The Gazette 1991

GAZETTE

JANUARY/FEBRUARY 1991

Whether maintenance is per- formed on site or on-line, by means of a modem and on-line computer diagnostics, the problem is that the data stored is accessible to the maintenance engineer or mechanic who is performing the repair or maintenance. Such a person can readily access and copy all one's clients' stored confidential data, and if so minded make improper or even fraudulent use of same. It would appear that there is a legal responsibility on a solicitor to take reasonable steps to ensure that the confidential information stored on computer is not disclosed to unauthorised persons. The pro- blem is how is this to be achieved as it is unrealistic to expect one's clients to sign a general waiver. However, one should make sure that at least one's maintenance contract includes a covenant regarding confidential data and unauthorised disclosure by the company's employees. As communication is becoming a widely used microcomputer ap- plication, the risk of unauthorised access to one's data is becoming a very real problem. Most of the communications software available today allows one to put one's computer into an "auto-answer" mode, wh i ch means it will automatically answer any phone call it receives. In this way anybody with the phone number of your computer can, theoretically, access all the data files and programs on your computer from a remote location. This is how on-line com- puter diagnostics works. . . . t he re is a l egal res- ponsibility on a solicitor t o take reasonable steps t o ensure t hat t he con f i den t i al i n f o rma t i on s t ored on compu t er is not d i s c l o s ed t o u n a u t h o r i s ed per sons ." However, communications soft- ware programs nowadays do have password protection so that only those with the correct password are able to gain access to hardware and software data on the phone. If a person has a working knowledge of the password scheme and the operating system, such a person can of course obtain access to one's data.

In fact it is now possible for data to be removed from computers from outside the building. The radiation emitted from a VDU is sufficiently powerful to be received by anyone using an ordinary television set, a standard television aerial and a frequency modulator a hundred metres away. This can be done even where an office is full of VDUs because the frequency signal from each is different. Finding information on a hard disk is easy. There is a Public Domain software program called Whereis available that will search through all the directories on disk to find a specific file. Once an unauthorised person has gained access to one's computer he can carry out a search for anything that might be of interest in the directories, and download that in- formation. Even a particular word or phrase can be searched for on an entire disk. Files and directories can, however, be hidden. Attributes such as "hidden" and "read only" can be assigned to programs and data. Utilities are also available on the market which enable one to create "secret" directories. In order for these schemes to be effective, the utilities used to hide the files and data have to be removed from user access: likewise directory utilities which will show hidden files have to be removed from user access. Security packages, which in- clude password assignments for all users and encrypt or scramble data files are available. These packages do have drawbacks viz: — (a) reduced processing speed; (b) increased administrative tasks e.g. assigning passwords, user

access, data file security, data file security levels. (c) pre-planning and determination of who shall have access to what on the hard disk. (d) assignment of a hierarchy of security levels for files depend- ing on the sensitivity of the data stored on them, and the availability thereof to certain users; (e) regular monitoring of the passwords assigned, and the hierarchy of security levels, is essential; (f) the very real risk of forgetting the password!; and (g) inconvenience. They do, however, provide the highest level of data security available for microcomputers. There is software and hardware on the market which will only allow access to users at specific times; that will make certain directories, files, etc. unavailable to certain staff or will only allow certain staff access to certain files and prevent them changing those files. Electronic keys, or dongles, are another form of security devjce. These are hardware units which slot into a 'key-ring' connected to the printer port and allow use of the computer to key carrying personnel only. There is another device which is a combination of smartcards and signature recognition pads. This involves the person requiring access to the system slotting his smartcard into a receiver and then signing an electronic pad. The smartcard contains a three dimen- sional image of the person's signature which the control com- puter uses to check against the one

WENTWORTH - Lr. Grand Canal St. • C. 2,250 Sq Ft Adj. Merrion Sq • Superb Finish (Incl. Carpets etc.)

• Flexible lease term • On Site Carparking Joint Agents:

Sherry fitzGerald S 616198

6