I have a new draft paper out! It’s called Computer Security Tools and Concepts for Lawyers. I wrote this paper because I often find that lawyers outside of tech spaces didn’t understand fundamental computer security concepts, like what encryption does, or what social engineering is. I also wanted a piece pitched at the right level for lawyers who just want to know how to do a better job at protecting client information. 

Because it’s impossible to give universally applicable security advice, infosec experts should note that I’ve tried to keep things pretty basic. This means that this paper is NOT a framework for super high risk threat models, and does not include a lot of the advice that might apply to activists or lawyers actively targeted by governments. However, with that caveat, I welcome feedback. Please shoot me an email if there’s something missing or something wrong! (Or if you like it - that’s nice too!)

If I do get around to another draft, I will probably be including secure file transfer methods (thank you, Wendy!) and some suggestions about use cases for Tor.

Computer Security Tools and Concepts for Lawyers

Abstract: Computer security can be full of jargon and difficult to understand, but protecting client data is part of the core ethical duties of any lawyer. This paper defines some core computer security concepts with an eye towards helping lawyers make better decisions about their own personal choices for security, and provides some basic advice to help lawyers implement the practices that security professionals recommend.

My favorite line:  “The major worry for most lawyers should not be well-resourced hackers breaking into their firm network, but rather, the lost laptop, the chatty partner, and the reused password.”

Get the Full Thing:  http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2831739