It’s month three in a row of sharing useful tips that I’ve heard at events around the country. I hadn’t planned on it, but if there’s good info on offer, I may as well share it. This month’s tips come from the spring meeting of the Canadian Corporate Counsel Association. On a 30 C April day in Montreal, I sat in on a session about ethical obligations of in-house counsel in a technological world. Here are few random tips gleaned from the session that included Dominic Jaar of KPMG, Bernard Brun of the Desjardins Group, and Langlois Kronstrom Desjardins LLP’s Jean-François De Rico.
Of use to any lawyer or anyone who uses a BlackBerry, in particular, but any device that uses Bluetooth: turn off the Bluetooth or make sure it is password-protected. Basically, the panel pointed out, all phones come set up with default passwords and anyone who is so inclined can not only easily access all the information on your device, but may even be able to go through your BlackBerry to access your company or firm’s exchange server if your Bluetooth is on and unprotected.
You can be sure as they were telling the room this, every single person in there whipped out their BlackBerrys and made the appropriate changes. I am pleased to report my Bluetooth was turned off, so Thomson Reuters’ information was safe!
Of course, password and other security measures were a big part of the discussion. The usual caveats about making sure that once you dispose of computing equipment (and that includes items such as scanners), the hard drives are wiped clean or, better yet, shredded so no private or corporate information can be gleaned from them later on. But in the day-to-day life of your average lawyer, many of whom use and carry around laptops and other portable devices, Jaar says: “If you do nothing else, encrypt your hard drive.”
Password protection is not enough — you need full encryption. As De Rico pointed out, studies show that most data breaches occur from within because of human error and/or negligence. So much like you would make sure that your filing cabinets are always locked and secure, do the same with all your computing devices, on the desk or on the go. Windows 7 now comes with encryption options as default settings, so make use of them.
One caveat on the encryption front from Brun: be sure that your IT department is aware of what’s being encrypted so if someone leaves the company, and especially during litigation, there is still access to their information. This might be a good place to have an encryption policy in place and just one of the many ways IT and legal departments can work together for the betterment of all!
So there are two ways to keep your data safe. May as well start now!