The 2016 ABA Techshow was abuzz with talk of law firm breaches, security in the cloud, and protecting confidential client communication and information. An entire track was devoted to Cybersecurity and Privacy and Cindy Cohn, Executive Director of the Electronic Frontier Foundation, shed light on mass surveillance in her keynote address. After putting a scare into everyone in attendance the speakers offered some practical, actionable tips on privacy, security, and encryption.
89% of firms that had a security breach could have prevented it with simple methods. Great speech at #ABATECHSHOW on Legal Technology Trends
— Crosspointe (@CrosspointeCG) March 17, 2016
1. Use a password manager – These days, it’s more about surviving data breaches than avoiding one. Don’t have the same, lame password for all of your accounts. Use a password manager like 1Password or LastPass to create and store strong, different passwords for each account. Passwords should be at least 14 characters.
2. Secure web browsing – Encrypt the web. Use HTTPS Everywhere, a browser extension from the Electronic Frontier Foundation that encrypts your communications with many major websites, making your browsing more secure.
3. Privacy browsers – What you search and browse is always private when you use Epic privacy browser. It looks like Chrome and moves a bit slower because of blocking. Another option is DuckDuckGo, the no-tracking search engine.
4. Use false answers to security questions – It’s easy for someone to find out your mother’s maiden name, the year your father was born, or your pet’s name, to retrieve a “forgotten” password. Create false answers and store them in your password manager.
5. Encrypted telephone conversations and text messages – Use iPhone’s iMessage and FaceTime, Signal, Wickr, or WhatsApp. All audio and video are encrypted. Check out EFF’s Secure Messaging Scorecard to find out which apps and tools actually keep your messages safe from prying eyes.
— Westlaw (@Westlaw) March 19, 2016
— Heidi Alexander (@heidialexander) March 18, 2016
6. Encrypted files in the cloud – Instead of Dropbox, use an encrypted cloud storage system like SpiderOak where your data is private and only readable by you, to store confidential client files.
7. Cover the camera lens on your computer – Your camera can be turned on remotely without the green light alerting you that it’s on. Protect your privacy by covering the lens with a piece of tape. Better yet, use a bandaid to keep your lens free of sticky residue.
8. Use two-factor or multi-factor authentication – This practice combines something you know (your password) with something you have (your device(s)) with something you are (biometrics – your fingerprint, for example). Check out Two Factor Auth (2FA) for websites that accept two-factor authentication.
9. Turn on automatic updates – Software and application updates often contain critical security fixes. Don’t wait to update at a later time. Enable automatic updates.
10. Don’t use public WiFi. Get a VPN – Don’t communicate with clients over public WiFi. It’s not secure. Use a VPN.
What is a VPN? In the simplest terms, a VPN creates a secure, encrypted connection between your computer and the VPN’s server. This tunnel makes you part of the company’s network as if you are physically sitting in the office, hence the name. While connected to the VPN, all your network traffic passes through this protected tunnel, and no one in between can see what you are up to. (Source: The Best VPN Services for 2016.)