Computer and Network Security Issues. REMINDERS OFFICE HOURS WEBMAIL DBx2 Don’t wait to post on DB...
-
Upload
donna-oconnor -
Category
Documents
-
view
215 -
download
1
Transcript of Computer and Network Security Issues. REMINDERS OFFICE HOURS WEBMAIL DBx2 Don’t wait to post on DB...
Computer and Network Security Issues
REMINDERSOFFICE HOURSWEBMAILDBx2Don’t wait to post on DB if you are struggling
Unit ObjectivesDiscuss with others the different types of
computer systems used in a law office; andDescribe the components in a computer
network and the security issues in using a network in a law office.
What is a Computer System?A "computer system" is a combination of
hardware and software needed to create a complete working computer.
A "computer system" is not the same as an "operating system."
Input; Output;Storage
Your Computer
monitor
keyboard
case
CD RW/DVD
Printer/Fax/Scanner
mouse
Inside the case . . .
Image copied from: http://resources.kaboose.com/brain/comp-les2.html
CPU = brains
RAM = working memory
storage
Why is Information Security Important?Legal professionals and clients depend on
computers and technology to communicate about their cases
Because of this, law offices, courts, and clients depend upon computers to keep cases moving along
It’s vital that the information that is disseminated via the computer remains as secure as possible so that client confidences and not revealed
Network ComputersA single computer alone faces security issues only for
that computerHowever, when a computer is on a network, a breach
of security on one of the computers can affect other computers on the network
Limiting access to the network can help to ensure that the system and files stored on it are not corrupted
Security ProtocolsThe term “security protocols” refers to
securing communications between points within a computer network and across the Internet.
There are software programs that can limit the ability to access a file server, workstations, printers, etc. that are on the network.
Network Rights and PrivilegesHow can the right to access the server and
other devices be limited to maximize security?
First, who has access can be indicated. Network administrators have the most rights.
Second, it can be designated just what type of information can be stored on the server.
Third, how the information is disseminated can also be restricted.
PasswordsRestricting network access by requiring
passwords can add securityWriting down your passwords can increase
risk of unauthorized useVPN – Virtual Private Network, a secure
connection to a secure network, such as the office network. This acts as a tunnel to the secure network.
What about “thumbprint devices” and “retinal scans?”
HackingUnauthorized access to computer networks in
order to obtain information stored on the network or undermine how the network operates (viruses)
This can happen when someone on the network surfs the web
Liability can result when unauthorized material is stored on the network
FirewallsFirewalls serve to limit access to a computer
or a system by those outside the computer or system with unauthorized access
But sometimes firewalls can prevent you from accessing some information that you need or working from an offsite location
Antivirus Plus Firewall Example (FREE)
VirusesPrograms that destroy or compromise the
running of computer programs and operating systems are known as computer viruses
Antivirus programs work to prevent viruses from attacking a computer beforehand
Some viruses can cause a computer to be completely ruined or can slow a computer’s speed
Antivirus Example
Preventing Downloading VirusesBe careful when opening attachments on
email. If the source is unknown, you may not want to open or download that.
Update your antivirus software frequently. Most are set to expire or have automatic updates to remind you.
Windows Updates
Backing Up DataOne of the most important things to
remember to do is to back up your work while you are working and when you are done.
USB sticks are great for storing data, but many computers also have an internal recovery system that works well too.
Data Breaches Mean More Than Bad Publicity The following discussion comes from an article
by Jim Walden – as found on www.law.com. “Over the last several years, corporate data
breaches have been regularly splashed across the front pages of the nation's newspapers, causing nightmares for corporate executives. Ever-increasing digitization in areas such as business, banking and accounting has led multinationals to collect and retain inestimable quantities of personal information about employees, customers and counterparties.”
Data BreachesThe negligent (or even innocent) loss of
electronic data to cybercriminals inflicts billions of dollars of damage on our economy, as personal information has become a sought-after treasure trove for cybercriminals. These costs are likely to escalate as, in an increasing trend, corporations are also being pummeled with civil litigation related to data breaches.
Hannaford Brothers Co. The recently announced data breach at grocer
Hannaford Brothers Co. illustrates the trend. On March 17, 2008, Hannaford announced that cyberbandits had breached its system, obtaining access to personal-financial information of nearly 4.2 million customers. Just three days after the announcement, plaintiffs' lawyers filed four class actions against Hannaford. Since then, lawyers have filed an additional 12 complaints, requiring Hannaford to defend litigation from Florida to Maine.
TJX TJX, a retailer that operates T.J. Maxx and
Marshall's stores, faced a federal investigation and an onslaught of follow-on civil litigation after announcing a breach widely reported as the largest data-security breach in U.S. history where computer "hackers" stole at least 45.7 million credit and debit records.
Data Breaches Although data breaches can occur in a wide variety of
ways -- from lost or stolen employee laptops to hacked computer networks -- most companies face a similar array of implications following discovery of a breach. As an initial and immediate matter, a thorough forensic investigation is critical to ascertain the scope and nature of the data breach. According to a recent study from Verizon Business,
more electronic records were breached in 2008 than in the previous four years combined with 9 out of 10 breaches being avoidable if simple security measures had been followed. http://newscenter.verizon.com/press-releases/verizon/2009/verizon-business-2009-data.html
WHAT WOULD YOU DO IF YOU DISCOVERED A BREACH IN YOUR FIRM’S SECURITY? For example, as an initial and immediate matter, a
thorough forensic investigation is critical to ascertain the scope and nature of the data breach.
Civil Lawsuits Corporations suffering data breaches are also
routinely contending with follow-on civil suits -- private, often class, actions seeking damages for the potential economic losses and emotional distress allegedly caused by the potential misuse of the disclosed personal information. Increasingly, these suits are filed soon after the data breach is publicly announced -- much like "stock drop" securities class actions -- thereby adding negative publicity and causing further distractions.
