Yesterday I saw the following on a lawyer list serve:
“I’m still concerned about the security of the information. Anything involving software can be hacked. Although I freely admit to a tech deficient mind, still I have not seen any info which demonstrates that cloud computing is less risky than not using cloud computing.”
I responded to this message with this text:
“Which is easer to hack:
1. The hard copies of your documents in your office that a burglar could steal by breaking into your office or that might be destroyed if your building burns down, or
2. The encrypted files on Amazon’s servers where our Jungle Disk auto-cloud system backs up our data every night without any human involvement?
P.S. If you use the highest level of Jungle Disk’s encryption it can’t be hacked and if you lose your key you’ll lose everything.”
A retired USAF guy answered me with:
After flying fighters and doing intel stuff, I served as the first squadron commander of a combined space test and aggressor squadron in the USAF. Space work has a lot of crossover with information security…hacking. I can promise you that anyone that thinks a piece of software is unhackable has spent little time with very bright millennials who may or may not have training with the “big boys” (the military or NSA) and who can crack almost anything…and if that individual cannot do it, they know someone who can.
We are deluding ourselves to think that our security is unhackable, anymore than a door is unbreakable. We have to simply trust that for the most part, we’re all too small for anyone to care about what is on our server, so the hacker doesn’t target us.”
The guy’s response kind of rubbed me the wrong way so I responded:
“YGBSM. Typical wing puke who can’t see the forest from the trees. I flew the F-4 Phantom in combat in Southeast Asia and taught very bright USAF pilots to fly the Phantom at an F-4 RTU for three years.
I don’t know computer security, but I do know that anybody who is afraid of state of the art cloud back ups or storage but uses the extremely low tech and highly vulnerable telephone to talk about client stuff while their office can burn to the ground (server destroyed) or be broken into (server stolen and then hacked) does not appreciate which threats have the greatest risk of occurring. I personally know attorneys whose offices were destroyed and they didn’t have copies of their client files stored off site. Oops! When that happens all client info is lost. I don’t know any lawyer whose encrypted data was hacked, nor have I read about it happening. If you know about a lawyer or law firm whose encrypted data was hacked please tell us about it. There are reasons hackers want to attack top secret U.S. and military databases and systems, but those reasons don’t apply to you and me and our data. Bright millennials are not going to waste their time on either of us or any lawyer on this list serve.
The issue in not whether encrypted data can be hacked (the trees), but which threats have the higher risk of actually occurring (the forest) and which threats have a sufficiently high risk of occurring that justify using your resources to protect against? When I was flying combat missions over Route Pack 6 in North Vietnam in 1972 I got a lot of threat information from the RHAW (radar homing and warning) gear, the mod 1 eyeballs and the radio. Red Crown broadcast the location of all MiGs airborne over North Vietnam and warned flights when a MiG got close. I had to analyze the threats and determine which threats, if any, were the highest threats and take action accordingly. For example, when the azimuth/section light (fondly called the “ah shit” light) illuminated, the launch light flashed on and off and I got a loud missile launch tone in my headset I knew my biggest threat that required immediate attention was the 32 foot long supersonic flying telephone pole that was tracking my airplane.
I agree that a thief may exist who is a very bright millennial who could hack into my encrypted cloud-based data, but I have a better chance of wining a Powerball jackpot than that happening. I’m much more likely to lose everything in a fire, natural disaster or a hard drive crash. The latter is the biggest threat all lawyers and law firms face.
You said “We are deluding ourselves to think that our security is unhackable.” When I said my encrypted cloud backup system couldn’t be hacked I meant it could not be hacked in the real world you and I live in. Nobody is going to use the resources necessary to hack into data that you or I encrypt. It is delusional, however, to fail to create an automated data back system that stores your data off site and that makes automatic daily backups because the biggest cyber threat that every lawyer must protect against is the crash of a hard drive that causes data to be lost because of no backup or old and cold back ups. Yes I know of lawyers who lost data because they didn’t properly backup or didn’t back up off site at all. I met yesterday with an Intel engineer who has a Ph.D. in electrical engineering who told me he was backing up all of his home computer data “every once in a while” to an external hard drive that just crashed and caused him to lose 350 gigs of data.
P.S. I’ve been 100% paperless since 2004 – 150,000 plus documents on my server that I can access from anywhere in the world using my browser and an internet connection. Yes a hacker dude could bust into my system, then again I could be killed by a shark that falls out of the sky and lands on me.”
What do you think? Leave a comment.