JDPFu.com 2025

INAL, but as an enterprise architect, here are a few key things I can think of that law offices need to add to their existing network and computer security practices.

• Truecrypt – encryption is critical. Use it on all laptops and any data transferred off site.
• par2 – parity to ensure the data isn’t corrupted. If it is important enough to write to a CDR or DVD, then it is important enough to include 10% parity files.
• Encrypt all backups at the time of backup.
• Don’t store data off-site unless it has strong encryption and the service provider doesn’t have access to the keys.
• RAID-10 – For critical data, it isn’t worth anything less. That includes backups.
• Physical security for your data and backups. Lock the server room and lock the rack access to servers and storage.
• Consider partnering with another law office to hold each others backup data securely, assuming you don’t have multiple locations 50+ miles apart.
• ssh with keys (not passwords) for file transfer of all data between the 2 locations.
• VPN for all remote access. No exceptions.
• No Wifi in the office. No exceptions. Use a cable. If wifi is mandatory, so is using the VPN when you are on it.
• Setup and use HTTPS protected web access for legal document transfers with clients. Don’t email them unless you and they setup GPG or PGP encryption. Your clients will appreciate this level of paranoia. Also, it is the only way to ensure they don’t accidentally transmit sensitive data via an open, unencrypted email by accident if all documents have to be uploaded.
• Only use Blackberry remote email devices due to security concerns and require a complex password and auto lockout. Avoid iPhone, WM6x, Google Android, and smart phones as the security of those devices is harder to enforce and maintain. If the lawyers are serious about security, deploy a BES, Blackberry Enterprise Server, so there’s no question about policy control and enforcement. Avoid Android like it is THE PLAGUE if you care about privacy.
• Keep all systems that access your network patched. Be aggressive about anti-virus use. There are routers/switches that verify compliance every time a device is connected. These may be a good option in offices with 100 or fewer devices. They also VLAN off unapproved devices from the rest of your network.
• Thinking about using Cloud Computing? See what Seyfarth Shaw Law Firm says. about the risks.

We’ve all worked with lawyers and have seen some items that perhaps could be improved. Wouldn’t you rather have a paranoid lawyer over an uninformed-about-security one?