Here’s a link to a story about a MacBook user using the Apple Back to My Mac feature to capture an image of the thief who stole her MacBook. The thief used the MacBok to do a little online shopping when an acquaintance of the victim called her to report she was being shown as online. Kait Duplaga logged into the Apple Back to My Mac service and captured a picture of the thief in the act. The victim’s friend recognized the thief and the victim turned over the picture and other information to the local police who arrested the perp. While this story has a happy ending, it also points out that Miss Duplaga had not password protected her system allowing anyone who had her MacBook to access its contents. Think about the potential damage that could have been done if this was a lawyer’s computer and contained confidential information – can you say put your malpractice carrier on notice?

If you are carrying sensitive information on your computer, albeit even if it’s just your own account information that you’ve saved in your browser, you need to take steps to protect yourself and your data from harm. Find an encryption program and use it. You can encrypt files, folders or disk partitions with Truecrypt (free) or use SecureDoc Personal (fee) to encrypt your entire hard drive. CMS Products has recently made their CE Secure Vault Edition encryption program available for here on Tucows to create encrypted vaults to hold data. I like Truecrupt as it allows for hidden volumes which is an encrypted volume hidden inside another encrypted volume. According to the Truecrypt site:

It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

What’s even nicer is that TrueCrypt works on both Windows and Mac systems. You can also use programs such as LoJack for Laptops from Absolute Software to help you locate and recover your computer if it is stolen.

The moral of this story is that there are steps you can take to protect yourself and you have an obligation to yourself and your clients (think Rules of Professional Conduct and safeguarding client information) to do so.

Slashdot is reporting that Microsoft has disabled support for many older file formats with the installation of Service Pack 3 in this post. Allegedly, this is being done to protect users from those older ‘less secure’ file formats, but wouldn’t it be nice if they asked you about doing this first? Unfortunately, this is the default for Service Pack 3 and there is no simple method for disabling this before installing SP 3.The MS “fix” for this issue is found in Knowledge Base Article 938810 and requires you to make changes to the registry. I consider myself to be a computer power user and I don’t like messing with the Registry, so this is someplace that you should fear to tread without a lot of careful thought and making at least one Registry backup before you make any changes to it. You should read and follow KB 322756 “How to back up and restore the registry in Windows XP and Windows Vista” and make sure to backup the registry every time before making any changes.

Laptops – we love them and so do thieves.  You can protect your critical data with a few simple precautions such as those from Security Hacks recent post titled 5 Essential laptop security tips.

The article mentions Truecrypt which is a great free encryption product, but for softwar to locate your laptop if its been stolen, I would choose Lojack For Laptops which has a solid company behind it.

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

    -Rick Cook, The Wizardry Compiled

I think this quote is very apropos today: as important as backing up your critical data is, I’m still amazed at the number of lawyers that fail to take any steps to protect their data. I last wrote about data backup in Compujurist in 2005 and think it is time to revisit this issue as it continues to be a topic of discussion on e-lists around the country.

There are a wide variety of backup methodologies and schedules from the extremely simple to the incredibly complex.  The sample that I set below is just one suggestion and is by no means the only way to create a backup methodology and schedule. The sample plan below is intended for single computers, computers that are in a peer-to-peer environment or are using strictly Windows XP for networking including operating the server. True networks can use a modification of this plan, but it would require different software. However, this sample backup plan provides a reasonable balance between rotating backup media, preparing for a catastrophic loss that does not destroy your office as well as securing your absolutely critical data offsite. I’ve also tried to take into consideration the complexity, cost and time involved in preparing this sample backup plan.

While it seems that there are as many backup recommendations as there are individuals, I take the view that you should be able restore your entire system meaning not just your data, but all of the programs and software in the event disaster strikes. Many people take the position that they have the backup disks and can simply just reload from those and therefore, there is no need to back up the operating system and all of your programs.  While this may be true, think of how much time it will take you to locate all of the disks for each of your programs, install them on your computer, download and install all of your program updates; if you’re lucky, you’re only talking a matter of hours, but it could be several days. And while your computer system or systems are down, much of your practice will be at a standstill. While I suggested backup plan may leave a small gap between complete backups, it is much easier to download and install updates for a one-week period than it is if you’ve never made a backup of your entire hard drive at all.

Taking into consideration the points I make above, this generally results in a three-tiered backup approach that includes A) an image of your entire hard drive; B) backups of the data that has changed since the last full backup; and C) online backup of only your data and critical files.

I suggest the following:

1.  Purchase a copy of Acronis True Image 11 home for each computer. Ideally, if you have more than one computer, all data is centralized on one of them as it makes backing up much easier. You will also need a minimum of 2 external hard drives (3 is better). You can usually find the hard drives on sale at Best Buy or similar stores every weekend for around $130 for 250 to 300 Gigabyte Drives (or larger) and you can check there for the software also.  If using full-size external hard drives, I recommend that you stick with similar hard drives as you will be able to keep one power adapter at the office and one at home; usually come each manufacturer provides a different power supply for their full-size external hard drives.  Another option would be to use a smaller notebook sized external hard drives which generally only require a USB cable to provide their power.  The downside to the smaller external drives is the capacity and their speed which will result in a longer backup duration.

