Articles

Excerpt: The Electronic Frontier Foundation (EFF) announced on May 20th that it had launched TOSsed Out, a new iteration of EFF’s continuing work in tracking and documenting the ways that Terms of Service (TOS) and other speech moderating rules are unevenly applied to people by online services. Sometimes, posts are deleted. Sometimes accounts are banned. For many people, the internet represents an irreplaceable forum to express their ideas, communicate with others, etc.

We have long been fans of the EFF and were delighted to hear that cybersecurity guru Bruce Schneier is leaving IBM, in part to focus on teaching cybersecurity to the next generation but in part to focus on his role as a public interest cybersecurity specialist. Since he is already on the board of the EFF, he is in a great position to be of help.

But back to TOSsed Out, which follows in the path of Onlinecensorship.org, which EFF launched in 2014 to collect reports from users in an effort to encourage social media companies to operate with greater transparency and accountability as they regulate speech. TOSsed Out will focus on the ways that people are negatively affected by these rules and their erratic enforcement.

Commercial content moderation practices negatively affects lots of folks, especially people who are marginalized. This includes black women who share their experiences of racism to sex educators whose content is deemed too explicit. TOSsed Out’s mission is to show that trying to censor social media ends up removing legal, protected speech.

Read the entire article here.

Excerpt: “We don’t believe in digital marketing. We believe in marketing in a digital world.” – Clive Sirkin, CMO of Kimberly Clark

And a digital world it is. We live in a world where three year olds have their own tablets (and operate them quite expertly, thank you very much) and people can work on a project across the globe from their kitchen table in their pajamas. While it is an exciting time, it is also a very challenging time to reach people and to stand out effectively in the crowd. Understanding Mr. Sirkin’s quote is a great first step. The basics of marketing have not changed (networking, creating/maintaining client relationships, word of mouth, etc), but the world in which we market has. It’s a fast-paced, ever-evolving digital world and lawyers must stay vigilant, educated, creative, and honest to stay in the game.

Read the entire article here.

Excerpt: There are thousands of stories of lawyers who ill-advisedly purchased technology or technology services. Let’s start with one such story – starring a very successful and highly respected lawyer who we will dub “Joe.”

Joe noted correctly that his website traffic was falling off a bit and determined that he would find a new website designer who could redo his site and take care of his search engine optimization (SEO). Off he went to a legal conference in Florida where he ran into a very personable salesman who worked for a website design/SEO company.

The salesman promised him the sun, the moon and the stars. Joe knew nothing about website design or SEO, but he really liked this fellow and he believed his promises. He signed an expensive contract and waited. It wasn’t long before his website, which had declined in Google searches under the previous vendor, absolutely hit rock bottom. Joe was losing the steady stream of clients previously provided by his website. Though we never investigated the reason, we suspect that “black hat” SEO may have been used – and that Google (which scans for prohibited SEO tactics) therefore punished Joe’s firm by dropping him in its rankings.

That’s when we got a call. Joe knew we didn’t do website design/SEO, but he knew we had a lot of knowledge about it. And by this time, his law firm was really suffering. So he contracted for a few hours of consulting work to locate a local firm (outsourcing to India for these services is usually a really bad idea).

We knew of a good local web design firm known for high quality SEO which had previously done such work for a number of law firms. We set a meeting with Joe and the web design company and attended the meeting as well. Why? We were there to ask the hard questions, to understand the technology being employed, to nail down the pricing and services offered and (always important) to act as a bulls*** filter.

The meeting went well. The firm made good on its promises and Joe’s website began soaring in the Google rankings. His stream of clients from the website increased steadily – and Joe was soon looking for new lawyers.

Read the entire article here.

Excerpt: As many readers know, we lecture a lot. A whole lot. So we thought it might be interesting to relate the questions we have been asked most often in the past several months. Always fascinating to see what is “top of mind” at conferences and CLEs.

“I’ve been thinking about cybersecurity – what’s most important? A security assessment, penetration testing or employee training?”

Well . . . let’s start with penetration testing. For most solo/small law firms, this is probably overkill unless you have major league clients or extremely high value data. In pen testing, you are asking a company to pretend they are the “bad guys” and attack you – it is scary stuff, and tends to be expensive. The company will generally require a “get out of jail” free agreement, saying that they are not liable for any damages resulting from a successful compromises of your network.

A security assessment (sometimes also called an audit) is far less expensive. The assessment is usually done using software tools and involves a thorough review of your network. The result is generally a report identifying your critical vulnerabilities, medium-level vulnerabilities and low-level vulnerabilities. As a rule, it tends to come with a proposal for (at least) remediating the critical vulnerabilities along with the estimated cost. We believe it is wise to do these assessments, using a certified third party cybersecurity company, annually. Many clients and cyberinsurance companies are beginning to require these assessments as well.

There is no getting around the absolute need for annual employee cybersecurity training. It is generally fairly inexpensive and covers the basics of current threats and how to avoid such things as clicking on suspicious links/attachments, going to sketchy websites, giving information over the phone (duped by social engineering), and many other easy-to-make mistakes. A solid hour of good training each year is a small price to pay for educating your employees and creating a culture of cybersecurity.

Read the entire article here.

