52 RI Bar J., No. 3, Pg. 25 (November, 2003). Information Security for Lawyers: Protecting the Client's Goods.


Rhode Island Bar Journal

Volume 52.

52 RI Bar J., No. 3, Pg. 25 (November, 2003).

Information Security for Lawyers: Protecting the Client's Goods

Information Security for Lawyers: Protecting the Client's GoodsTOBY BROWNPresident, Roberts Brown LLC and Technology Consultant to the Rhode Island Bar Association.In German, the word wenn means both if and when. When we talk about computer security, if and when are too often the same thing. If a security problem is possible, it will eventually occur unless you take active measures to prevent it.

To take a more active role in information security, you need to develop a basic understanding of the technology issues involved. This article is designed to help you do that. Given the special duty lawyers have to protect client information (ala model Rule 1.6), lawyers need to take a very active role in maintaining computer security.

The threats to electronic information are many and growing daily. At the top of the threat list are what I call, Alpha Hackers. These people write sophisticated programs (or scripts) for finding and exploiting security vulnerabilities. Next on the list are thousands of Script Kiddies who take the Alpha produced programs and run them against random Internet addresses to see what they find. The result is that most attacks are random. And as a result, feeling safe by obscurity is a bad approach. And the day may come when you are a target, since a growing threat is organized criminal attacks on data. In this scenario, the attacks are very sophisticated and persistent. So the likelihood that you will receive attacks is very high. As an example, on a given day the Utah State Bar logs around 800 attack attempts.

Two thoughts for you when considering computer security threats: First - threats are very dynamic. Every day new threats and new methods of attack emerge. This state of affairs requires constant vigilance to maintain security. Second - as you review the various security issues, think in terms of policy. You will likely never be a security expert, but you can set and enforce policies that drive good security.

Defining Computer SecurityComputer security has three basic components. The first is physical security. This is the security of the building and rooms where your computers reside. Is the server room door locked? Are there adequate ventilation controls? Are the servers password protected? These are simple issue to address but often overlooked.

Next is human security. This is actually a very significant concern. Humans are...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT