Archive for Security

Client File Security

Think about all the documents that exist in a client’s file: court filings, financial affidavits, correspondence to and from clients and opposing counsel, bank records, credit card bills, tax returns, pay stubs, and insurance (car, home, health, life) information.

Occasionally, a client will ask: “How are my documents stored?”

This article is a description of the steps I take to safeguard your private information.

First, a little background on what happens with your private document that you give me:

Court documents – these are the documents that I prepare and that you and/or I sign before they are filed with the clerk of Court electronically. Copies are electronically sent to the opposing party or their lawyer. These documents are scanned when received and shredded at the end of your case. The digital version of the file is retained.

Discovery documents – these are the documents that must be produced so they can be reviewed by the other party or their lawyer. Typically, these documents include bank records, credit card bills, tax returns, pay stubs, and insurance (car, home, health, life) information. Similar information is received from the opposing party. These documents are also scanned when received and shredded at the end of your case. Of course, I’d be happy to return your discovery documents to you at the end of you case.

So, how do I protect the digital versions of your private information?

First, I encrypt the hard drive of the computer that I use for running my law firm. I use FileVault (a program built in the Mac operating system). If my computer is stolen, all data on the hard drive is inaccessible to the thief without the encryption key. You data is just as safe as any of my own personal information on the hard drive. The thieves may have my computer, but your data is locked inside and they don’t have a key.

The thieves could try to automate the guessing of the encryption key. Even if they had a computer that could guess 4 billion passwords per second, it would take 12 trillion years, on average, to guess the correct 16 (or fewer) character password! How secure are your passwords?

Second, the hard drive inside my computer is backed up to the online service BackBlaze. So, if my hard drive fails or is stolen, all data can be retrieved from the back up. The BackBlaze program encrypts all data with an encryption key before it is transmitted from my computer over a secure SSL (https) connection to their system. The data is stored in encrypted form. In theory, since BackBlaze has the encryption key, they could view your data. However, I have elected to use an additional security feature that they offer by encrypting their key with a phrase that I choose. That way, they cannot ever view your data.

Third, your documents are accessible on my various devices via Dropbox. They are never stored on these devices, but can be viewed and edited since all the files are synced via DropBox. So, your documents exist on my computer and on the Dropbox servers. Dropbox encrypts your data as it it in transit and when it is on their servers. They hold the encryption key.

Fourth, I remove the ability of Dropbox to view the contents of your files. To do this, I run the program BoxCryptor on my computer. Essentially, it encrypts the contents of my Dropbox folder and creates another folder on my computer where I can access the unencrypted versions of client files. This allows me to protect client documents both on my computer and in the cloud. Dropbox can see only that a specific file exists, they can’t open and view the contents of the file. Additionally, without the BoxCryptor program running, you could be sitting at my computer and not be able to view or open client files because they would be encrypted.

Fifth, BackBlaze and Dropbox both use an additional layer of security called two-factor authentication. In BackBlaze, a code is sent to my phone when I log into their system. Even if a thief has my computer, and my BackBlaze password, they will not be able to access the data stored with BackBlaze without the code from my phone. Dropbox sends a similar a code whenever a login is attempted from an unauthorized computer or mobile device.

Lastly, I also backup my computer’s hard drive to an external hard drive. The data on this drive is also encrypted. Only I have the encryption key so the data on the drive would be inaccessible to a thief.

Please know that I take the security of your personal information very seriously. If you have any questions about your documents or my security procedures, please feel free to call the office or use the contact form on this website.

(This article was originally posted at )

Passwords & Security

My mother used to keep her many (50+) passwords written on a Manila envelope in a drawer next to her PC. As an upgrade to her Internet security, she bought the password logbook pictured here.

As I chuckled at her purchase, she wanted to know what I used to remember passwords. I began telling about my software solution, 1Password by Agilebits.

Her complaints about a software solution:

1. Does not want to have to create a unique password for each site.
2. Does not want to copy and paste usernames and password for each site she visits.
3. Does not want to enter all the login info on each of her devices.

Of course, I told her that all of her concerns had been solved with the creation of 1Password. The passwords can be generated by the program. Also, you can designate how many letters, numbers, or special characters are included in the password.

Next, I told her that if you save the URL of a site in 1 Password, it will suggest the login information when you visit the site. 1Password will auto fill the login information and submit it for validation. “What could be easier,?” I asked.

Lastly, and my personal favorite feature, 1Password can be synced across multiple devices and multiple platforms to keep all your login info on all her devices – PC, iPhone, and iPad. All passwords are saved in an encrypted file by the program. This file can be synced across devices with iCloud, Dropbox, or many other cloud storage sites.

And for all of this she only needs to remember one password.