Federal Trade Commission’s Suggestions to Secure Data

In the most release of Circuits, Pierre Grosdidier and Cassidy Daniels share a thorough article on the Federal Trade Commissions guidelines. Their research and reference to supporting materials sheds light on the FTC guidelines. Just a small sampling of suggestions the FTC’s guidelines offer:

  •  Do not collect unneeded information.
  •  Restrict access to data.
  •  Require secure passwords. “Qwerty” and “121212” are no better than having no password at all.
  • Suspend or disable users after a certain number of unsuccessful login attempts.
  • Store and transmit sensitive information securely. Train personnel and use accepted encryption methods—no need to reinvent the wheel.
  • Segment networks and monitor who is trying to get in and out.
  • Secure remote network access.

Read the article by Pierre and Cassidy in its entirety here.

Lawyers, are you keeping up with your security updates?

Businessman standing and working wth touch screen

By: Ronald Chichester | http://www.texascomputerlaw.com

Lawyers, are you keeping up with your security updates?

As we’re all too keenly aware, software programs can contain flaws that make the lawyer’s (or client’s) data vulnerable to compromise.  For example, the makers one of the more common software applications that attorneys use for encrypting client data — 7-zip — have recently found some vulnerabilities in their encryption code.  The bugs got fixed last week (on May 10 to be exact).  But have you updated your version of 7-zip since then?  For that matter, have you updated all the software on your machines?

Yes, the Linux guys have it easy.  Their package managers update not only the operating system, but all open source software installed on their machines.  Unfortunately, those of us who use Windows or OS X have to update manually.  We know that’s a chore, but an important duty nonetheless.  The software guys endeavor to plug security holes as quickly as possible.  Sometimes they fix the problem within hours, but often within a day or two.  It would be poor recompense for their efforts if you failed to update your software when needed.

I know that some of you who have read this are saying to yourself: “Hey, I’ve got better things to do than to chase down updates.”  Well, maintaining client confidences is part of YOUR job.  Fortunately, there are some things that you can do to make the job easier.  The Federal Government sponsors a website from which you can glance for problems with your important applications (like Adobe Acrobat, Windows, etc.).  Take a look at:


Those of you with news aggregators can take advantage of their RSS feed:  http://www.kb.cert.org/vulfeed

The nice thing about that database is that it tracks more than just the software on your PC.  It also alerts you to problems with your other equipment, like routers and printers.  It’s there for your protection, and it’s free.  Use it.

1 2 3 14