Every legal professional is working on the largest network, the intenet. When you send and receive information across it, you should remember that is going across wire and computers that you don’t control.
Web-based services, commonly referred to as the cloud, should be providing you with a secure, encrypted connection. Lawyers using the cloud have shifted the responsibility for the uptime and support of their technology to others, but retain their accountability for client confidentiality. This is where the duty of supervision becomes tricky, because there are non-lawyers potentially accessing or controlling confidential data. When you put client data into the cloud, know who can access it and what they are doing with it.
I won’t say anything more about the cloud since I literally wrote a book about it.
Virtual private networks
When you are away from your office, you can create a private tunnel between your device and your office. When you are using a Web browser, this is easy to do by making sure you are visiting Web sites that use the secure sockets layer (SSL). It wraps your Web activity with encryption so that someone who is watching the network traffic won’t be able to see the information that you send or receive. You can tell if you are using SSL on any given Web site because the http:// at the beginning of the Web site address changes to https://. Visit your bank online and you’ll notice the change even before your log in.
If you are connecting to your office using anything other than a Web browser, a virtual private network (VPN) can create the same kind of private tunnel between your two devices. Technology companies call them endpoints these days, so you can Google endpoint security to find out about the many software products that are available. In some cases, it is a piece of software in your office that is listening for you to connect. A piece of software on your laptop or smartphone makes the connection and then you start up the actual software you want to use – your case management, accounting, time and billing, or calendar, for example. There are any number of VPN clients available and you may find that your office network router has one built-in.
There are also remote access applications that provide the same function but provide it slightly differently. These use remote desktop (RDP) technology so that you log in to a third-party server and that server connects to your office. The third-party creates the encrypted tunnel, and your office computer displays its desktop to you. You can then work on that computer as if you were sitting in front of it, with the same access to printers and network information that you would have in your office. Like encryption, though, once you have made a remote desktop connection, anyone else who has access to that computer will be able to use the connection as well.
Secure your wireless network
One technology that has become nearly ubiquitous in home offices and small offices is the wireless router. Plug it in to your internet connection and immediately everyone in your house or law firm can access the Internet over “wi fi”. Unfortunately, these devices can be relatively easy to crack with free and easy to access tools. You should ensure that, when you install a wireless access point or router, that you change the default settings to make it secure. This includes:
- changing the SSID, the name of the access point, so that it doesn’t tempt potential crackers to attack it. Often it defaults to the name of the product (“Linksys” for example) and you wouldn’t want to change it to your law firm name. Choose a name that is nondescript and that you can give to staff or clients who need access;
- changing the default administration password, which is usually “admin” and can be found with a quick search on the Web. Your wireless admin password should be as strong as your other passwords are;
- turning on the highest degree of wireless security your access point offers. This will change your access point from an open one, like a coffee shop, to requiring a password before someone can get access. This will discourage people who are just looking for a free connection but will also create a barrier for people who are actively probing your network.
And when you’ve had it for a year or so, see if there is any firmware update. If there isn’t, throw it away and buy a new, current one.