The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
WWW.ILTANET.ORG 31 the average user; they likely have not read a single one of the license agreements. How many apps are being used to share client files because the user doesn't like the firm's offerings? Now we've got smart watches, fitness bracelets and more to add to our list of concerns, as they collect a host of personal biometric data. THE OFFICE, THE HOTEL, THE CLOUD We also have to secure our physical offices. Physical keys have given way to electronic ones that can be programed with added layers of security. Business continuity planning has us dealing with scenarios from terrorists to visits by the Pope. If you haven't done your pandemic planning, you can't check off that box on a new client audit. We've gotten more mobile, taking all our security concerns with us and exponentially adding to them. Ubiquitous "free" Internet access can come at a steep price when you attach to the unsecured hotel or coffee shop Wi-Fi. IT HAS A NAME Security risks can now be called on by many names: Siri, Corta, Alexa. Many people don't realize that voice input goes through the cloud and is processed by corporate computers, not by the phone or device in front of you. That can be an issue, depending on what you're talking about and what the company that has your data does with the information. HIDING IN PLAIN SIGHT At first glance, you wouldn't look at a television, a baby monitor, a thermostat or a Barbie doll as a security risk. Yet when you power up a new smart TV, the minute it has connectivity, it's exploring its environment and phoning home to share the information and update itself. Mattel's newest doll, Hello Barbie, listens to who is talking, processes that information over a Wi-Fi link and responds The Internet of Things (IoTs) is opening up a whole new world. You can get "connected" coffee machines, pet collars, thermostats, diapers and doggie doors. Security is not always the best on high-end expensive computer gear; how good do you think it is on a $69 coffee machine? You might not care if the coffee machine gets hacked, but it could be the foothold a hacker needs to move into your network. ONGOING CARE AND ATTENTION The utopian side of the argument of enhanced technology connectivity points to better and more convenient lives with medical implants and self-driving cars. The dystopian side shows us that a hacked pacemaker or car can kill. It is fairly easy to predict that, particularly as it relates to the IoTs, we're just waiting for a major issue to happen. Of all these potential security threats, I worry most about the people part. Security is everyone's job, and unlike a Popeil rotisserie oven, you can't "set it and forget it." Security requires ongoing care and attention. True comfort with security comes when users are aware and thinking about it. A little paranoia can be a good thing if it prevents someone from clicking on a questionable email link. A good security program begins with user awareness. Without that, all the technology in the world means nothing. Law firm security. It used to be as simple as locking the document in the file cabinet and locking the door behind you. Now you have to think about things like encryption at rest and in transit. As our technology has advanced, so have our security-related issues. Sadly, security always seems to lag behind technology advancements. Where security used to be something that was a relatively isolated part of our lives, now the need for it is all around us. In 2010, Jon-Louis Heimerl wrote a wonderful piece in Seussian style on the Solutionary Minds Blog. He started it: "Would you, could you, protect my data? Protect it now, protect it then, please protect it everywhen. Protect my health and banking stuff, though it can be, will be rough. Policy is done, it's in the can, I am ready, audit man. Use a firewall and antivirus, Listen to experts who says 'hire us'. Set your policy, make your plan, Before it all just hits the fan." How fitting. But what exactly are we worried about these days? DESKS, POCKETS, WRISTS The traditional place to start looking at security is with the PC on your desk and the smartphone in your pocket. Are they secure? Is everything patched to the right level? Is your antivirus working? Are your documents and spreadsheets secure? Is the storage encrypted and the system password-protected? Depending on which survey you read, the average smartphone has 42 to 95 apps on it. How many have been granted access to potentially sensitive contacts, calendar details or other information? You can't ask About the Author Jeffrey Brandt is the Chief Information Officer at Jackson Kelly PLLC and has been the CIO for several top 100 U.S. law firms. He has 30 years of experience in the field of legal automation and has worked on process and workflow management, knowledge management, information governance and security, communities of practice, IT executive coaching and more. Jeffrey is also editor of the popular PinHawk Law Technology Daily Digest, a respected thought leader in the legal technology community and a frequent educational speaker at industry conferences. Contact him at jkbrandt@jacksonkelly.com.