Intro to Encryption for Lawyers and Small Firms
By now you've heard these terms: encryption, passcode, cybersecurity. Unless you have a technical background in software engineering, it's all Greek to you.
Unfortunately, that's the kind of world we live in. We're now moving headlong into a future where increasingly more and more people rely on technology that only a very few truly understand. Cybersecurity is no different. The fact of the matter is that you probably need encryption in your office, but you don't know the first place to begin. Here is a very abbreviated guide to getting started.
Let's Start With the Basics
Encryption refers to the process of transforming readable data into something that is unreadable. Perfectly random data would be unreadable, but that's obviously not what we're talking about here. The key to unscrambling encrypted data into readable de-crypted data is the algorithmic cipher. If you have the cipher, you have the means to reading the data. The name of the game is to protect that cipher.
Wave of the Future
Pen and paper attorneys are rapidly going the way of the dodo and Mexican grizzly. In order to survive in today's world, you need to communicate electronically. Unfortunately, this means that lawyers are unwittingly exposing themselves to data attack every time they succumb to the convenience of using a mobile device in a public area. That's why lawyers need to encrypt their devices and data -- but they need help.
Managing Devices
Apparently one of the biggest gaping windows for data breach begins with firm employees carelessly leaving their firm's portable device someplace in public. This wouldn't be such a huge problem if the data and device was encrypted well. By now, we're all very aware of Apple's encryption which has been the bane of the FBI looking to crack into Syed Farook's iPhone. A few more false tries and the iPhone's data goes poof.
Hard Drive Encryption
One of the most effective ways to keep prying eyes off of company data is to opt for full disk encryption. Luckily, a number of major manufacturers already have such encryption built into the hardware of their devices including Seagate and Hitachi. Attorneys using the latest drives from these manufacturers should engage the encryption options and ensure "for your eyes only access" by using a very strong pass-key. This is strong, effective, and easy to employ. Remember, passkeys don't need exclamation points and weird symbols: they need only a certain level of entropy and randomness and you'll be fine.
Software Encryption
A number of desktop programs including Windows have encryption capability but the general opinion is that they're pretty mediocre. So far, it appears that OSX has built-in encryption in file vault, so follow Apple's instructions if you're a Mac user.
Your Network
The best current system to encrypt your wireless network is WPA2 which is the suped up version of WPA. Since we're on the topic of wireless networks, you should really really avoid the temptation of making a confidential communication over a public network unless you are connected through a VPN -- and even then, you should use your own firewall network.
Related Resources:
- Symantec Encryption Solutions (Symantec)
- Are Encryption Backdoors Needed to Fight Terrorism? (FindLaw's Technologist)
- After Anthem Hack, What GCs Should Know About Encryption (FindLaw's Technologist)