When cloud computing comes up in conversation, one of the primary topics (after explosive growth) has always been data security. And with good reason: while 94% of small and medium sized businesses are finding security had actually improved when migrating to a cloud solution, there were a small number of high-profile security breaches that drew attention to the perceived fallibility of the cloud.
Users have a reasonable expectation that their cloud provider ensure account data is protected. Ultimately, however, lawyers are the ethical gatekeepers to their data, and the single most important thing they can do to ensure data security is using a secure password. If you’re anything like the average Internet user, you’re bad at passwords.
Don’t take it personally, though, you’re in good company: 59% of users use the same password across most (if not all) sites, and judging from this list of the most commonly used passwords of 2015, it wouldn’t matter even if you mixed it up. These habits, a holdover from a time where you used a password to access a device that was physically bound to your desk and ‘Hackers‘ were just a plenty awesome Jonny-Lee Miller/Angelina Jolie vehicle, are now woefully out of place in a society that is always connected, processing previously unheard of amounts of data, and requiring security on an unprecedented level.
While password security is less of a problem when dealing with your Hotmail account from 1997 (I’m looking at you, Chumbawamba4ever@hotmail.com), it becomes slightly more problematic when the backbone of your legal practice (including sensitive client data) is stored online.
With 1 in 3 attorneys stating they use some form of cloud computing solution in their practice, we felt this was a helpful time to revisit some best practices for password selection and management. First of all, if you’re a Clio administrator, you have the option of enabling strong passwords via your settings page.
While not a failsafe, this will ensure that all firm members within Clio update their passwords to use a more secure option. When choosing a new password, keep the following in mind:
- Never store passwords in word documents, text files, or any other non-encrypted form on your local computer, or worse, on a Post-It note
- Never store passwords “in the clear” on a remote host (such as Google Drive, Evernote, or any other non-encrypted remote service)
- Never ‘share’ passwords (don’t use the same password for multiple sites)
- Try not to use real words in your passwords (words that you would find in the dictionary)
- Try not to use common variations or trivial permutations of real words in your passwords (‘p@ssw0rd’ is not appreciably more secure than ‘password’, even though it contains both a symbol and a number)
- Try to use a password a minimum of 10-20 characters in length
- Try to use a random combination of letters, numbers and symbols
- Finally, never share your passwords with anyone, regardless of your relationship with them. Most cloud solutions have data sharing options that do not require sharing your password.
Proper password practices result in a tricky catch-22: you’re not allowed to write it down or use one password across multiple sites, but the passwords have to be intrinsically meaningless and difficult to remember. Unless you’re Jonas Von Essen, you’ll probably find yourself locked out of your accounts on a regular basis. Luckily, there are solutions in the form of password management utilities.
If you’re looking for a desktop application (for best results, use on a password-protected computer), 1Password is optimized for OS X, while KeePass works well for Windows. By using these tools, you’re able to maintain a password database and save the encrypted password database to a cloud service such as Dropbox so that it’s synced across multiple devices. If you prefer a cloud-based solution, ensuring all of your passwords is accessible to you via a web interface, we highly recommend Passpack.
By utilizing these practices, you will ensure that your cloud data remains secure, even in the event of a third-party breach. If you’re still reading, do yourself a favor and change just one of your online passwords; you’ll be that much closer to securing your data.