June 29, 2006
Stolen Laptops, a Wake-Up Call For Law Firms
I received a letter from Susan A. Davis, Executive Vice President with a division of Wells Fargo, which read as follows:
“Wells Fargo computer equipment containing information about you, including your name, address and social security number, is missing and may have been stolen.” To be fair, Ms Davis added, “The computer has two layers of security, and we have no indication that the information has been accessed or misused.”
Now imagine that instead of Wells Fargo, the missing equipment belonged to one of your law firm’s attorneys.
I asked one of the smart guys at Juris, Inc. for his thoughts on the subject. Barry Lancaster, Senior Director of Client Services at Juris. Inc., spent 15 years at Accenture before joining the Juris team. Accenture is one of the world’s leading global management consulting and technology services companies. A graduate of Vanderbilt University, his experience includes leadership of technology and development teams, business analysts, consultants, and implementation of business process quality initiatives.
According to Lancaster, the recent compromise of veteran information was due to an employee taking data home against policy for work purposes. His computer was stolen from his home, and it contained social security numbers for millions of veterans. Dr. Jacobs, CEO of Qualcomm, had his laptop stolen while giving a presentation at a hotel. The FBI was involved due to the sensitive nature of the data on his laptop.
“The firm’s IT staff should look at methods to password-protect critical data on a laptop in case the laptop is compromised,” Lancaster pointed out. “Firms also need to have a policy concerning what data can reside on a laptop. Employees must be aware when there is secure information on the laptop, it is the employee's responsibility to protect the laptop as if it were their own. In fact, when I worked with Accenture, we signed a statement about our responsibility for our laptop before we were given it. Basically, if we lost it under ‘our watch,’ it was our responsibility to replace it.
“Theft in the office is also an issue,” Lancaster continued. “Laptops are easy to take. Cleaning crews can easily hide a laptop and remove it from the building. Firms should have a policy to use lockdown cables at all times for laptops. It is an inexpensive way to secure not only hardware but the data on the laptop. Desktop PCs are getting smaller and smaller as well. Firms should consider the same policy for the new mini PCs.”
In addition to physical security, there are now new innovative steps you can take to protect data on laptops. One example is the technology offered by a company called Absolute Software.Absolute Software has a suite of security, inventory, and recovery tools made specifically for portable computers. These include solutions that will "call home" when connected to the Internet and can be configured to wipe the hard disk of sensitive information. The same technology can also aid in the recovery of a lost laptop by transmitting a location when it is connected to the Internet.
Solutions like those from Absolute and Lojack would not have prevented the information breach involving the veterans’ data. In that case, the data was not contained on the hard disk of the laptop, but a CD that was in the CD-ROM drive of the laptop. The advancement of portable media, i.e. CD-ROM, DVD, USB drives, etc., has made transporting law firm data easy. With this advancement, there has been a material increase in the risk of sensitive information falling into the wrong hands. To protect against such risk, some USB drives have built-in software that encrypts files. There are also software applications for CD/DVD media (such as that available from GuardianEdge) that will encrypt the data while it's being burned to the CD/DVD.
Lancaster continued, “Law firms work with sensitive data related to their clients. It could be very damaging to the firm if that data was compromised. Managing partners should charge their firm’s in-house or external IT person with the responsibility to develop and propose a strategy for protecting the firm from such damage.”
Morepartnerincome.com is sponsored by Juris, Inc. For information about Juris® products and services for increasing law firm performance and partner income, go to www.Juris.com.
Related posts
Filed under Risk managment by Tom Collins