We all know that it’s important to protect sensitive information, but with so much information these days stored in our computers (in files, databases, emails, etc.), it can be hard to know how to protect these digital files adequately. In this article, weâ€™re going to talk about easy steps you can take to protect sensitive client information â€“ client’s names, Social Security or Tax ID numbers, etc. â€“ and the documents that may contain such information.
With the increasingly worrisome trend of “identity theft” (which might be more accurately described as “identity fraud”), comes the need to take steps to reduce the risk of personal information being stolen and used fraudulently. Many states (including Massachusetts) have or are beginning to pass laws to address this issue â€“ but ultimately, if you take and store this sort of information, the responsibility for protecting it is on you.
First off, it’s worth knowing what sort of personal information might be saved, and where on your computer it is saved:
- TurboLaw Document Software stores client’s names, addresses, and in some cases, Social Security or Tax ID numbers. This information is stored both in TurboLaw’s database file and in any document or form you create that calls for that information.
- TurboLaw Time and Billing, on the other hand, does not ask for any personal information beyond a client’s name and address.
So, what can you do to protect this information? There are many different ways you can protect information, but here are some of the simplest:
Using Microsoft Windows Encrypting File System
Microsoft Windows itself has something built-in that can help you. Windows (2000 or later) has a feature called the Encrypting File System. This feature allows you to “encrypt” files on your computer, so that if your computer is (for example) stolen, the person who stole it won’t be able to read the encrypted files.
This method is generally best for when you have a (relatively) small number of files you need to protect, and you know where those files are located on your computer.
Below are two articles which describe how to use this feature and some “best practices” for using it:
- How to encrypt a file in Windows XP (the method described is similar in Windows 2000 and Windows Vista)
- Best practices for the Encrypting File System
It is worth noting that this method of protecting your files is only as strong as the password you use on your computer â€“ if you donâ€™t use a password, or if you use a simple, short password, then your files will not be very secure. A full discussion of choosing a good password is beyond the scope of this article, but you can read some tips and suggestions in this article: Strong Passwords: How to create and use them.
Knowing this, and knowing that you can click the “View” menu in TurboLaw and choose “TurboLaw Status” to see where TurboLaw is currently saving your database and case documents, you can encrypt that folder (as well as any other folders on your computer where you store documents that might contain sensitive information) and know that your data is protected.
Using Microsoft BitLocker Drive Encryption
If you have Microsoft Windows Vista or Windows 7 (the “Ultimate” or “Enterprise” editions only), then you have another built-in option called BitLocker Drive Encryption.
This is what is known as “whole disk encryption,” and it’s a bit more complicated than just encrypting a few files using the Encrypting File System mentioned above. BitLocker Drive Encryption, as its name suggests, encrypts your entire hard drive, so that if your computer is stolen, the thief will be unable to read anything at all from your hard drive (as opposed to just not being able to read the specific files you encrypted).
This method is generally best for when you know you have sensitive data in many places in your computer (perhaps stored in many different programs), but you aren’t exactly sure where the data is specifically saved on your disk. By encrypting the entire hard drive, you make sure that any data is encrypted, no matter where on the hard drive it is actually located.
Because of the way BitLocker works, setting it up requires a little bit more work than the simpler Encrypting File System method. Although Microsoft has made BitLocker very easy to use (considering what it does), it is still probably best to consult with a qualified IT professional before going this route.
There might be reasons why you wouldn’t want to use the solutions built-in to Microsoft Windows. Fortunately, other solutions are available (although they are a little bit more technical).
For example, you might use software such as TrueCrypt to encrypt an entire disk on your computer â€“ much like what Microsoft BitLocker Drive Encryption allows you to do.
You could also use TrueCrypt to create a “virtual” disk which is also encrypted. You could then save all of your files to this encrypted disk, without having to worry about encrypting your program files and other non-sensitive files. Also, because the disk is “virtual,” you can copy the “virtual” drive to another computer if needed (for example, when you get a new computer), thus making transferring your data to a new computer easier.
Another option is to store your data on a USB flash drive which comes with encryption options (similar to TrueCrypt). There are a large number of these type of USB flash drives available today, with varying degrees of ease-of-use.
If you have an in-house IT department (or an arrangement with an IT provider or firm), we would generally recommend that you speak to them for advice on how to secure sensitive client data on your computers.
However, if you are a small firm or a solo practitioner, the tips provided above will help you be more proactive about protecting the sensitive information that is increasingly stored on your computer.