Excerpt:
Background
Every year the American Bar Association sends out a survey to tens of thousands of attorneys requesting information about several area. The 2018 survey contained six questionnaires covering the following:

1. Technology Basics & Security
2. Law Office Technology
3. Online Research
4. Marketing & Communication Technology
5. Litigation Technology & E-Discovery
6. Mobile Lawyers

The complete survey is available for purchase from the ABA at https://www.americanbar.org/products/inv/book/353335439/. It’s not cheap, but packed with useful information. We’ll cover a few of the highlights here. Each volume is available separately, but you’ll need the complete publication to appreciate all the technology that lawyers use and the trends for the legal profession.

Read the entire article here.

Excerpt: Hacking can indeed be a passion, proving that you can outfox governments and big league corporations. The thrill of the chase can be addictive – and the addiction is fueled by the monies to be made.

Breaches come in many variants, far too many to cover in a single article. But there is a general flow to a breach. Since we make a living investigating breaches and remediating the vulnerabilities that caused them, let us take you on an anatomical tour of a typical breach, highlighting some of the common elements.

To make the reading more fun, we have offered up “quotes” from the players typically involved in a breach. Many are taken from real-life incidents.

Read the entire article here.

Excerpt: Lawyers know from personal experience how consuming technology can be. And they know how easy it is to overshare on social media, click on something they didn’t mean to, or say something foolish after having too many libations. Your clients are no different in their reliance on technology but they are going through one of the most emotional and stressful periods of their lives.

This is where the missteps come in. Clients’ technology, especially their usage of social media and text messaging, tend to become part of the divorce and discovery process. Throw into the mix a soon-to-be ex-spouse, a hotly-contested divorce, custody battles and maybe the involvement of third party lovers and you have the ingredients for an explosion that you will not want to sort out before a judge.

Happily, there is advice that you can give your clients at the onset of the engagement to help them protect themselves. Think of it as a “Do Not Do List.”

Read the entire article here.

Excerpt: It has been years since we talked about passwords in this column. While passwords seem a bit old school, they are still what most people, including lawyers, use to gain access to protected networks and data. As Verizon’s 2018 Data Breach Investigations Report noted, “Eighty-one percent of hacking-related breaches leveraged stolen and/or weak passwords.” Clearly, passwords are not serving law firm security well. Recently, we have seen multi-factor authentication (MFA) adopted more widely, but at a tortoise pace.

Based on the questions we get from audiences at CLES, there is now a fairly burning interest in upping security in law firms – and that’s a very good thing. Let’s start at the beginning with concepts that are sure to be new to some readers.

Fair warning: This is a good time to get a cup of strong coffee.

Read the entire article here.

Excerpt: Lawyers must follow the duty of communication required by Rule 1.4 of the ABA Model Rules of Professional Conduct, which requires lawyers to communicate regularly with clients and to keep clients reasonably apprised of their cases. Following a disaster, a lawyer must evaluate available methods to maintain communication with clients. The opinion instructs that lawyers should keep electronic lists of current clients in a manner that is “easily accessible.” Most lawyers have taken that to mean that the lists should be stored in the cloud so they can access them from an internet connection anywhere.

Lawyers should pay attention to the duty of competency, Rule 1.1, which includes a technology clause that requires lawyers to consider the benefits and risks of relevant technology. Because a disaster can destroy lawyers’ paper files, lawyers “must evaluate in advance storing files electronically” so that they can access those files after a disaster. Storing client files through cloud technology requires lawyers to consider confidentiality obligations. Again, the opinion has been read by lawyers to encourage cloud storage.

With a little due diligence, this should not present much of a problem. We constantly encourage lawyers to keep backups in the cloud. It is prudent to have a local backup, but the cloud provides additional security. As we learned from Katrina, having a backup at the office and one at home a mile away is not sufficiently protecting confidential data.

Read the entire article here.

Excerpt: Several years ago, a Canadian attorney and good friend of ours, invested $10,000 in bitcoin when it was dirt cheap – several hundred per bitcoin. Clearly, he is a lot smarter than us. We can’t even imagine the extent of his profit – the price of bitcoin has been all over the map. It hit an all-time high of $19,343.04 on December 16, 2017. We’re not sure if our friend cashed out, but we suspect he is still holding on to at least part of his “stash” of bitcoins. As of November 15, 2018, one bitcoin is worth $5,465. That’s quite a drop in eleven months.

We become aware of bitcoin wallets a few years ago, as husbands (mostly) began to hide assets from their soon-to-be ex-wives in those wallets. And then came a barrage of ransomware attacks. Law firm after law firm was paying the ransom ($300-$500 in the early days and $1500- $3000 today). The cybercriminals usually want the ransom in bitcoin. To our amazement, there are now bitcoin ATMs available in local gas stations and laundromats complete with posted instructions on creating a bitcoin wallet for the Bitcoin novice.

In July of last year, there were reports of a Citrix UK study which found that a third of UK companies were stockpiling digital currency, mostly in bitcoins, to pay the ransom (an average of approximately $176,000) if they became victims of a ransomware attack. 1

Why talk about Bitcoin when the title of this article references blockchain? Because Bitcoin rides on blockchain technology – that is the technology that powers Bitcoin – along with all the other cryptocurrencies.

Read the entire article here.