Protecting Yourself from Cybercrime Dangers: Scrub Confidential Client Information on Discarded Equipment
Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. LAWPRO encourages all law firms to make dedicated and ongoing efforts to identify and understand their potential cybercrime vulnerabilities, and to take steps to reduce their exposure to cyber-related dangers. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.
Many of the technology devices used today are essentially disposable. When they get old or break down, they are simply discarded as it is too expensive to upgrade or repair them. As a result, law offices will frequently find themselves discarding older computers and other devices. This is problematic as these devices often have confidential client information on them.
There are risks in donating your old computers to charity or a local school where a classroom of technology-savvy students will be itching to recover your data. Be sure to remove the hard drive from any computer you donate, or make sure the data on the drive has been thoroughly removed (see below).
Third party access to confidential client or firm information can also be an issue if you are sending your electronic equipment outside the office for repair or maintenance. Client information can be in unexpected places. Most modern photocopiers and printers actually have hard drives on board that store copies of the images that go through them. This data can easily be found on, or recovered from, the hard drives on these devices.
Deleted doesn’t mean deleted
It’s a common misconception that deleted files are gone for good.In fact, the deleted files on most devices (e.g., computers, tablets, smartphones, etc.) are easy to recover using widely available forensic recovery tools. Even reformatting or repartitioning a hard drive will not completely destroy all the data on it.
Keep in mind that forensic technology can also be used to restore deleted files on portable media (e.g., CDs, DVDs, USB sticks, SD cards), so you should always use new media when sending data outside your firm.
Physically destroying a hard drive or other device with a hammer is the free and low-tech option. You can also use specialized software that will “scrub” all data from a hard drive so that it is not recoverable. Widely used free tools for this task include CCleaner, Darik’s Boot And Nuke (DBAN), and File Shredder.
Full list of posts in this series:
- Avoid the Dangers of Email
- Lock Down Your Browser and Avoid Surfing Dangers
- Avoid Infections with Antivirus and/or Antimalware Software
- Lock Things Up Using Passwords Properly
- Address Security Vulnerabilities by Installing Operating System and Program Updates
- Keep the Bad Guys Out with a Firewall on Your Internet Connection
- Stump Hackers by Changing Key Default Settings
- Lock Down and Protect Your Data Wherever It Is
- Scrub Confidential Client Information on Discarded Computers
- Be Safer When Using Remote Access and Public Computers
- Secure Your Mobile Devices to Protect the Data on Them
- Harden Your Wireless and Bluetooth Connections and Use Public Wifi with Extreme Caution
- Be Careful About Putting Your Firm Data in the Cloud
- Inside People Can Be The Most Dangerous
- Beware the Dangers of BYOD and the Family Computer
- A Backup Could Save Your Practice After a Cybercrime Incident