15 Steps You Can Take Now to Protect Sensitive Data

The October issue of the Oregon State Bar Bulletin contains a must-read article entitled The Data Dilemma: Law Firms Strive to Strengthen E-Security as Potential Threats Continue to Rise. 

To understand why you should be concerned, read the article.  To take steps now to protect your firm, read John Simek and Sharon Nelson’s sidebar, “E-Security Pros Offer 15 Tips to Help Law Firms Better Protect Sensitive Data” posted as a PDF on the OSB Web site.  Among John and Sharon’s recommendations:

  • Use unique passphrases for each Web site/account/software program   (Passphrases are better than passwords)
  • Properly encrypt laptops, flash drives, and backup media
  • Physically lock up your server
  • Properly vet all cloud service providers
  • Secure Wi-Fi networks
  • Wipe data with Darik’s Boot and Nuke if you donate/dispose of your computer, digital copier, or similar equipment
  • Consider cyber insurance (Your Professional Liability Fund coverage does not protect against data loss).

Read all 15 tips here.

Malware May Be Preinstalled On Your Computer

“For years, users have been blamed when malware infects their computers and repeatedly warned not to open attachments from unknown email senders or download software from dubious sources.  But a major manufacturer now says that malware sometimes is already preinstalled when purchasers first open the packaging of their new computers.”

Holy smokes!  This comes from a post today at the ABA Journal Law News Now.

The story continues:

A Thursday post on the Official Microsoft Blog blames what it calls a “broken” supply chain for infected computers on which malware has been installed, embedded in counterfeit versions of Microsoft’s Windows operating system software.

“A supply chain between a manufacturer and a consumer becomes unsecure when a distributor or reseller receives or sells products from unknown or unauthorized sources,” the post says, explaining that cybercriminals have been able to infiltrate the retail market by offering below-cost, malware-infected products.

“What’s especially disturbing,” the post continues, “is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer.”

So what to do? Certified smart folks will likely have some recommendations.  My first thought?  Have an anti-malware, anti-virus product in hand and ready to install the second you break open the packaging of your new computer.  (You may want more than one!) After installation force an update of the virus/malware/spyware definitions or verify the program has run an update.  Next, run a full scan of your computer.  When you’re done, get on Twitter and follow Peter Porcaro (@PorcaroLaw) who picked up and tweeted this story.  Thank you Peter!

For security tips and software suggestions check out the following: