Home page logo

basics logo Security Basics mailing list archives

Re: Law office recommendations?
From: JohnNicholson () aol com
Date: Thu, 20 Feb 2003 11:22:21 -0500

From a philosophical standpoint, there are two problems that you have to face when dealing with law firms.  First, 
speaking as a lawyer, law school, in general, is a refuge for the mathematically challenged, the mechanically 
incompetent and the techincally declined, so lawyers rarely understand the technical details of their computer 
systems. However, there are few people who consider themselves more expert at everything than lawyers. Second, when it 
comes to making infrastructure (e.g., technical) purchases, money spent on computers comes out of partners' pockets, 
so they frequently underspend. 

Other than those problems, the biggest problem that I've seen manifest itself inside a law firm is poor internal access 
control.  Senior lawyers did not grow up in the computer era.  Younger lawyers did, and frequently have superior 
technical skills.  Because the law firm management is made up of senior lawyers, they frequently do not understand how 
to manage sensitive information, and I have seen incidents where very sensitive internal information was exposed to 
"curious" younger lawyers.

I'd second the comment about v-mail passwords. Law firms frequently mandate network and PC password changes, but not 
v-mail. Some lawyers will have the same v-mail password for years.

I'd also suggest looking into the firm's data erasure policy. Many firms lease PCs, and it may not be clear what is 
done with them either before or after the PCs are returned to the lessor.  There could be a LOT of very sensitive 
information on hard drives being sent out for resale. (This one applies to all companies, obviously, but law firms deal 
with an abnormal amount of sensitive info, and, due to the philosophical points above, may not be as good about dealing 
with it as other companies.)

Hope this helps,

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]