All of the devices that lawyers use today can be lost, and the smaller the device, the more likely it is to be lost. These devices contain enormous amounts of information, much of which is confidential. Reasonable precautions require law firms to recognize the possibility of loss of devices and to develop appropriate policies to reduce the risk of loss. It would be useless to implement sophisticated protection from digital attacks, when the confidentiality of the client can be violated simply by the drop of a pen drive … Which precautions to use with these portable devises then? Simply enough, a firm could prohibit the use of personal devices on firm matters. Lawyer would be required to use only firm flash drives, PDAs, and laptops that have file encryption, that are password protected, and that contain confidentiality notices with instructions for return on the case of the device. Are these steps ethically required? They might not be so, particularly for solo practitioners and small firms where the costs of such steps might be substantial. At a minimum, however, if a lawyer is using a device for both business and professional purposes, the device should be password protected, with a strong password, i.e. one containing both letters, numbers, and at least one character. The more digits, the better of course. I have been told that it takes two minutes to a hacker to discover a four-digit password. It would require two centuries to discover an eight-digit password. One last point: check if your insurance policy covers cyber loss; you might need to buy a separate insurance.
For more information contact Nathan M. Crystal