Thursday, October 12, 2017

Court Cyber Security Risk Discussed

After the great CTC keynote address on cyber-security I had some thoughts on what are the court’s actual areas of vulnerability.  That and information about a nice PDF converter utility below:


We have a great advantage in the courts since we primarily deal in the public record.  This means of course that for the most part, we want the public to have access to our operational data. There is no need for hackers to break in since in a great part, we make it freely available. 

But I also think that there is perhaps a lot of fear that is being spread that may not necessarily be realistic for the courts. There are real risks for individuals.  But that is another conversation. So, what are the court's real areas of risk? 

I think that the first and most important risk to mitigate against is “ransomware”.  If a courts server is locked up with data encryption it becomes unusable that is a serious problem.  If the court doesn’t have good backups then that is an even bigger problem since courts don’t have funding laying around to pay bribes to unlock the data. 

So what to do?  Preparation.  Wired Magazine lists four strategies:

1. Back Up – this is self-explanatory … but I would add the need to back up to different devices/services.  You can’t have too many copies. And those copies can be different ages, one-day, one-week, two-weeks, one month, two months.  Anything is better than nothing.

2. Just Say No – To Suspicious Emails and Links.  User training.

3. Patch and Block – keeping machines up-to-date and security software blocking specific types of programs

4. Got an Infection?  Disconnect.  No need to stay on the Internet if your systems are broken.

Computer viruses are the second significant risk for the courts simply because they are a nuisance. 

They are particularly worrisome if first, they can get access to the court’s personnel records via the infected computer or second if the machine contains access numbers, social security numbers, or bank account information.  I suppose e-mail access could be a problem, although I haven’t seen that manifest itself from the courts in any significant way.

Most hackers are looking for information to steal and sell.  They really don’t care about the next scheduled hearing date. I am not particularly concerned with document access as falsification is so easy to do.

There is a great publication from the COSCA/NACM Joint Technology Committee on this subject that we wrote about last year.  Please download and use it before problems occur.  And please feel free to share your cyber-security stories and information in the comments below.  I know that your sharing will be appreciated by the court community.

PDF Converter

And last, something I meant to include in last week’s This and That article, is a secure PDF to Document and OCR system called “Able2Extract Professional”.  It provides the ability to read and convert PDF’s into editable formats such as MS Word and Excel.  IT is free to download and test.  Here is the link to the application’s web page.

No comments:

Post a Comment