Recently proposed changes to attorney ethical rules by the American Bar Association (ABA) suggest that the profession sees technical breaches as a serious problem in need of immediate remedies. Earlier this week the ABA Commission on Ethics released a summary of proposed changes to the Model Rules, including a new rule requiring lawyers to take proactive measures to protect their client’s information when using new technologies. The proposed rule suggests that lawyers have to be more aware of both “inadvertent and unauthorized” disclosures–in other words, leaks from inside and hacks from outside a firm. The proposed rule warns technophobes that they need to change their Luddite ways. Lawyers now have a “duty to keep abreast of changes in relevant technology, including the benefits and risks associated with its use.” In other words, claiming ignorance is simply not an excuse.

By putting the onus on lawyers, the ABA is acknowledging what those of us who study and track security breaches have been shouting from the rooftops for years: preventing security breaches is not just about technology; it’s about changing human behavior. As the Wall Street Journal article makes clear, “the weakest link at law firms of any size are often their own employees.”

Other industries face similar problems. For example, a recent article on data breaches in the health care industry suggests that the epidemic of breaches of confidential health care information has more to do with human error than it does with IT shortcomings. As Larry Clinton, president and CEO of the trade association Internet Security Alliance succinctly points out “[p]eople are the biggest problem.” Consequently, Collins predicts that data breaches in hospitals and health care systems will only be prevented if these organizations approach these breaches as a “human-resource management issue and not an IT issue.”
Continue Reading

Good investigators are not necessarily smarter than the people they help. What often makes a good investigation is one in which “known” facts are independently evaluated once again. Just as we sometimes want a second opinion on a complex medical or legal matter, gathering and weighing the credibility of facts can also benefit from a fresh pair of eyes.
Continue Reading

The news is out and it’s not good. In fact, it’s downright troubling.  It seems that every day, usually several times a day, there is more and more information available about the dangers of the Internet.  It’s enough to make a Luddite out of even the most devoted technophile.  Here’s a sampling of some of

With all the focus on tech IPOs that reward gaming and chatting, it’s nice to see a company dedicated to privacy getting a little of bit of venture cash behind it. With just $1.5 million raised so far, CertiVox is still a tech minnow, but its idea is a solid one: people need to be

Imagine this: You have an iPhone, iPad and Mac computer. You use all three devices mostly for personal home use, but you also receive work e-mail on them. Medical records, tax returns, and other confidential information goes on these devices. They all sync amongst themselves and you’ve just started using Apple’s new server farm, iCloud.

We now know that Apple will use next week’s Worldwide Developer’s Conference to unveil iCloud, its new cloud storage product. Apple’s first attempt at cloud storage, MobileMe, was such a failure that Steve Jobs publicly tore into the Apple team for tarnishing the company’s reputation. 

iClouds.jpgIt looks like the 2.0 version will probably be getting