Computer Forensics, Data Recovery and Training
Data RecoveryComputer ForensicsTrainingContact Us
   > Home > Computer Forensics > Publications > Signed, Sealed, Delivered

Signed, Sealed, Delivered

Four Guidelines for Protecting your Confidential Information.

by: Jeffrey Sassinsky
(Published in "The New York Law Journal")

Topics

Introduction

Undeniably, computers are indispensable in the workplace. They complete tasks in a matter of minutes that before their time would have taken days or weeks to complete. They create documents, track finances, and send and receive mail.
Indeed, computers make many tasks much easier, but using them comes with certain responsibilities. This is especially true for those working with confidential or sensitive information.

Hackers have known for years how to exploit the inner workings of an unprotected computer, exposing data not intended for other eyes. And computer forensics technicians have the ability to uncover information that may be helpful during the investigation of a crime or lawsuit.

Unless precautions are taken, it must be assumes that any document, file, e-mail or other item that is created, saved or viewed on a computer can be found and restored. This is true even if the item has been deleted. Techniques also exist to recovery versions of files that were never saved.

Think for a moment of all the documents, files, e-mail and Web pages that have been created, viewed, saved or deleted from you computer. Now image the consequences of these documents being revealed to an opposing attorney or the general public. The result could be disastrous for a client, a case or an entire firm.

One organization very interested in maintaining its security is the Department of Defense. Following a governmental order, the department published a 135-page manual establishing "consistent security policies and practices throughout the government." The manual includes very precise procedures for handling, transmitting, storing and deleting electronic information.

Establishing such strict procedures may be overly restrictive for the average attorney or law firm, but following some basic guidelines can go a long way in protecting confidential and sensitive information.

"Security" is a broad term. For example, protecting data containing military troop movements obviously necessitates the strictest security. But there is probably little concern if grandma's recipe for chocolate chip cookies is leaked to the public. Most scenarios fall somewhere in between.

For attorneys, many security concerns can be addressed through four simple guidelines, which focus on what information may be vulnerable and provide some methods of protecting data. These guidelines also attempt to provide a basic understanding of some of the underlying security principals. These guidelines are based on basic security concepts and by no means provide "air-tight" security defenses.

1. Deleting Data

Information that has been deleted from a computer can often be recovered by someone else.

Even if a file, document or e-mail has been "permanently deleted," techniques and software exist that may be able to restore the original contents. To counter this threat, programs exist to ensure a deleted item is completely eradicated from the computer. When this software is properly used, all but the more expensive and exotic methods of restoring deleted items will fail.

Here is how it works.

Essentially, the protective software changes the way a computer deletes a file. When it is installed and activated, it will physically overwrite all deleted files with other data.

It is like throwing away a paper document. Without the software, the paper is simply tossed into the wastebasket. If somebody wants to "recover" the document, he fishes through the trash until he finds it. But the document is shredded with the protective software, rendering it unreadable. Only expensive and exotic methods can be used to recreate a shredding document.

2. Using Access Security

Access security helps ensure data is available only to its owner and authorized parties.

Unprotected data can be viewed by anyone who receives or uncovers a copy of the information, and there are several methods commonly available to prevent such access.

The first, and often overlooked, method of securing access to information is through "physical security." If someone gains physical access to a computer, they are already halfway to viewing confidential documents and e-mail. A locked door goes a long way to helping secure this data.

One of the most common methods of increasing access security is through passwords. By password protecting a computer or individual files, a barrier is created for intruders.

Password creation is a topic unto itself. However, following a few simple rules should provide greater security.

Never use passwords that could be easy to guess at, such as the name of a spouse, child or pet. And passwords like "password" or "enter" provide no security at all as they are usually the first hackers try.

Intruders have programs that "crack" passwords using a method called "brute force." These programs automatically guess at passwords by entering every word in the dictionary, or combination thereof. Given enough time, they can crack a password based on an actual word.

The best passwords consist of a series of random uppercase and lowercase letters, numbers and symbols, such as '%' or '$.'

And change passwords periodically or anytime it is suspected they may have been compromised. Many firms institute a policy requiring passwords be changed every three to six months. Although some employees may find this aggravating, it really adds to overall security. Remember, the more often a password is changed, the better the security.

Another method to help control data access is by using encryption, which is especially useful for information left "out in the open," such as on servers, floppy disks or laptops. Encryption scrambles the information so only those who possess the corresponding key or password can view it.

3. Sending Data Securely

Files and data become especially vulnerable while being transmitted or e-mailed because the information leaves the relative security of a computer and is passed through public networks to its destination. Take the Internet, for example. When an e-mail is sent over the Internet, it may pass through many computers operated by third parties. It should be assumed that this e-mail could be intercepted and read by anyone.

Again, encryption can help secure information during transmission. To read the contents of an encrypted e-mail, an interested party must defeat the encryption, which can prove nearly impossible.

In some cases, it is best not to send highly confidential or sensitive information over the Internet at all. It may be less convenient, but sending an encrypted disk via snail-mail or special courier is a more secure way of transferring such data.

Unfortunately, taking these secure measures may be for naught because even after a file or e-mail reaches its intended recipient, it is still out of the sender's control. It may be modified or retransmitted (inadvertently or purposely) to unauthorized parties or the general public. So, always convey explicitly to the recipient the sensitivity of the information and hope he or she institutes appropriate security measures, too.

A final word of caution here: watch for typos and errors when sending e-mail. It is safe to say that more than one document has been compromised by simply mistyping or choosing the wrong e-mail address.

4. Ensure Authenticity

Security also applies to information received from a third party. For example, it may be easy for a hacker to send an e-mail that appears to come from a familiar person. Many viruses reproduce themselves this way.

A virus can compromise e-mail address books by sending a message - usually containing the virus - to every person listed within.

Virus protection software and regular virus scans can help prevent this. Some virus programs are tailored to interface automatically with e-mail software. They scan every e-mail before its read and notify if a virus is found.

To ensure whether a document or e-mail truly originated from the indicated sender, electronic "signatures" allow senders to prove their authenticity. Software is easily available to provide this measure of security.

Conclusion

Data security is often misunderstood or overlooked, but should be paramount to attorneys handling confidential information.

One of the best ways to decide how much attention should be paid to security is by considering the consequences of releasing your data to an opposing attorney.

Indeed, there are highly sophisticated procedures and software to provide the highest levels of security, but using a little common sense and following these simple guidelines can greatly improve personal or corporate data security.

Remember, nothing is absolutely secure, but every small step toward protecting data helps.

(This article is reprinted with permission from the August 27, 2002 issue of "The New York Law Journal." ©2002 NLP IP Company. Further duplication without permission is prohibited. All rights reserved.)

Back to Top

How can we help?

Computer Forensics and Computer Investigations are regularly used by attorneys, businesses and law enforcement.

More information?

For more information about Computer Forensics, Computer Investigation or Sassinsky Data Services, LLC, please call or send us an email.

We look forward to hearing from you!

Email: information@sassinsky.com
Phone: (800) 975-6193

Retrieving Data | Attorneys | Business | Law Enforcement
Examples | Email | Deleted Files | Internet History
Publications

Also visit our Mac Data Recovery site www.MacintoshDataRecovery.com

©2010, Sassinsky Data Services, LLC. All Rights Reserved.