Presented by Sam Glover; moderated by Peter Berge and Todd Scott

Tuesday, September 18, 2007, 12:00 - 1:00 p.m. CDT
1.0 ethics credit
Tuition: $75

Part of the ongoing “Tech Tuesday” webcast series, streaming the first and third Tuesday of every month.

In this Tech Tuesday installment we will cover the risks to client confidences inherent in the use of computers, databases, and the Internet by lawyers. It will explore the ethical duties to keep client confidences under Rule 1.6 and best practices for securing the digital data which has become central to running a law office.

Presented by Samuel J. Glover, Samuel J. Glover & Assoc., Minneapolis; moderated by Peter H. Berge, Minnesota CLE, St. Paul, and Todd C. Scott, Minnesota Lawyers Mutual, Minneapolis.

Follow this link to register.

Everyone knows that anti-virus software is crucially important to operating a Windows-based computer. Steve Jobs tells us so. In reality, in my experience, you have to be pretty careless to get a virus, or else connected to an open network with a lot of careless people. This isn’t usually the case. I went without anti-virus software for about five years and never found a virus in my yearly check. Most people leave the pre-installed Norton or McAfee on their system without updating it and do just fine.

Have you ever tried removing that pre-installed Norton, though? I just did, after getting tired of how badly it slowed down my computer, and it was a bear. Fortunately, I found out the right way to do it. (Find Norton in Add/Remove Programs, hit Change, and then remove, then download and run the Norton Removal Tool to be sure.)

Instead, I installed the free, unbloated AVG anti-virus software. So far, I am quite pleased. I have added peace of mind knowing that it is keeping updated and keeping my system clean. And it doesn’t take over my computer like Venom, gradually turning it to the dark side.

Another option is the avast! virus cleaner, also free.

(If you can’t tell, I am big into free software, which just makes better sense. If you like free software, please support the makers by donating to the project.)

My office was burglarized over the weekend, a valuable reminder of the need to backup and secure your files, both paper and digital.

All the jerks stole was a few rolls of stamps and my video camera. Expensive for me, to be sure, but nothing particularly disturbing. They didn’t touch my external hard drive that I use for backup (and to store movies for lazy Friday afternoons). Apparently stamps are hot items. The building management may have been negligent, and I hope they will buy me a shiny new video camera before my next depositions.

I was irritated, but largely unfazed due to the fact that my files are well-protected and I have multiple backups. I back up my files daily to my external drive, and my laptop comes with me every night. I backup weekly (or so) to a second, portable external hard drive, so I had a backup just a few days old. All my backups are encrypted, so I wasn’t worried about losing client information.

The only paper files in my office are public information like original pleadings. So although I am quite irritated at having to blow a few hundred dollars on a new video camera when the one I had was perfectly good, it wasn’t nearly as bad as it could have been.

But it is a reminder to back up diligently and make sure your client files are protected, whether paper or digital. You don’t want to have to send a letter to your clients notifying them to look out for identity theft, since you never encrypted your files.

I am giving two seminars in July and August.

On July 10, I will present on “The Paperless Office” via MCLE Webcast from 9-11. Then, on August 15, I will present on going paperless, file security and encryption, and case management software at the Ramsey County Bar Association’s “Technology Tools & Crises: What Small Firms Need to Know” at Hamline University School of Law from 8:30-11:45.

If I have piqued your interest through this blog, you may want to consider attending to get some “nuts and bolts” information about doing the paperless thing, security, and case management software (or the lack thereof).

This is why you need to encrypt your client files.

If the data on that hard drive was encrypted, rather than sitting out there for anyone to see, the headline might have been entirely different. All the thief would be able to see would be a file, partition, or drive full of gobbledygook (that’s a technical term). Encrypt your data.

At the same time, reconsider carefully the data you do hold onto. Do you really need your client’s social security number or driver’s license number? If you do, you had better encrypt that information and keep any paper copies under lock and key. It will take more than a simple log-in password to escape liability in a case like this, I think.

We recently mentioned encryption, but what do you do when it comes time to throw out a hard drive? Wipe it clean. Why go to the trouble? The same reason you should encrypt client data. As a lawyer, your computer is an identity thief’s dream. When you toss a hard drive with readable data on it, you might as well be handing your clients’ bank accounts over to the bad guys.

And remember there is no such thing as deleting files. Getting them back is a small freeware download away.

Fortunately, wiping a hard drive isn’t difficult. I have used Darik’s Boot and Nuke in the past. All you do it burn it to a CD, pop it in the CD drive, turn on your computer, and follow the prompts. Done.

Lifehacker also points to a ZDNet article about Secure Erase, a set of commands that has been embedded in most ATA hard drives since 2001. Get the Freeware Secure Erase Utility to use it.

In the end, Darik’s Boot and Nuke is probably easier and has broader application, but it never hurts to have options.

Attorneys have a lot of data about clients. A lot of this may be no your computer, especially if you have gone paperless to any extent. And hard drives are only as secure as the lock on your office door. Paper can’t be encrypted–another downside to paper–but digital data can.

While I don’t think an attorney’s ethical obligation to protect client data goes further than locking the office door, attorneys who fail to protect client data could very well face liability if their clients’ identities are stolen from a hard drive. Let’s face it, opposing counsel probably isn’t hiring thugs to break into your office, but identity thieves are swiping laptops and buying old computers by the pallet-load at local auctions, looking for personal information. And you can’t necessarily trust your computer repairman, either.

This should be especially worrisome if you carry client data on a laptop, whether in the form of e-mails or actual digital files. Laptops are mobile and easy to steal. And all an identity thief has to do is pop out your hard drive and start looking around.

So, let’s talk encryption.

(more…)