Monday, October 22, 2007

Data Security at Law Firms in India

Major law firms in the country have taken several strong measures and beefed up their data security after a serious theft at a law firm in Delhi.

Late last year important data along with hard drives was stolen by the four employees of the Law Firm Titus & Co in Delhi by a Nigerian National Alfred Adebare along with Seema Jhingan, Alishan Naqvee and Dimpy Mohanty .

Taking cue from this various law firms have taken several measures to protect the vital data this includes installing linux mail servers, password protected master computers , sealing of floppy and CD drives, scanning of e-mails and disabling of bluetooth and infrared.

Some of the actions taken for data protection by law firms include

(1) AZB & Partners

One back up drive for backup files and user needs authentication from the administrator to access back up files.

One Linux mail server from where all e-mails are received and sent by all advocates

Master computer for each of the four computers in a room and the master computer is password protected.

All e-mails are stored and copied to Zia Mody.

Floppy drive and CD drive are sealed.

(2) Amarchand Mangaldas and Shroff

Floppy drive and CD drive are sealed

Luthra & Luthra

Floppy drive and CD drive are sealed.

(4) Pathak & Associates

Provision of intranet restricted to advocates.

(5)Bhasin & Co.

Camera system in each cubicle for surveillance

Floppy drive and CD drive are sealed

Strict internet system and cannot be used for personal purposes

(6)Fox & Mandal

One main server for the e-mails to be sent and received by the advocates

Back up data is stored.

(7)Trilegal

Password for each computer and one needs it to access to the computer.

Lawyers sign confidentiality agreement.

(8)Titus & Co.

Disabled/removed storage/copying devices like Floppy drive and CD Writer.

Disabled input/output port (I/O) of Universal Serial Bus (USB).

Disabled communication options like Bluetooth and Infrared.

Provided secured password on systems to access Server.

Internet access available on two PCs to surf the internet only. These two PCs are not on the Domain Server.

Login on internet PC allowed only with Administrator profile so that

server database cannot be accessed.

Server users do not have login permission on the internet PC.

One PC is used to send and receive e-mails through password

protected outlook express/Microsoft outlook programs.

Data is saved and accessed from the Server only.

Storage media like CDs, floppies, pen drives are not allowed in office

premises.

Data backup is taken on a daily, weekly and monthly basis.Anti-virus installed on every system connected to LAN.

Firewall installed on internet/ email PCs to prevent data hacking.Physical verification of contents of all bags, containers, packets entering and leaving office.

No comments: