publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/126361
10 PRACTICAL SECURITY TIPS Ideally, you should encrypt this information before sending it. This can be as simple as creating a word or text file with the credentials and adding the file to a password-protected zip file. If that's not possible, find a way to separate the two pieces of information in different delivery methods. For example, send the user ID via email message and call to share the password. In addition, don't make the password the same for every user, and ensure everyone changes their passwords once they have logged in the first time. 7. DATA ENCRYPTION Encryption is the process of scrambling information into nonsense, so only people with the key to unlock the scramble, or decryption, can understand the content. This is important when protecting sensitive information that moves across the Internet (or other public network) and when storing information on removable media, such as thumb drives, laptops or on your mobile phone. Using encryption to protect sensitive data stored on a server is a great example of appropriate use of encryption. This prevents prying eyes from accessing the data. There are a wide range of encryption products on the market today, so talk with your IT or security staff to see which products your firm supports. 8. FTP SITES Similar to cloud services, there are a number of filetransfer sites that enable moving larger amounts of information between you and your clients. However, as always, when you put your information in the hands of a third party, such as an FTP vendor, it is important to understand the associated risk exposure. Be sure encryption is used on the site and during the transfer process to protect your information while it flows between your office and the client's location. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) — the protocols your Web browser uses to protect sensitive information transmissions — are common. It's also important to understand what happens to the information while it sits at the vendor's location awaiting client pick-up. Encrypting information before it leaves your site, with a method that the client can decrypt once they receive the information, provides the most secure transmission. No one in the middle of the transmission is able to read the information, even if they copy the information as it flows between locations. 9. PASSWORDS No article on security would be complete without mentioning passwords. They are the weakest link in most security programs. Picking strong passwords is discussed endlessly throughout the security industry, and there is good reason for this. Simple things like not reusing your firm passwords — any of them — with your Facebook or Twitter accounts are obvious precautions that go a long way to improving your password security. With the proliferation of mobile devices, we now also have easier access to password management apps. Find one with an interface you like and with reasonably strong encryption. AES256bit, a widely accepted encryption program, is a great starting point. Create a strong passphrase for accessing the app, and start using it to manage and remember your passwords. 10. PHYSICAL SECURITY With our computing devices shrinking in size, they have become easier to leave behind. Laptops are forgotten at airport security lines, smartphones are left at the coffee shop, and devices are stolen outright. All the opportunities to mislay your device that most likely contains a significant amount of sensitive data make the physical security of your device that much more important. NEVER let your device out of your sight! Encrypting the device's storage is another important step. This way, if the device is lost, the contents are useless to most people. Again,