Randolph v. ING Life Ins. In the recent case of Randolph v. ING Life Insurance & Annuity
Co., plaintiffs brought a consumer class action in District of Columbia federal court for invasion of privacy, gross negligence and negligence against ING following an announcement of the theft of an employee laptop from that employee's home containing the personal information of 13,000 government workers and retirees.
Plaintiffs argued, inter alia, that the theft exposed them to "substantial risk of identity theft," and that as a "direct and proximate result," they "have been exposed to a risk of substantial harm and inconvenience, and have incurred or will incur actual damages in purchasing comprehensive credit reports and monitoring of their identity and credit for the definite future."
None of the plaintiffs asserted that they had actually been the victim of any identity theft.
Company succeeded on a motion to dismiss, arguing that plaintiffs lacked standing to sue because they proved no actual damages and, thus, no "recognized injury."
Randolph v. ING Life Ins. The company succeeded on a motion to dismiss,
arguing that plaintiffs lacked standing to sue because they proved no actual damages and, thus, no "recognized injury.“ The court agreed, citing a long line of "lost data" cases in which courts held that "an allegation of increased risk of identity theft due to lost or stolen personal data, without more, is insufficient to demonstrate a cognizable injury.“ Thus, plaintiffs failed to demonstrate the "injury in fact" necessary for the constitutional requirement of Article III standing. Moreover, the court also recognized that credit monitoring services, even if the plaintiffs were to have actually alleged payment for such services, cannot constitute actual injury.
Guin v. Brazos Guin v. Brazos Higher Education Service Corporation Inc.
had a similar result. Plaintiff brought a negligence suit against Brazos after it announced the theft of a laptop containing personal information for 550,000 customers. Granting summary judgment in favor of Brazos, the court held that Brazos had no duty of protection (under the Gramm-Leach-Bliley Act),that Brazos acted with reasonable care in handling the information and that Brazos's inability to foresee and deter the specific theft was not a breach of a duty of reasonable care. Because neither of plaintiff's identity nor personal information was used in any fraud, the court also ruled that the absence of damages was likewise fatal to plaintiff's claim. Consequently, the court dismissed the case with prejudice.
State LawsState laws also help to guide how to proceed
once a security breach has occurred.For a listing of every state’s laws on this
subject, go to http://www.consumersunion.org/campaigns/Breach_laws_May05.pdf
What do you think?What did you find in the news about
information security?
Preview Next Week’s AssignmentPropose Guidelines for Ensuring Security in a Sole
Practice or Small Firm Imagine you are a newly-hired paralegal working for attorney in a sole practice. Similar to the paralegal discussed in the eBook, your attorney relies on you to manage the technology of the office. Based on your Web research and what you learned from the Discussion Board, develop a set of guidelines for ensuring security in your office. Create a table in Word to organize your thoughts. Include in one section concerns -- what the security issues might be -- and in the other suggestions for ensuring security. Highlight the heading in yellow.
Preview Next Week’s AssignmentTo create a table in Word,
click on Insert, Table, Insert Table, and Change the number of columns to 3, and put as many rows that you will need.
If you need to later add or remove rows, right click and either add or delete the row.
To highlight the heading, highlight the entire row, click on Design, Shading, and then select the color.
TableConcerns Security Issues Suggestions
What do you think?What did you find in the news about
information security?
DB – Two Questions This WeekQuestion One - Different Types of Computer Systems
Perform some Web research on the different types of computer systems available. You will likely find a lot of information on home computer systems, but look specifically for information on office computer systems.
Hint: You may also want to read the section titled “Operating Systems,” located on pages 62-64 in your eBook.
Based on what you learn from your research and the eBook reading, compare and contrast the different types of computer systems.
Post a summary of your findings to the Discussion Board, including citations or the URLs of where you found your information.
Review your classmates’ summaries as well. How did their research and findings compare to what you were able to uncover?
DB – Question 2• QUESTION TWO - Network Security: Network
security is a concern for every one of us. Reports of security breaches and of stolen personal information are in the news all the time, whether it be a hotel, school, or credit card company that has had its networks breached. Share your thoughts and findings with the class on the Discussion Board. Review and respond to at least two of your classmates' posts as well.
Perform some Web research to learn more about this hot topic. For example, this article discusses the new security threats in Web 2.0: http://www.technewsworld.com/story/58854.html.
What steps do you have to take in order to establish administrator access on a computer?
How do you assign a password for your computer? How do you back up data to save your work? Why is network security an issue for the law office?
Practice Questions
Practice Question # 1ABC Law Firm has 20 associates and 5 legal
assistants. Every associate and secretary has a computer that is part of a network. To make things easy, they give everyone the same password, and the password never lapses or expires. What is wrong with this?
Answer to Practice Question # 1An outsider can readily obtain access to
internal systems because password policies are weak.
User accounts could be compromised and full access to network controllers can be had by some not authorized to use the network.
Practice Question # 2Suppose the ABC law firm gave everyone in
the office administrator access. What is the problem with this?
Answer to Practice Question # 2Once on the network, any staff member could
then defeat security settings and could potentially access all information on the network.
Merely assigning administrator access inside the firm would not enable outside hackers unless staff gave out the information.
Practice Question # 3As a regular part of doing business, the ABC
law firm sends and receives attachments via email without routinely running an antivirus program. What is wrong with this?
Answer to Practice Question # 3Attachments sent via email may carry
viruses.Viruses and worms can spread quickly to
large numbers of computers.An intruder finding a hole somewhere in the
network could easily jump straight to the core of the system.