Tomorrow (May 4) is World Password Day. World Password Day occurs on the first Thursday of May. It was created by Intel several years ago to raise awareness about the importance of stronger passwords and promote better password habits. Passwords are critical gatekeepers to our (and our clients) digital and business records and identities.
I have preached the need for lawyers to be especially mindful of the need for password protection for years. But too often, I am greeted with the response, “I’m just a small-time lawyer. No one would be interested in anything I have. My stuff is not that important.” In other words, security through obscurity. But it doesn’t work.
It doesn’t work because while the bad guys may not care about the substance of what you have in your files, they do care about the information there. It could be personally identifiable information for clients or others. It undoubtedly includes client confidences. It could be health records protected by HIPPA rules. No matter what it is, you, as a lawyer, have an ethical and legal duty to protect all this information.
All too often, lawyers and legal professionals use weak passwords, like a simple 4-digit number. Often that number is 1234. This doesn’t protect you or your information.
Lawyers also often forget that their mobile devices (smartphones, tablets, even laptops) often have client and private information on them
Lawyers also often forget that their mobile devices (smartphones, tablets, even laptops) often have client and private information on them. Just like any digital information on a desktop in the office, this information may be considered confidential subject to Model Rule 1.6 (duty of confidentiality) and similar state rules. At least one state, New York, believes that even information about a client, like a
