On Slashdot, a reader called benrothke reviews a book called Locked Down: Information Security For Lawyers. This sounds like a vital book — my experience of lawyers (and accountants, doctors and other professions that deal with sensitive information) is that they really don't get information security, routinely transmitting potentially compromising documents in the clear as email attachments. Not only don't they understand PGP — they think it's good security to attach an encrypted ZIP archive to one email and follow it up with another email containing the password to decrypt it (facepalm). Anything that gets this sort of profession thinking well about security is most welcome.
The book quotes an ABA 2011 technology survey in which 21% of large law firms reported that their firm had experiences some sort of security breach, and 15% of all firms reported that they suffered a security breach. It is figures like those which show that attorneys really need to read this book and take the information to heart.
The books 17 chapters are in a readable 150 pages, with an additional 120 pages of appendices. Written in an easily understandable style and non-technical for the technologically challenge lawyer.
When it comes to the security of client data, in chapter 4 the authors write that encryption is a topic that most attorneys don't want to touch with a ten-foot pole. But it has reached a point where attorneys must understand how and when encryption should be used. Just as important, they need to know about key managements, and what good encryption is. The chapter provides a high-level detail on what needs to be done regarding encryption.
Chapter 13 is on secure disposal, is an important topic to everyone, and not just lawyers. Digital media needs to be effectively disposed of; and for many lawyers, they often think that means reformatting a hard drive or simply erasing files. The chapter effectively details the issues and offers numerous valuable hardware and software-based solutions.