Small Steps to Reduce Chances of a Data Debacle
More than half of all in house counsel cite data security as their top concern, according to Inside Counsel. It's not a wonder that lawyers are freaking out - with the increase in online everything and move towards cloud computing, data breaches are seemingly an everyday occurrence.
Inside Counsel cites hackers' breaching of 63 PIN pads at Barnes & Noble stores late last year, leading to discontinuance of the use of PIN pads in 700 stores and even worse, a major PR hit.
When data breaches occur, most states require notification to every possibly affected consumer. Sometimes, companies are forced to foot the bill for remedial measures, such as paying for credit monitoring. Tack on the lost business, goodwill, and trust, and a few hacked machines could mean more than compromised PIN numbers.
Recognizing the problem is only the first step. The real question is, what should your company do about it?
Password Policies
The simplest answer is the most obvious: protect your passwords. Simple steps include requiring your employees to change their passwords every 90 days, reminding employees not to share their passwords with others, and requiring strong passwords.
What's a strong password? It should contain numbers, letters, and if your software supports it, special characters (i.e. !@#$%^&). The worst passwords are found in the dictionary. These can be cracked by a technique called "brute force" which runs a program that works its way through every word in the dictionary. Time consuming? Possibly. Effective? Definitely.
Encryption
If a password is the key to the front door, encryption is like having a security guard next to every byte of data. Encryption essentially scrambles every bit of data according to a code. Only someone with the key can access the data. The effectiveness of encryption depends on the complexity of the code and can vary from mildly difficult to nearly impossible.
The most complex forms of encryption are controversial, according to Tech Target. While they make data breaches nearly impossible, certain governments are not too excited by the concept. Not only is the data safe from hackers but it's safe from federal investigations into criminal activities, the most worrisome being investigations into terrorism.
Why You Care
Data security can be a bit overwhelming. Most lawyers are familiar with passwords and the basic use of a computer. Terms like encryption and brute force password breaking are foreign geek speak. However, it might just be time to start hitting the books (or blogs) - an ounce of prevention is worth cheaper than a pound of lawsuits.
Related Resources:
- Trouble In Password Paradise (FindLaw's Technologist)
- LinkedIn Lawsuit Over Stolen Passwords (FindLaw's Courtside)
- eHarmony, LinkedIn Hacked: Millions of Passwords Leaked in Breach (FindLaw's Common Law)