Articles

Practical Cybersecurity for Law Firms: How to Batten Down the Hatches

September 25, 2017

Excerpt: We’re quickly approaching 2018 and a week doesn’t go by without another variant of malware causing havoc across the globe. First it was the WannaCry ransomware worm, which infected more than 230,000 computer systems in over 150 countries demanding ransom payments in exchange for the decryption of files. More recently, a new variant using code from the Petya ransomware (named “notpetya”) struck first in Ukraine followed by other European countries and disabled critical utility services such as the radiation monitoring system at the Chernobyl Nuclear Power Plant, as well the affecting the countries’ banks and metro systems.

What caught the attention of lawyers was that an apparent infection in one of DLA Piper’s European offices brought the law firm’s normal operations to a halt. As we write, the extent of the damage is still unclear.

The times have changed since Cryptolocker first ran wild in 2013, but the results are still as devastating. The costs of ransoms have significantly gone up from a few hundred dollars to the $1,000+ plus range now for the decryption key to unlock the affected files – and more than half of those who pay up do not receive the decryption key. So much for honor among thieves!

Read the entire article here.

Are Alexa and Her Friends Safe to Use in Your Law Office? The Pros and Cons of Personal Assistants

August 29, 2017

Excerpt: Many commentators have predicted that 2017 will be the year of Amazon’s Alexa. Alexa is one of several virtual voice assistants that are working their way into our everyday lives. The Amazon Echo and the smaller Echo Dot had a great sales year in 2016 and finished off the holiday season as the best selling items on Amazon. Estimates by Forrester indicate that 6 million Amazon Echo devices were sold by the end of 2016. That’s a lot of hardware.

Alexa is just one of the virtual assistants available for lawyers today. There’s also Google Home/Google Assistant, Siri, Cortana and Samsung’s Bixby on the Galaxy S8 and S8+. Siri was the first on the market but has rapidly lost ground to Alexa and Google Assistant, the two big players in the virtual assistant offerings. Google has the advantage for research since it has access to the power of Google search. Alexa is a better integration device, especially with the addition of “skills” that allow it to connect to other services and apps. Bixby is the newest player in the virtual assistant space and promises to have some unique features that don’t exist in the others. One such feature is the ability to take a picture of something in a foreign language (e.g. road sign, business advertisement, etc.) and Bixby will translate it for you.

Read the entire article here.

What Lawyers Need to Know: Changing Requirements for Credit Card Processing

August 24, 2017

Excerpt: Does your firm accept and process credit cards? If not, you probably should. Clients are more apt to pay their retainers or your invoices if they can use a credit card instead of writing you a check. The way you process credit cards is about to change in a big way (for all businesses), but let’s start at the beginning.

Merchant Account
The first step in processing credit cards is getting a merchant account. A merchant account is essentially
a contract with a “processor” that takes your transactions and processes them with the credit card
companies (e.g. MasterCard, VISA, American Express, Discover, etc.). When you work with a processor,
you will pay a variety of fees (e.g. discount percentage, transaction fee, etc.) for each one of your credit
card transactions. Typically, the discount percentage will go down as you gather more and more
information to validate the transactions. As an example, the discount rate will be lower if you have the
cardholder’s complete address (including zip code) and CVV (card verification value) versus only having
the billing zip code. Companies such as LawPay, Sage Payment Solutions, Square and Authorize.net are
credit card processors.

Read the entire article here.

Can You Trust Your Expert Witnesses with Confidential Data?

July 17, 2017

Excerpt: Not always. There was a recent case in which confidential data was not, to put it mildly, well handled. The corporate defendant, a mortgage servicer, was accused of violating a consumer’s privacy rights based on the manner in which it handled collection calls. The defendant protected its customer data with layers of network security consistent with best practices and ISO guidelines. During discovery, the plaintiff’s experts received the calling data and copies of the customer service call recordings.

Both experts had unrelated full-time day jobs. Their expert witness work was a side business run out of their homes. Neither expert had a technical degree, and neither had taken a course in data security for over a decade. Both experts stored the sensitive case data in their homes. There were no locks on the doors to their home offices, so anyone in the houses had access to the drives. Neither expert was familiar with the basic ISO standards relating to data security. Neither had a written data security plan for their home network, and no outside company had ever performed vulnerability or penetration testing on their networks. One expert had no automatic intrusion detection software on his network. Both routinely produced data with sensitive PII (personally identifiable information) in unencrypted form.

Read the entire article here.

Running with the Machines: Artificial Intelligence in the Practice of Law

July 7, 2017

Excerpt: Back in 2015, we wrote an article entitled “How Will Watson’s Children Impact the Future of Law Practice?” What a lot has happened in two years! The children of Watson and other Artificial Intelligence (AI) technologies continue to spawn at an ever-accelerating rate.

