How to protect and secure your data and private, sensitive information.

1. 7 Steps You Can Take Now to
Protect Your Data
Posted on 05/09/2016
Unless you’ve been playing ostrich, you’re likely aware that data breaches and ransomware are
about as common as Mom and apple pie. Witness the recent hack of 272 million Gmail,
Microsoft, and Yahoo! accounts.
Fortunately, there are simple steps you can take now that will help protect your
data. [With thanks and all due credit to Lane Powell’s Beyond IP Law post, The Scariest Hack So
Far, for inspiring this elucidation of their original list]:
Step 1: Start Using Encryption
For your desktop, cloud-based accounts, mobile devices – anywhere or any place you store or
transmit confidential or private information. For a thorough discussion of how to implement
encryption throughout your firm, see Encryption Made Simple for Lawyers, now
a book available for purchase on the ABA website. (Non-ABA members in Oregon can save
money at checkout by using the OSB Professional Liability Fund discount code: OSBPLF.)
Step 2: Set Up Two-Factor Authentication for Cloud Services
“The concept of two-factor authentication is that a person cannot access another user’s account
without something she knows and something she has. In the case of popular services (like
Google or Dropbox), the solution is a strong password plus a secondary code that is sent via
text to a smartphone or mobile device.” Catherine Sanders Reach, Set Up Two-Factor
Authentication: What Are You Waiting For? [Read Catherine’s post for step-by-step directions
or search Help in your cloud-based service for assistance in setting up two-factor
authentication.]
Step 3: Erect Firewalls
Firewalls sit between you and the rest of the Internet. They protect unauthorized access to
your computer by ignoring or repelling information that appears to come from unsecured,
unknown, or suspicious locations. The best firewall configuration is a one-two
punch: hardware firewall + software firewall.
Setting up a hardware firewall requires no effort on your part. While you can buy a stand-alone
appliance, hardware firewalls are now automatically incorporated into your router (the box in
your office or house installed by your Internet Service Provider).
Software firewalls are installed on your computer system like any other application, and are
also easy/breezy since they are typically built into anti-virus software. (See discussion that
follows.)

2. Step 4: Install Anti-Virus, Anti-Malware, Anti-Spyware Programs and Keep Them
Updated
This seems pretty explanatory, but let me add some free advice:
 Don’t disable automatic updates to your virus definition database
 Run quick scans when prompted
 Run full scans at least monthly
 Don’t ignore notifications that your software isn’t running properly
For a list of the best anti-virus utilities for PCs, see this list from PC Magazine. For a list of the
best anti-virus utilities for Macs, check out this MacWorld post. For other recommendations,
run a Google search.
My personal opinion: run far, far away from McAfee. [I really don’t give a rip that it is “now
part of Intel Security.”] First, McAfee blocked access to my work VPN (virtual private
network). There was no way to set a rule or create an exception and tech support was
incredibly unhelpful. Second, McAfee is notoriously hard to uninstall. Using Add/Remove
Programs in the Control Panel is only the first step; you must download a separate application
from McAfee to get rid of it. I mention this because McAfee tends to come pre-installed on
laptops or desktops purchased from retailers like Best Buy. What to do? If McAfee was
inflicted on you (pre-installed), get rid of it. Follow the link above for the uninstaller. Next,
buy Kaspersky. I have been very pleased with Kaspersky from day one and it has never
interfered with my VPN connection.
Step 5: Run Operating System and Other Software Updates
This also seems self-explanatory. Mac and Windows OS ship with automatic updates enabled –
don’t fuss with this. If Microsoft or Apple thinks you need a security patch, a fix, or upgrade, let
it run. The same goes for every application installed on your computer: Microsoft Office,
Acrobat DC, Quicken, QuickBooks – let automatic updates run. If you’re not sure whether
automatic updates are enabled, check Help or search the product’s website. Some programs
also allow you to manually search for updates. Acrobat DC is an example. In the menu, select
Help, and choose “Check for Updates…”
Step 6: Be Ready to Kill Your System If You Suspect a Breach
In the original post which inspired me to write on this topic, author Jane E. Brown comments:
“Consider using a “kill switch”— when suspicious events happen, the IT department should
automatically be notified and the network should shut down if no protective measures are
taken.”
I have known of events that required a kill switch. One Oregon lawyer was hacked via a
phishing email. The hacker was able to get enough information from the lawyer and the
lawyer’s system to contact clients by email and request that they input credit card information
to pay their bills. Fortunately, a few clients recognized that this request was outside the
lawyer’s usual billing process and called the office. The lawyer had to pull the kill switch and
take other steps, including freezing bank accounts. This turned out to be a smart move, as
within 24 hours the hacker also attempted to withdraw thousands of dollars from the lawyer’s
trust account.

3. Step 7: Lose Your Device? Lose Your Credentials.
There are some obvious times when it makes sense to reset or revoke user names and
passwords (login credentials):
 At termination
 If a network-connected device is lost
 You experience a security intrusion
 Your security, privacy, or confidential policies are breached
Final Thoughts
None of these steps are difficult, but bouncing back from a security breach is.
[All Rights Reserved 2016 Beverly Michaelis]