🔒 Cybersecurity for lawyers

User Tools

Site Tools

Trace:
securing_your_computer

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
securing_your_computer [2019/08/09 11:47] neilsecuring_your_computer [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 =====Securing your computer ===== =====Securing your computer =====
 +
 +A barrister was given a (very small) [[https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/03/fine-for-lawyer-who-stored-client-files-on-home-computer/#|monetary penalty notice by the Information Commissioner’s Office]], because of the way in which she handled client personal data on her computer.
 +
 +She stored personal data, on her shared home computer, with no encryption, on a generic account, and it was accidentally uploaded to a cloud server.
  
 ====Key points: ==== ====Key points: ====
Line 6: Line 10:
   *[[#Enable the firmware password|Enable the firmware password]]   *[[#Enable the firmware password|Enable the firmware password]]
   *[[#Turn on disk encryption|Turn on disk encryption]]   *[[#Turn on disk encryption|Turn on disk encryption]]
 +  *[[#Don't use an administrator account|Don't use an administrator account]]
   *[[#Take backups regularly and automatically|Take backups regularly and automatically]]   *[[#Take backups regularly and automatically|Take backups regularly and automatically]]
-  * [[#Encrypt USB drives before storing data on them|Encrypt USB drives before storing data on them]] 
-  *[[#Don't trust anyone else's USB sticks|Don't trust anyone else's USB sticks]] 
-    *[[#Do not take free USB sticks from conferences|Do not take free USB sticks from conferences]] 
-    *[[#Do not use USB sticks as give-aways at conferences|Do not use USB sticks as give-aways at conferences]] 
-    *[[#Do not pick up "lost" USB sticks|Do not pick up "lost" USB sticks]] 
   *[[#Enable your computer's firewall|Enable your computer's firewall]]   *[[#Enable your computer's firewall|Enable your computer's firewall]]
- 
-A barrister was given a (very small) [[https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/03/fine-for-lawyer-who-stored-client-files-on-home-computer/#|monetary penalty notice by the Information Commissioner’s Office]], because of the way in which she handled client personal data on her computer. 
- 
-She stored personal data, on her shared home computer, with no encryption, on a generic account, and it was accidentally uploaded to a cloud server. 
  
 ====Don't share user accounts on your computer==== ====Don't share user accounts on your computer====
Line 26: Line 22:
  
 If the option is open to you financially, it is safer to have physically separate machines. If the option is open to you financially, it is safer to have physically separate machines.
 +
 +====Don't use an administrator account====
 +
 +Make your everyday user account one without administrator privileges.
 +
 +This may mean you need to jump through some extra hoops to install software, but it mitigates the risk of malware.
 +
 +Increase your privileges only when you need them (for example, to install software).
  
 ====Use a strong password for your computer account==== ====Use a strong password for your computer account====
Line 39: Line 43:
  
 Use a different password to your user account, and make it a [[passwords|strong password]]. Use a different password to your user account, and make it a [[passwords|strong password]].
 +
 +[[https://support.apple.com/en-us/HT204455|Apple's instructions for macOS]]
  
 ====Turn on disk encryption==== ====Turn on disk encryption====
Line 56: Line 62:
  
 ====Take backups regularly and automatically==== ====Take backups regularly and automatically====
-Ensure that you are in control of where your data are residingNot backing up to a cloud service without you realising it. +[[backups|Here]].
- +
-====Encrypt USB drives before storing data on them ==== +
-If you are going to store information on a USB stick (perhaps as a backup), encrypt the drive before you store the information on it. +
- +
-That way, if you lose the drive, or it is stolen, the finder or thief cannot access the information on it. +
- +
- +
-====Don't trust anyone else's USB sticks==== +
- +
-Even if it is coming from your friend, or a trusted colleague, do you know what security they have on their computer? Do you know what state their anti-virus protection is in? +
- +
-Get them to transfer you the file some other way, and take precautions when opening it. +
- +
- +
- +
-===Do not take free USB sticks from conferences=== +
- +
-Don't use USB sticks given away at events. If you need a USB stick for something, buy one from a vendor you trust. +
- +
-===Do not use USB sticks as give-aways at conferences === +
- +
-USB sticks might seem like good giveaway items at conferences, but it's a bad idea, as it encourages poor security practice. If you want to make files away, host them on your website or some other sharing service, and give out the link. +
- +
- +
-=== Do not pick up "lost" USB sticks === +
- +
-Nothing found on the ground or in the carpark or “left over” in a meeting room. +
- +
-Yes, it might suck to feel that you could be a good Samaritan and return someone’s vital information or backup of family photographs, but you have absolutely no idea as to what is on that memory stick, and there’s a chance, perhaps even a strong chance, that it might be an attack. +
  
 ====Enable your computer's firewall ==== ====Enable your computer's firewall ====
securing_your_computer.1565351224.txt.gz · Last modified: 2021/07/06 09:26 (external edit)