Only recently has genuine real-world usage of AI in law firms begun to flourish. Amid the initial hype, about 5% of what was ballyhooed as AI, in our judgment, was not. Even today, there is an astonishing amount of hype – everyone wants to say they’ve boarded the AI train. As we write, an article from InfoWorld was just published entitled, “Artificially Inflated: It’s Time to call BS on AI.” While great ‘clickbait’, we think the title overstates the case. The peaks and troughs of AI are well documented, and as we are now at a peak, the hype factor gets greater, while the reality (often very good) is lost in the noise of the hype.

As large firms, which certainly need to be at the forefront of innovation, begin to invest considerable sums in AI, the landscape is changing. Large law firms simply cannot afford – for monetary and brand reasons – to be left behind. Clients will begin to see the efficiencies of AI and its extraordinary possibilities wherever AI may be found. AI will be a honeypot to clients seeking those efficiencies and possibilities.

A brief note: An article of this length cannot adequately address all the players in the legal AI market and what they can do. We call out a few names simply because we’ve run into these companies through colleagues or our reading.

Read the entire article here.

Ransomware: No Honor Among Thieves and More Expensive

May 26, 2017

Excerpt: The FBI says that ransomware nets cybercriminals $1 billion a year. No wonder so many people want a piece of that pie.

Computerworld recently reported that hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to provide the decryption key for encrypted data rose to $1,077, up from $294 the year before, according to a report from security firm Symantec. Symantec also reported a 36% increase in ransomware in 2016 from the prior year. We are aware of small law firms in Virginia that paid $1200 and $3000 to get their data back – the damage being furthered by the length of time it took to restore the data.

Helping to fuel the ransomware boom is the digital black market, where hackers can sell ransomware kits for as little as $10 and as much as $1,800, making it easier for other cybercriminals who can't code to get a piece of the action.

Read the entire article here.

Three Compelling Reasons for Solo and Small Firm Lawyers to Understand Their Technology

May 17, 2017

Excerpt: Let’s dive right in. If lawyers understand their technology . . .

Lawyers can save money

Serious money can be saved if you don’t listen to a vendor peddling snake oil at a conference or an IT consultant whose prime concern may not be your wallet/purse. When you learn about technology, you at least know the right questions to ask. You may not know enough to make the decisions and you may still need guidance, but you may know enough to be a “BS filter.” And once you smell that bull, you’ll know you’re talking to the wrong person. That is very useful in and of itself.

Read the entire article here.

The Ransomware Epidemic and How to Protect Your Law Firm

May 13, 2017

Excerpt: Remember the good old days of ransomware? You would get an e-mail saying that you owed the IRS money and could pay it via a helpfully included link. Lots of people did this because it was only a couple of hundred dollars. And who wants to duke it out with the IRS? The same dull-witted people fell for the e-mail claiming that someone at your home had downloaded music or movies illegally (much more likely true than the first scenario) and you needed to pay a fine so no one would come after you (or your spouse/child) for a much greater sum. Again, the price was relatively small and many people paid.

The likelihood that a lawyer would fall for these primitive versions of ransomware was small. Fast forward to the days of Cryptolocker which began in 2013. This ransomware Trojan attacked computers running Microsoft Windows, propagating itself by getting a user to click on an attachment or a link contained in an e-mail. Click on the link or attachment and “Winner, Winner, Chicken Dinner” the malware invisibly downloaded and began to encrypt your files. The malware encrypted files stored locally on the computer system as well as on any mapped network drives, such as those files on your server, connected flash drives and other external USB drives.

Read the entire article here.

The Short and Useless Life of a Bad Resume

May 8, 2017

Excerpt: Over the last 20 years, I have reviewed hundreds of resumes. Most of them hit the wastebasket very rapidly. There are a lot of reasons why.

1. The author can’t write proper English, punctuate properly or obey the rules of grammar. Even little things matter – attention to detail is important in the business world and a resume should be proofed carefully before it is sent out. Don’t just proof it yourself – have someone you know to be a good editor review it as well.

2. The resume sounds like puffery (“I am wonderful” is not the right tone).

3. The objective has no hint of personality or originality. Some are like eating a spoonful of the Sahara. Add some color (without going bonkers) and make yourself stand out. I always like language that indicates that applicants are self-starters who enjoy both working individually and in a team. You’ll certainly have to do both. The truth can be refreshing. I remember someone whose objective indicated his passion for digital forensics while noting that, thus, far, his experience was limited. His passion and candid recognition of his minimal experience struck me, both in his resume and in his cover note. He still works for me.

Read the entire article here.

Cybersecurity for Senior Lawyers

May 7, 2017

Excerpt: When we were asked to do this article for senior lawyers, our first question was: “Are they still practicing law?” The answer was that the majority of readers were likely retired but certainly not all. We were therefore asked to do a general cybersecurity piece where the advice would apply to those still practicing as well as to those who have retired but want to ensure their personal security.

We thought the best way to do this might be through short, plain English tips. Technology makes the “plain English” goal a bit challenging, but . . . away we go!

Read the entire article here.