Home » Small Law » Encryption for Lawyers in Plain English [#ABATECHSHOW Recap]

Encryption for Lawyers in Plain English [#ABATECHSHOW Recap]

Encryption for Lawyers in Plain English

Some 70% of data breaches involve laptops and portable devices.  Ten percent of mobile phones are stolen during their useful life.  In 2013 nearly a million and a half smart phones were lost.

Where lawyers are going increasingly mobile, those statistics make strong case for encryption according to John Simek and David G. Reis.  The two gentlemen co-presented an ABA TECHSHOW session titled Decrypting Encryption – Gaining Competence on Encryption for Your Practice .

Forget iOS or Android the two types of phones are the one you lost and the one you’re going to lose. Any device that is portable is susceptible.

Aside from theft, hacking, snooping or other nefarious activities, whether by bad actors or three letter government agencies, the panelists point to four additional drivers of encryption for attorneys:

  • Model Rule 1.1 (competence) and Rule 1.6 (confidentiality)
  • Common law such as the risk of malpractice
  • Contractual obligations required by a client
  • Statues and regulations such as HIPPA in the case of health care

Encryption in Plain English

What does encryption do?  It is a computer program, or algorithm that “scrambles” files on a device to render them unreadable – unless the user presents a unique “key” which is another piece of software code.  For example, data stored on a phone or removable drive that is encrypted is unreadable and likewise, data that is encrypted before being sent over a network is also unreadable without that key (in the event it is intercepted).

Encryption software can come built into the hardware; or it can be acquired as a separate software package.  The panelist said most attorneys will need assistance to set up – but once set up its “point and click” and relatively easy to use.

Typically data stored is referred to encryption “at rest” and data in motion or being sent over a network is called “in transit.”  Data at rest includes information typically stored on servers, desktops, laptops, tables, portable media and smartphones. Data in motion, or transit, includes information sent over wired, wireless or cellular networks.

Transmitting unencrypted data over a network, the panel said, is akin to sending confidential files by postcard, which clearly can be read along the way.

5 Eclectic but Helpful Tips for IT Security

The speakers covered down on a range of tips throughout the hour long session, which included:

1. Word processing encryption. The speakers noted if you password protect a document in the Microsoft® Word processing program, the contents are encrypted (though they caution it’s “not as strong).

2.  Does everything need to be encrypted?  Probably not according to the panel, but they suggest lawyers “should have the means” if need were to arise.

3. Create strong passwords.  The panelist recommend using 12 or more characters for creating a password (especially for a password manager tool) and ideally mix in capital letters, characters and non-sequential numbers.

4.  Mobile device encryption.  If you use an iOS-based device, the data is automatically encrypted when the screen passcode is used (it’s a default setting). For Android users, you’ll need to configure encryption in settings.  The panel also said to avoid using four digit codes in favor of eight as there are programs specifically designed to break four digit codes (brute force).

5.  Back up you encryption keys. It would be a disaster to encrypt data and then lose the key.  Essentially, the data in that case would be unrecoverable, which is the purpose of encryption.  Be careful to back up your encryption keys.

* * *

Recommended reading:

If you enjoyed this post, you might also like:
6 Tech Buying Tips for Small Law Firms [#ABATECHSHOW Recap]

Photo credit: Flickr, Marjan Krebelj (CC BY 2.0)

Facebook Twitter Pinterest Plusone Linkedin Digg Delicious Reddit Stumbleupon Tumblr Posterous Email Snailmail

About Frank Strong

Frank Strong
Frank Strong is the communications director for the LexisNexis software division located on NC State’s Centennial Campus in Raleigh. In this capacity, he leads communications efforts in support of software products for law practice and law department management and also litigation tools – across large law, small law and corporate counsel segments. With more than 15 years of experience in the high-tech sector, Strong previously served as director of public relations for Vocus, which developed marketing, PR and media monitoring software. He has held multiple roles both in-house with corporations, ranging from startups to global organizations, and has also endured the rigors of billable hours, having completed gigs at PR firms including the top 10 global firm Hill & Knowlton. A veteran of two year-long deployments, Strong has concurrently served in uniform in reserve components of the military for more than 20 years, initially as an enlisted Marine and later as an infantry officer in the Army National Guard. Strong holds a BA in Film and TV production from Worcester State University, an M.A. in Public Communication from American University, and an M.B.A. from Marymount University. He is a PADI-certified Master Scuba Diver and holds a USPA "B" skydiving license.