Data Security

Today's article focuses on data security from two perspectives: (1) protection against intrusion/theft; and (2) protection against loss.

Protection against intrusion/theft. By now we are all aware of the danger that malware (the general name applied to viruses and spyware) poses to any networked computer. Because of our duty to protect the confidentiality of client information, one particular threat that lawyers should be aware of is the use of trojans and other devices to steal data from host systems.

Your first line of defense should be a good firewall (preferably hardware-based) and antivirus software with current virus definitions, but even these measures cannot guarantee 100% safety against intrusion. Your data security planning should also include good encryption software so that even if your data is compromised, it will be unusable by whoever obtains it.

I tested a number of encryption applications before settling on PMC Ciphers' TurboCrypt suite. TurboCrypt creates an encrypted filespace on your local hard disk, which it mounts as a virtual volume and assigns a drive letter as if it were a separate hard disk. Once you have entered your password and mounted the volume, the data stored in the encrypted file is available for read/write access like any other data on your hard drive, but as soon as you unmount it the data is protected by 2x256 bit DES encryption. Other features include a trace deletion tool to erase evidence of use on a PC like temporary files and record of recently used documents, a file shredder with multiple-pass overwriting, the ability to overwrite free space on a disk with random numbers to prevent recovery of previously deleted programs or data, and email encryption.

TurboCrypt is free to try. The free version will create up to a single 16MB encrypted filespace; for more or larger virtual drives you will need to purchase the Personal Edition ($34.95, up to a single 20GB volume), the Professional Edition ($74.95, up to five 100GB volumes) or Enterprise Edition ($199.95, unlimited volumes up to 2 terabytes).

Other encryption applications: APMSafe's Cypherus, Utimaco Software's SafeGuard, Ultra Information Systems' SealShell, Silent Front's Silent Vault, and WinEncrypt Solutions' CryptArchiver.

Laptop users should consider whole-disk encryption software like Pointsec, PGP Whole Disk Encryption or SecureStar's DriveEncrypt. As the name indicates, whole-disk encryption encodes the whole local volume, requiring a password or token authentication before BIOS will boot the PC's operating system.

Protect your data against loss. Even if the bad guys never get your data, you could still lose everything if the hard disk fails or is destroyed. Any data security plan should include frequent backup and offsite storage.

Online backup satisfies both requirements. As an added benefit, backups can be scheduled automatically through your software since the remote server is always available, and you can access your backups from anywhere you can access the internet. Companies such as Xdrive offer online backup solutions starting at $9.95 a month. Make sure to check out your provider's own backup policies (the method and frequency with which they back up their servers) and the security measures they implement to protect your data.

If online backup is too expensive, you can copy your data to some form of removable media like a tape, CD/DVD, or ZIP disk. Most PCs these days come with a CD or DVD burner and some form of simple disc burning software as standard equipment, or you can upgrade to a commercial application like Roxio's Easy Media Creator or Nero's Nero 7 Suite if you require advanced functionality. If you go this route, make sure to encrypt your data so it cannot be accessed if the media falls into the wrong hands. Also, arrange to have the media stored offsite so it will not be destroyed along with your primary data if a disaster occurs in your office.