Archive for March 11, 2016

Client File Security

Think about all the documents that exist in a client’s file: court filings, financial affidavits, correspondence to and from clients and opposing counsel, bank records, credit card bills, tax returns, pay stubs, and insurance (car, home, health, life) information.

Occasionally, a client will ask: “How are my documents stored?”

This article is a description of the steps I take to safeguard your private information.

First, a little background on what happens with your private document that you give me:

Court documents – these are the documents that I prepare and that you and/or I sign before they are filed with the clerk of Court electronically. Copies are electronically sent to the opposing party or their lawyer. These documents are scanned when received and shredded at the end of your case. The digital version of the file is retained.

Discovery documents – these are the documents that must be produced so they can be reviewed by the other party or their lawyer. Typically, these documents include bank records, credit card bills, tax returns, pay stubs, and insurance (car, home, health, life) information. Similar information is received from the opposing party. These documents are also scanned when received and shredded at the end of your case. Of course, I’d be happy to return your discovery documents to you at the end of you case.

So, how do I protect the digital versions of your private information?

First, I encrypt the hard drive of the computer that I use for running my law firm. I use FileVault (a program built in the Mac operating system). If my computer is stolen, all data on the hard drive is inaccessible to the thief without the encryption key. You data is just as safe as any of my own personal information on the hard drive. The thieves may have my computer, but your data is locked inside and they don’t have a key.

The thieves could try to automate the guessing of the encryption key. Even if they had a computer that could guess 4 billion passwords per second, it would take 12 trillion years, on average, to guess the correct 16 (or fewer) character password! How secure are your passwords?

Second, the hard drive inside my computer is backed up to the online service BackBlaze. So, if my hard drive fails or is stolen, all data can be retrieved from the back up. The BackBlaze program encrypts all data with an encryption key before it is transmitted from my computer over a secure SSL (https) connection to their system. The data is stored in encrypted form. In theory, since BackBlaze has the encryption key, they could view your data. However, I have elected to use an additional security feature that they offer by encrypting their key with a phrase that I choose. That way, they cannot ever view your data.

Third, your documents are accessible on my various devices via Dropbox. They are never stored on these devices, but can be viewed and edited since all the files are synced via DropBox. So, your documents exist on my computer and on the Dropbox servers. Dropbox encrypts your data as it it in transit and when it is on their servers. They hold the encryption key.

Fourth, I remove the ability of Dropbox to view the contents of your files. To do this, I run the program BoxCryptor on my computer. Essentially, it encrypts the contents of my Dropbox folder and creates another folder on my computer where I can access the unencrypted versions of client files. This allows me to protect client documents both on my computer and in the cloud. Dropbox can see only that a specific file exists, they can’t open and view the contents of the file. Additionally, without the BoxCryptor program running, you could be sitting at my computer and not be able to view or open client files because they would be encrypted.

Fifth, BackBlaze and Dropbox both use an additional layer of security called two-factor authentication. In BackBlaze, a code is sent to my phone when I log into their system. Even if a thief has my computer, and my BackBlaze password, they will not be able to access the data stored with BackBlaze without the code from my phone. Dropbox sends a similar a code whenever a login is attempted from an unauthorized computer or mobile device.

Lastly, I also backup my computer’s hard drive to an external hard drive. The data on this drive is also encrypted. Only I have the encryption key so the data on the drive would be inaccessible to a thief.

Please know that I take the security of your personal information very seriously. If you have any questions about your documents or my security procedures, please feel free to call the office or use the contact form on this website.

(This article was originally posted at http://www.jimmullaney.com/client-file-security/ )