by Michael Dizon, Lecturer at the Te Piringa – Faculty of Law, University of Waikato
Information security may not be top of mind or a priority for law students since they assume that they are not likely targets of malware and cyber attacks. This is true to a certain extent. Unlike commercial companies and government agencies, students do not possess data or provide products and services that cyber criminals would consider valuable or profitable to attack and gain access to. However, members of the public, including students, can also be affected by malware and security breaches.
Not all cyber attacks focus on specific individuals or entities. As seen in the recent spate of ransomware infections that encrypted data on millions of computers around the world and offered to give back access for a price, anyone can be a victim of a cyber attack. As such, everyone, including law students, should be aware of and practice information security. This is especially true given that lawyers and law firms have increasingly become the targets of cyber attacks by criminals, competitors and governments.
Legal practitioners are a vector for these attacks because they hold confidential, sensitive and valuable information about their clients. Lawyers have information about business strategies, planned projects and deals, contracts, patents, and trade secrets that would be problematic if they fell into the wrong hands. While no one is immune from these attacks, it is advisable for everyone to carry out basic practices and take simple precautions to protect the availability, confidentiality and integrity of their computers and data.
It is good practice to regularly backup your files. For example, if your computer is infected by ransomware, rather than paying the ransom (which computer experts do not recommend you do), you can simply reinstall your data from a known good backup after removing the malware from your system. The threat of a virus or malware infection is not the only reason to backup. Since law students depend so much on digital documents to conduct research and complete their assignments, it is important to backup your files. Just imagine what would happen if you lose your data because of an unexpected or unforeseen computer glitch, error or accident. The consequences could be troublesome given that technical issues are not normally considered a valid excuse for missing an assessment deadline.
It is essential then to backup. One of the most widely accepted approaches for backing up data is the 3-2-1 backup strategy. Following this method, one should have three copies of your data (including the original files on your computer). The three copies should be saved on at least two different media or separate devices. These different media and devices could be an external hard drive, a thumb drive, another computer, or a DVD. Finally, one copy should be stored offsite. This means storing a backup in a place other than where you keep your main backup (e.g., at your parents’ home, in school, or a friend’s house), or saving your files on a cloud or online storage service such as Google Drive, Dropbox, Microsoft OneDrive or Apple iCloud.
Strong and unique passwords
Using strong and unique passwords is crucial since they are the linchpin of the security of most information systems. They are also the primary means for verifying the identity of and authenticating users. Of course, remembering and managing these strong and unique passwords can be difficult. In the past, people were told not to write down their passwords. However, given the sheer number and complexity of passwords that people need to remember, the recommended practice now is to use a password manager to generate and store your passwords. Password managers are readily available and easy to use. Keychain is built into computers running Apple’s MacOS. KeePassX is a free and open source password manager that runs on a variety of operating systems. There are also commercial software such as 1Password and LassPass. These password managers make it convenient to generate, store and use strong and unique passwords.
In addition to backing up and using a password manager, law students should also use encryption. Encryption is the process of converting data into code or gibberish that is unintelligible to unauthorised persons. It is indispensable to turn on or enable encryption to secure your computer and data. Many computers, smartphones and mobile devices today (including those produced by Apple, Microsoft and Google) have encryption built in and on by default. Encryption is useful because even if you lose your computer or mobile phone and unauthorised persons gain access to your data, it is not a problem because the data is unintelligible and useless to them because they do not have the encryption key to decipher it. If you use a strong password, it will take them years and even centuries to guess it.
To encrypt individual files and folders on your computer, you can use a free and open source software called VeraCrypt. Like KeePassX, it runs on Windows, Mac and Linux. There are also a number of commercial encryption programs that are available to choose from. In Windows, there is the built in BitLocker feature for encrypting your files. For MacOS users, you can create an encrypted disk image and store your files there securely.
Encryption is also necessary for safe and secure online surfing or web browsing. Make sure that you have an HTTPS connection when you visit a website. HTTPS is more secure than HTTP because, since the former uses encryption, it is harder for an attacker to intercept or eavesdrop on your online activities and communications.
In summary, backing up your data, using strong passwords, and using encryption are three simple steps to better protect your computers and files. While law students may not be specifically targeted by cyber attacks, it is never too early to develop the habit and properly secure your digital devices and data.