By Peter Coons, SVP, Computer Forensics and Collections
Recently it was announced that a number of Yahoo! accounts were compromised. A few weeks ago it was LinkedIn. Is anyone safe? The answer is no. One would think that companies like Yahoo! and LinkedIn have the best and the brightest working for them to protect their customers’ data. The fact is there are some pretty smart hackers out in cyberspace. It’s like Mt. Everest—they hack “because it’s there.” It is a never-ending skirmish between the white hats and the black hats. In the Yahoo! incident the hackers posted online the usernames and passwords to over 400,000 accounts!
If your firm uses online document review tools to access sensitive client data you need to think about security. Yes, you need to think about the provider you are using but the first line of defense is your password.
A CNet article reported that the most popular password posted by the hackers in the Yahoo! incident was 123456 – and there were 2,295 instances.
So if someone has a strong password it can’t be hacked? Not exactly. Look at the LinkedIn and Yahoo! situations. However, it is easier to guess “123456” or “p@ssword” than “34rTYu!!uRew@$rGB”.
Attorneys need only to look to ABA Rule 1.6—Confidentiality of Information that boils down to a simple requirement that attorneys must maintain confidentiality of information relating to a client’s representation. Based on this Rule it can be argued that attorneys have a professional responsibility to use strong passwords for sites that contain client data and/or attorney work product.
You must be thinking that all attorneys know this and of course use strong passwords. A recent investigation of the LinkedIn scandal suggests otherwise.
Go to this site to see if your LinkedIn password was hacked – https://lastpass.com/linkedin/
That is what the writers C&W Security Blawg did and they put in the names of the top 40 law firms. They found that at least one account that was compromised had the following passwords (partial list – full list of findings in link above):
I hope none of these were your passwords!
If you think you might be among those with unsafe passwords, check out this list of tips for creating “safe” passwords.
•Use passwords with eight or more characters.
•Try to include upper and lowercase letters in your passwords.
•Also include numbers and symbols such as &, !, #, @, % when possible.
•Use different passwords for each account.
Better yet use a trick that I like when creating passwords. Use a phrase and then convert it to a password. For example, the phrase “I think my kids are number one” could translate into “IthinkmkR#1”. Is it perfect? No. Is it better than 123456? Yes.