2.  Install the Acronis True Image software on your computer and make a complete image of your hard drive using the wizard found in the software to one of the external drives. If you have multiple computers, you’ll want to make a backup of each and save it to an external drive.  This is where the third external hard drive can come in handy as you can back up all of your images to that drive.  I also recommend you burn this initial image to a DVD or, if you don't have a writable DVD, then to CD-ROM.  Place the disks in a fireproof and secure location.  In the event of a disaster, at a minimum, you can restore back to this original complete disk image. Then on a regular basis, such as quarterly or even after you install new programs, create a new complete image so that you can always back up to that point without having to reinstall all of your programs, operating system and data.

3.  On Monday and Wednesday, run a differential backup with a full backup once again on Friday. I recommend a differential, rather than an incremental, backup as a differential back-up backs up all information from the time of the last full back-up through the date of the differential backup; while an incremental backup only backs up the information from the last incremental backup not the last full backup.  What this means is the difference between requiring the last full backup and one (the most recent) differential backup to restore your data versus your last full backup and every incremental backup since that full backup to restore your data.  For simplicity, I would swap external hard drives out after you make the complete backup on Friday and take the drive with the most current information home with you.

4.  Sign up for a free Mozy online backup account (Mozy has been acquired by EMC a major player in computer backup systems which offers stability and backing from a solid company). There are numerous other online backup services, but Mozy is simple and provides a free account or a paid unlimited storage account. Mozy will not back up system or program files, and due to the bandwidth limitations, even just backing up your critical data files will take some time . Schedule this to backup only your data files on Tuesdays, Thursdays and Saturdays over the Internet. When you set up your free, 2 GB account (which should be enough to get you started), I also recommend that you use your own encryption password as this will prevent anyone at Mozy or anyone else for that matter, from looking at your data.

IMPORTANT NOTE: YOU MUST MAINTAIN YOUR PASSWORD AS IF YOU LOSE IT, MOZY WILL BE UNABLE TO PROVIDE YOU WITH YOUR PASSWORD SINCE IT IS YOURS AND YOURS ALONE.  IF YOU'RE UNCOMFORTABLE WITH THIS, YOU MAY USE THEIR ENCRYPTION, BUT YOU DO RUN THE RISK OF INFORMATION BEING TURNED OVER PURSUANT TO A SUBPOENA OR OTHER ACTION AS SET OUT IN THEIR PRIVACY POLICY.

5. Finally, perform a sample or test restore to ensure that your data is actually being backed up.  Murphy’s Law of backups provides that your backup will fail when you need it most.  One method of doing this is to select several critical files and data types such as your time and billing data and word processing files, renaming several of these files and then doing test restores from the backup data stored on the external hard drive as well as from the online backup service and see if the files will open and if the data appears to be current and correct.  Initially, you want to test this with the first backup and then at least biweekly for the first two months.  Thereafter, I would recommend doing a test restore at least monthly.

If you add a third external hard drive to this plan, it would become the primary backup for a monthly full backup and then on successive months, each of the hard drives would be rotated through so that at any one time you have a monthly full backup and a weekly full back.  This translates into the greatest period of time that you could potentially lose data for would be one week or in the worst case scenario, one month.  However, with the online backup of critical data, your data should always be within one or two days of being up-to-date at all times.

For offices using true network operating systems such as Microsoft Server or Microsoft Small Business Server, Acronis makes a product suitable for use on these servers and this procedure can be adapted using such a product. In this event, I would also strongly suggest that each workstation also have a copy of Acronis True Image software installed on it with regular images being made of these systems on a quarterly or semiannual basis or at least when major software is upgraded. You can also use a more traditional backup product such as EMC Retrospect (server version) which still allows for disaster recovery as well as including the ability to backup connected workstation computers that are connected to the network.

You must weigh your own needs against the potential risks of different backup intervals and what the backup to come up with your own backup plan.  However, you need to do some type of backup, even if that’s just a backup of your critical data: you can always reinstall your software, but you can’t replace your data.

From the folks who bring you InformationWeek comes bMighty.com, a website focused on the IT needs of small and midsize business. Since I’m always on the lookout for useful technology sites, I checked out bMighty.com when I received the announcement that it been launched.  The primary question that I always face when exploring these websites is will there be any useful information for lawyers on this new site? I’m happy to report that for bMighty.com, the answer appears to be yes.

 With sections on tech news, reviews, storage and other technology information, I read through several articles and came across Put Your USB Drive To Work: 5 Strategies For Going Mobile : the post provides information on a number of very useful tips for using your USB thumb drive to help improve your mobility. Authored by Serdar Yegulalp of InformationWeek, the article focuses on five ways to use your USB thumb drive to improve your mobility. According to Yegulalp:

The article provides concrete examples that are actually useful and then provide the links to the utilities mentioned. I especially like the section on using TrueCrypt,to encrypt and protect that confidential information that you may have stored on.

This post is definitely worth saving as it contains using their USB thumb drives to increase their mobility and efficiency.