Category Archives: IT Security

Is Security A Selling Point? Ask the Post Office

Does knowing how to use encryption and digital signatures when necessary give an advantage in the marketplace? Even 15 years ago some lawyers found this to be the case. With revelations of security breaches and systematic NSA monitoring, lawyers who know how to use encryption and its cousin, digital signatures, even more of a marketing advantage.

In an attempt to adjust to this new reality, the U.S. Postal Service has trademarked multiple encryption-related trade names:

One brand name filed Sept. 6, “United States Postal Service Digital Services,” would consist of, among other things, “tamper-detection capabilities” for safeguarding electronic documents, audio and videos.

A more generic “United States Digital Services” trademark, submitted for consideration on Aug. 16, would include fax transmissions “featuring encryption and decryption.”

The name also would cover “electronic mail services in the field of financial transactions,” which presumably could generate Wall Street sales for an agency that has lost $3.9 billion so far this fiscal year.

The filing proposes verifying the identities of people transmitting information — and, vice versa, confirming intended recipients have received unadulterated information — through a practice called “security printing.” The technique codes identification information on valuable documents and products.

Much more on this important issue later.

User Frustration => Security Weaknesses => Breaches

User friendliness: An overlooked security enhancement. A study shows that frustrated users who circumvent security measures create  half of all security breaches:

As security measures become less user friendly, they also become less effective. Cyber security professionals estimate that almost half (49 percent) of all agency security breaches are caused by a lack of user compliance. …

Not only do end users experience challenges with the applications they use daily, many of the activities they must perform as part of their daily work also cause frustration. The activities that cyber security professionals say are the most likely to cause a security breach are the same activities where end users run into the most frustrating security measures. The top areas for cyber security professionals’ concern and end users’ frustration are surfing the internet, downloading files, accessing networks, and transferring files.

End users say cyber security measures hinder their productivity and as a result admit to breaking protocol. Sixty-six percent of end users believe the security protocols at their agency are burdensome and time-consuming. Sixty-nine percent say at least some portion of their work takes longer than it should due to security measures. Nearly one in five end users can recall an instance where they were unable to complete a work assignment on time because of a security measure. As a result, 31% of end users say they use some kind of security work around at least once a week.

Five Keys to Protecting Your Online Accounts

Dennis Kennedy highlights a blog post by Chris Hoffman entitled “How Attackers Actually ‘Hack Accounts’ Online and How to Protect Yourself.” Hoffman explains five key vulnerabilities and how to avoid them:

  1. Reusing Passwords, Especially Leaked Ones.
  2. Keyloggers.
  3. Social Engineering.
  4. Answering Security Questions.
  5. Email Account and Password Resets.

Lots of good advice here, with the tip on security questions particularly welcome. More on this later.

 

Rethinking Need for Lawyer Encryption

Episode 104 of the  Kennedy-Mighell Report deals with a timely topic: “In Light of NSA Surveillance, Should Lawyers Encrypt?” Dennis Kennedy notes:

Lawyers have struggled with the notion of encryption over the years for historical and practical reasons. We discuss a range of encryption questions and issues, both practical and theoretical. It’s difficult not to feel that lawyers have dropped the ball on encryption and given away an opportunity to be thought leaders on the topic. What do you think about that? We also offer some predictions for the future and I found myself being more optimistic about lawyers’ use of encryption than I had expected to be when we started the podcast.

Recent Entries »