🔒 Cybersecurity for lawyers

• Don't share user accounts on your computer
• Use a strong password for your computer account
• Enable the firmware password
• Turn on disk encryption
• Take backups regularly and automatically
• Don't trust anyone else's USB sticks
  • Encrypt USB drives before storing data on them
  • Do not take free USB sticks from conferences
  • Do not use USB sticks as give-aways at conferences
  • Do not pick up "lost" USB sticks
• Enable your computer's firewall

A barrister was given a (very small) monetary penalty notice by the Information Commissioner’s Office, because of the way in which she handled client personal data on her computer.

She stored personal data, on her shared home computer, with no encryption, on a generic account, and it was accidentally uploaded to a cloud server.

If you share a computer with someone, have your own, unique user account: you log in with this, and they log in with theirs.

This should hopefully make your life easier, in terms of having things set up the way you like them automatically when you log in, but it should also keep your documents and files separate from any other users: other users should not be able to access or edit or upload your data.

There’s a note of caution with this, and that’s if another user has an administrator account, they may well still be able to do so — so be very careful who has an administrative account on your machine.

If the option is open to you financially, it is safer to have physically separate machines.

Create a strong, but memorable, password for your account.

Here's some guidance on passwords.

Some computers will let you set a separate password for their firmware, which is the initial piece of software which runs when you boot your computer.

Some systems require you to enter this password before every boot, while others only require it if you try to boot from a different device (such as from as USB stick).

Use a different password to your user account, and make it a strong password.

If your computer offers disk encryption, turn it on.

For macOS, this is FileVault. You can turn it on through System Preferences / Security & Privacy / FileVault.

Make a note of the recovery key which it shows you. Keep this securely in your password manager, or on a piece of paper in a safe. Someone who has access to this password can decrypt your drive, and access the files and other content on it.

BitLocker?

Ensure that you are in control of where your data are residing. Not backing up to a cloud service without you realising it.

Even if it is coming from your friend, or a trusted colleague, do you know what security they have on their computer? Do you know what state their anti-virus protection is in?

Get them to transfer you the file some other way, and take precautions when opening it.

If you are going to store information on a USB stick (perhaps as a backup), encrypt the drive before you store the information on it.

That way, if you lose the drive, or it is stolen, the finder or thief cannot access the information on it.

Don't use USB sticks given away at events. If you need a USB stick for something, buy one from a vendor you trust.

USB sticks might seem like good giveaway items at conferences, but it's a bad idea, as it encourages poor security practice. If you want to make files away, host them on your website or some other sharing service, and give out the link.

Nothing found on the ground or in the carpark or “left over” in a meeting room.

Yes, it might suck to feel that you could be a good Samaritan and return someone’s vital information or backup of family photographs, but you have absolutely no idea as to what is on that memory stick, and there’s a chance, perhaps even a strong chance, that it might be an attack.

If your computer has a firewall, switch it on, and only allow access from sources you trust.

You could also restrict outbound traffic, but this is more likely to cause you problems.