How Secure is your data?
So you think you have it all sorted when you put the password on your laptop. How horrified would you be that with a screwdriver and a few cables I could unscrew your hard drive and access all your files?
Yes really and all without knowing your password or “hacking” your PC.
So what is encryption all about?
This is a way to make your data more secure by placing it in a storage method that cannot be read by humans. The reality is that encryption levels are always increasing as there are the known “black hat” hackers who try to get access to your data for criminal and other purposes. In running your law firm you have a duty to ensure that your data is properly secured and in this day and age this can extend to encrypting your hard drive. (In other words making it like reading a secret code).
There are numerous ways to do this and the first is a method called ”TrueCrypt” and this can be obtained from a site www.truecrypt.org.
FREE monthly newsletter
Wills | Probate | Trusts | Tax | Elderly & Vulnerable Client
- Relevant learning and development opportunities
- News, articles and LawSkills’ services
- Communications which help you find appropriate training in your area
Go to the site and download the program for free at this time, then you can create what are known as “TrueCrypt volumes”, ie. the options are:
- A virtual hard disk which can sit anywhere on your hard drive and, for example, could be used if you needed to protect data going up to DropBox.
- Encryption of a drive such as a removable a USB stick or
- Encrypt the whole of your system disk in which case the computer will not even start up without the password.
The catch is that TrueCrypt does suggest that you use a 20 character password. So you have the usual problem of being able to actually remember the password.
TrueCrypt offers a choice of encryption levels and the recommended level is something called “AES” which is the American Government approved encryption system for encrypting levels up to top secret level. It uses several types of encryption methods to enhance the protection. It is considered that it would take 2 billion years to break this level of encryption.
Therefore if you encrypt your disk you do need to be sure you can recall the password or you will not be able to access your data. Be careful not to commit the classic error of using your date of birth, your partner’s names or family birthdays.
One of the nice things about TrueCrypt is the fact that you can create what is called a hidden TrueCrypt volume. This is effectively a TrueCrypt volume within another TrueCrypt volume which is accessed by using a different password. This is really useful if there is a situation where you are forced to give up the password to your computer as you can give up the password for the main volume and not the hidden one.
This is available from Microsoft on the Ultimate version of and enterprise editions of Vista and Windows 7. This provides by default 128 bit encryption drives and only gives you the option to encrypt the entire drive. So this is clearly less flexible. Also in one mode BitLocker encrypts the disk using an identifier built into the hardware of the PC – this can cause issues with recovering the data if the PC fails.
More information can be found at http://windows.microsoft.com/en-GB/windows7/products/features/bitlocker
The other option is to buy an encrypted drive which might be a USB stick or a hard drive and you can actually change from the original drive in your laptop.
DataLocker (www.DataLockerDrive.com) have a novel device which is an external USB drive with a built-in numeric keypad. Again offering high-level encryption, you have to key in your desired pin-number to be able to access any data on the device. This is probably the simplest option for the technophobe – if a little pricey compared to a standard USB disk.
DataLocker also offer internal drives for your computer which are encrypted. This doesn’t rely on identification from the laptop hardware and therefore may offer a more flexible solution than BitLocker. They also supply a kit to copy your existing data onto the encrypted drive.
Data encryption is becoming increasingly important to meet your Data Protection obligations; however there must be a balance between this and ease of use. There are a number of solutions and this article just highlights a few that may be relevant to small and medium sized practitioners.
The LawSkills Monthly Digest
Subscribe to our comprehensive Monthly Digest for insightful feedback on Wills, Probate, Trusts, Tax and Elderly & Vulnerable client matters
Not complicated to read | Requires no internet searching | Simply an informative pdf emailed to your inbox including practice points & tips
Subscribe now for monthly insightful feedback on key issues.
All for only £120 + VAT per year
(£97.50 for 10+)