Lawyers need to think about operational security—the practice of identifying important information and determining how you will secure it. In order to make those assessments, you need to consider a number of factors:
- Your assets—what is it that you need to be protecting. This is not limited to digital data, so you should consider things like the contents of your hard copy files as well.
- Your potential adversaries—who are your potential threats? This can include opposing parties, corporations, and government entities.
- The likelihood of the threat— a good threat model doesn’t treat every danger as equally likely.
- Security—what efforts are you taking, or will you take, to prevent a breach of your data?
- The consequences—what happens if your security measures fail?
For more information on the factors that go into creating a threat model, see: Operational Security for Lawyers, Part 1: Threat Modeling