Locked Down: Information Security for Lawyers

Locked Down: Information Security for Lawyers

NOOK Book(eBook)

$64.99 $76.00 Save 14% Current price is $64.99, Original price is $76. You Save 14%.
View All Available Formats & Editions
Available on Compatible NOOK Devices and the free NOOK Apps.
Want a NOOK ? Explore Now

Overview

Locked Down: Information Security for Lawyers by Sharon D. Nelson, David G. Ries, John W. Simek

In an age where lawyers frequently conduct business across wireless networks using smartphones and laptops, how can attorneys safeguard client data and confidential information? Locked Down explains the wide variety of information security risks facing law firms and how lawyers can best protect their data from these threats--with any budget.

Product Details

ISBN-13: 9781614383659
Publisher: American Bar Association
Publication date: 05/16/2013
Sold by: Barnes & Noble
Format: NOOK Book
Pages: 319
File size: 1 MB

About the Author

Sharon D. Nelson, Esq., is the President of Sensei Enterprises, Inc., a computer forensics and legal technology firm in Fairfax, Virginia.

David G. Ries is a partner in the Pittsburgh office of Thorp Reed & Armstrong, LLP, where he practices in the areas of environmental, commercial and technology litigation.

John W. Simek is the Vice President of Sensei Enterprises, Inc., in Fairfax, VA.

Table of Contents

Dedication iii

About the Authors xi

Acknowledgments xv

Introduction xvii

Chapter 1 Data Breach Nightmares and How to Prevent Them 1

Can Your Law Firm Be Breached? 1

Need More Convincing? 2

What's New in the Data Breach World? 3

The Bad Rap Law Firms Get on Information Security 7

A Recent Law Firm Data Breach 7

State Laws Protecting Personal Data 8

Spear Phishing-and a Data Breach Avoided 9

A Nasty Law Firm Data Breach 10

Okay, I'm Convinced: What's Next? 10

Secure Passwords: The Rules Have Changed 14

Lawyers and Passwords 15

A Conversation with a Law Firm Security Specialist 18

Chapter 2 Lawyers' Duty to Safeguard Information 21

Ethical Duties Generally 21

Ethical Duties: Electronic Communications 26

Common Law Duties 29

Statutes and Regulations 29

Standards for Competent and Reasonable Measures 32

Conclusion 33

Selected Ethics Opinions: Technology, the Internet and Cloud Computing 33

Chapter 3 Physical Security 35

Introduction 35

Where Is Your Server and Who Has Access to It? 35

Alarm Systems, UPS and Paper 36

Security Assessments 37

Laptops 38

Lost and Stolen Devices 39

Training 41

Guests 41

Incident Response Plans and Disaster Recovery Plans 42

Chapter 4 Information Security Overview 43

Security Standards 44

Security Programs and Policies 45

Inventory and Risk Assessment 48

People 48

Policies and Procedures 50

Technology 51

Managed Security 56

Conclusion 56

Chapter 5 Desktops and Laptops 57

Authentication 58

User Accounts 58

Secure Configuration 58

Security Software 60

Patching 61

Hardware Firewall 63

Encryption 63

Backup 65

Installing Programs 65

Safe Browsing 65

Attachments and Embedded Links 66

Laptops 67

Chapter 6 E-Mail Security 69

Chapter 7 Smartphones and Tablets for Lawyers: Managing and Securing Them 75

Some Statistics 76

Attorneys' Duty to Safeguard Client Information 76

Mobile Security Basics 77

Additional Information 83

Chapter 8 Voice Communications 85

Traditional Telephone Systems 85

VoIP Systems 86

Voice Mail 86

Chapter 9 Portable Devices 89

Chapter 10 Networks: Wired and Wireless 93

Authentication and Access Control 93

Wired Networks 94

Wireless Networks 94

Firewalls/IDS/IPS Devices 97

Routers 99

Switches 100

Secure Configuration and Management 101

Other Considerations 102

Chapter 11 Remote Access 103

Virtual Private Networking 104

Remote Control 104

Remote Node 104

Modems 105

Remote Authentication 106

Chapter 12 Backup and Business Continuity 107

Backup Job Types 107

Backup Media 108

Backup Solutions 109

Business Continuity 110

Chapter 13 Secure Disposal 113

The Issues 114

Solutions 115

Conclusion 118

Chapter 14 Outsourcing and Cloud Computing 119

Outsourcing 119

Cloud Computing 120

The Practical Side of the Cloud 132

Conclusion 134

Information Sources: Professional Responsibility and Cloud Computing 134

Chapter 15 Securing Documents 137

Word 137

Adobe Acrobat 138

Document Management 139

Compound Files 140

Metadata 140

Final Thoughts 142

Chapter 16 Cyberinsurance 143

Introduction 143

How Much Does It Cost? 144

Coverage 145

Chapter 17 The Future of Information Security 149

Laws and Regulations 149

BYOD 149

Passwords 150

Policies and Plans 150

Mobility 150

Cloud Computing 151

Social Media 152

Training 152

Final Words 153

Chapter 18 Additional Resources 155

Short List of Favorite Information Sources 155

Further Resources 155

Security Feeds 156

Security Web Sites 157

OS Feeds 161

People Feeds 162

Cloud 163

Security News Feeds 164

General Feeds 164

Tools 166

Other Resources 169

Appendix A Excerpts from ABA 2011 Legal Technology Survey Report 171

Internet Access 171

Security: Technology Policies 172

Security: Technology Policies 172

Security: Security Tools 173

Security: Security Breaches 173

Security: Security Breaches 174

Security: Viruses/Spyware/Malware 174

Security: Viruses/Spyware/Malware 175

Security: Disaster Recovery and Business Continuity 175

Security: Disaster Recovery and Business Continuity 176

Security: Backup 176

Appendix B Massachusetts Regulations-Personal Information Protection 179

Massachusetts Regulations on Personal Information Protection 179

Appendix C Sensei Enterprises, Inc. Process-Out Checklist 185

Appendix D Selected ABA Model Rules of Professional Conduct 187

Rule 1.1: Competence 187

Rule 1.6: Confidentiality of Information 188

Appendix E Pennsylvania Ethics Opinion-Cloud Computing 195

Appendix F California Ethics Opinion-Confidentiality and Technology 217

Appendix G FTC Safeguards Rule 225

Appendix H Lockdown: Information Security Program Checklist 229

Appendix I Massachusetts Small Business Guide 233

Appendix J OMB Security Requirements for Federal Agencies 239

Appendix K FTC Disposal Rule 251

Appendix L Oregon Ethics Opinion-Metadata 255

Appendix M SANS Institute Glossary of Security Terms 261

Appendix N Updates 303

Index 307

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews