A recent study from the National Institute of Technology (NIST) found that the majority of typical computer users experience security fatigue, which leads to risky computing behavior at work and in their personal lives. Security fatigue is defined as a reluctance or weariness to deal with computer security. So what does this mean for law firms? A balanced approach is the way to go. If you make things too difficult for the users, they will find ways around the security measures.
Archives for August 2017
Excerpt: Many commentators have predicted that 2017 will be the year of Amazon’s Alexa. Alexa is one of several virtual voice assistants that are working their way into our everyday lives. The Amazon Echo and the smaller Echo Dot had a great sales year in 2016 and finished off the holiday season as the best selling items on Amazon. Estimates by Forrester indicate that 6 million Amazon Echo devices were sold by the end of 2016. That’s a lot of hardware.
Alexa is just one of the virtual assistants available for lawyers today. There’s also Google Home/Google Assistant, Siri, Cortana and Samsung’s Bixby on the Galaxy S8 and S8+. Siri was the first on the market but has rapidly lost ground to Alexa and Google Assistant, the two big players in the virtual assistant offerings. Google has the advantage for research since it has access to the power of Google search. Alexa is a better integration device, especially with the addition of “skills” that allow it to connect to other services and apps. Bixby is the newest player in the virtual assistant space and promises to have some unique features that don’t exist in the others. One such feature is the ability to take a picture of something in a foreign language (e.g. road sign, business advertisement, etc.) and Bixby will translate it for you.
Excerpt: Does your firm accept and process credit cards? If not, you probably should. Clients are more apt to pay their retainers or your invoices if they can use a credit card instead of writing you a check. The way you process credit cards is about to change in a big way (for all businesses), but let’s start at the beginning.
The first step in processing credit cards is getting a merchant account. A merchant account is essentially
a contract with a “processor” that takes your transactions and processes them with the credit card
companies (e.g. MasterCard, VISA, American Express, Discover, etc.). When you work with a processor,
you will pay a variety of fees (e.g. discount percentage, transaction fee, etc.) for each one of your credit
card transactions. Typically, the discount percentage will go down as you gather more and more
information to validate the transactions. As an example, the discount rate will be lower if you have the
cardholder’s complete address (including zip code) and CVV (card verification value) versus only having
the billing zip code. Companies such as LawPay, Sage Payment Solutions, Square and Authorize.net are
credit card processors.
Buying, implementing, replacing, and securing technology are huge challenges – especially when you have billable work to do. And yet, technology (and the policies that govern its usage) is the most important part of a law firm today – at least after the carbon-based units!
With this metadata information at hand, Simek said, one can “with a high degree of confidence, say that these were authentic messages that were sent from this account to that account and sent back.”
The data gleaned from email headers will likely be more than enough to meet the evidence authentication requirements mandated by the Federal Rules of Evidence (FRE) Rule 901, a standard commonly used by both federal and nonfederal courts around the country.
Among other things, the rule allows for authentication based on “distinctive characteristics” of an item including its contents and substance, such as email addresses and messages. These characteristics must be taken together with circumstantial facts, such as evidence a person was at their computer or device at the time an email was sent, or that the email client and device identified in the header matches those commonly used by the person in question.
There is, however, one large caveat to collecting information from email headers: In order to obtain all relevant metadata, one must be in possession of the original email itself. Having a forwarded copy of an original email, Simek noted, creates entirely new header information. “[All I’m] able to see is your information about the forwarding, and not about the original message.”
But once in possession of an original email, extracting the header is fairly easily. Simek explained that one can use e-discovery tools for the task, or even extract them manually from their email client, though the steps for that will vary depending on “if it’s a Gmail message, if it’s Hotmail or some [other] web-based client. The processes are different.”
He advised attorneys, however, to turn to data forensics experts for such extractions, given that “DIY extractions of headers” will likely run into problems, and those who extract the data may also be called to testify in court.
Hopefully your firm will never experience a data breach, but these days it seems more and more inevitable. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek talk to Brian Wommack about common mistakes companies make when dealing with a breach, the correct way to handle the situation, and what you can do to prepare for potential threats. They also discuss the different aspects of creating a contingency plan including drafting beforehand how you would break the news to your clients.