Excerpt: Traveling abroad? Worried about pickpockets? We have far bigger worries these days. If you travel abroad, you also have to worry about foreign governments – and our own – which may be interested in our data. Lawyers are not only not exempt from that interest – they are magnets. And when The New York Times published an article early this year about safeguarding data when crossing the border, we knew we were seeing a new hot cybersecurity topic – one that has primarily been considered at very large firms, until all the recent stories caught fire in the news. This article will focus on the dangers presented by our own government (the current runaway headline), but the advice is generally applicable to the risks presented by foreign governments, risks which may increase as there seems to be a worldwide ratcheting up of device seizure and examination at borders.
Excerpt: There are very few lawyers who seem to have control over their digital devices. To the contrary, the devices themselves seem to be in control, demanding the nearly non-stop attention of lawyers. It might seem odd to hear two geeks talk about digital detoxing, but we recognized the need for it years ago. Perhaps, as geeks, we were on the bleeding edge of this phenomenon.
Author Nelson was not pleased that author Simek could not have dinner in a nice restaurant with his wife without regularly checking his phone. That was the beginning. In time, marital negotiations (and renegotiations) resulted in some rules! Our phones may be in our pockets but they are not invited to participate in nice dinners. Our phones, unless an emergency is in progress, are not checked after dinner. And our phones charge in the family room – they are not permitted in the bedroom. The majority of lawyers do have their phones charging in their bedroom on their bedside tables – or, worse yet, in their beds.
Excerpt: “When, not if.” This mantra among cybersecurity experts recognizes the ever-increasing incidence of data breaches. In an address at a major information security conference in 2012, then-director of the Federal Bureau of Investigation (FBI) Robert Mueller put it this way: “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
Mueller’s observation is true for attorneys and law firms as well as small businesses through Fortune 500 companies. There have now been numerous reports of law firm data breaches. The FBI has reported that it is seeing hundreds of law firms being increasingly targeted by hackers. Law firm breaches have ranged from simple (like those resulting from a lost or stolen laptop or mobile device) to highly sophisticated (like the deep penetration of a law firm network, with access to everything, for a year or more).
Lawyers and law firms are beginning to recognize this new reality, but all too often they expose themselves to unnecessary risk simply because they don’t have a response plan for security incidents and data breaches. Attorneys have ethical and common law duties to employ competent and reasonable measures to safeguard information relating to clients. Many attorneys also have contractual and regulatory requirements for security. Attorneys also have ethical and
common law duties to notify clients if client data has been breached.
Compliance with these duties includes implementing and maintaining comprehensive information security programs, including incident response plans, for law practices of all sizes, from solos to the largest firms. The security programs and response plans should be appropriately scaled to the size of the firm and the sensitivity of the information.
Excerpt: Ransomware is growing by leaps and bounds. There are reports that ransomware attacks have increased by 748% over the last year. A major international study found that almost forty percent of businesses were hit by ransomware last year. Those are some staggering numbers. Law firms are not immune to ransomware attacks either. Any business is at risk, including the solo attorney. What can we do about ransomware attacks?
In order to understand how to deal with a ransomware attack, we need to understand what ransomware is, how it is contracted, and what impact there may be on your law practice.
Excerpt: As we travel around the Commonwealth lecturing to lawyers on technology and security topics,
we’ve met a lot of lawyers worrying about the future of their practices. Some are resigned. It is
not uncommon to hear “I just want to hang on for a couple more years. Then I’ll retire.” The
younger lawyers don’t have that option. They are inclined to ask, “What can I do? How will I
VSB Executive Director Karen Gould wrote a column in the last issue of Virginia Lawyer in which
she laid out all of the competition today’s lawyer faces, from LegalZoom, Avvo and a host of
alternative legal services providers. We are sure some of you found it dismal reading.
But take heart, there are ways to compete – and not only to survive, but thrive.
Excerpt: For more than 20 years, the authors have been providing IT services to law firms. Ah the good
old days, when life was simpler. Here’s how IT once worked. We would get hired, generally to
install and configure computers, servers, etc. Once our initial work was done, do you know
what we would do? We would wait for the phone to ring. Perhaps something wasn’t working or
perhaps the client needed training. Now and again, they would get upgraded hardware or
software. Most clients would have us do updates on a regular basis – in those more primitive
times, perhaps monthly. Most IT work was called “break/fix” – if something didn’t work, we
fixed it. And there were of course occasional projects . . .
Fast forward to today, when almost all businesses, including law firms and other legal entities,
are turning to managed service providers.
Excerpt: Several years ago, a Canadian attorney and good friend of ours, invested $10,000 in bitcoin.
Clearly, he is a lot smarter than us. We can’t even imagine the extent of his profit – several days
before we started to write this article, bitcoin hit an all-time high of $4,991.66 on September 2,
2017. It is down slightly as we write, but our friend certainly hit a jackpot.
We become aware of bitcoin wallets a few years ago, as husbands (mostly) began to hide assets
from their soon-to- be ex-wives in those wallets. And then came a barrage of ransomware
attacks. Law firm after law firm was paying the ransom ($300-$500 in the early days and $1500-
$3000 today). The cybercriminals usually want the ransom in bitcoin. To our amazement, there
are now bitcoin ATMs available in local gas stations and laundromats complete with posted
instructions on creating a bitcoin wallet for the Bitcoin novice.
In July, there were reports of a Citrix UK study which found that a third of UK companies were
stockpiling digital currency, mostly in bitcoins, to pay the ransom (an average of approximately
$176,000) if they became victims of a ransomware attack.
At the 2017 ILTACON conference, artificial intelligence wasn’t quite kicked to the curb, but the
buzz around blockchain became very loud indeed. In the last several months, it has become
increasingly clear that blockchain is a transformative technology that is going to make
substantial changes in the practice of law.
Excerpt: With so many recent disasters and perhaps more ahead, the ABA Law Practice Division advises you to do some planning NOW.
Have a Disaster Recovery Plan which you review annually. Define who is responsible for what. It should be electronic and in the cloud as well as in paper. Several trusted members of the firm should also keep a paper copy at home.
Communications are always the #1 problem. An emergency contact list should be in paper and in the cloud where it can be accessed via a computer or a phone.
In case of flooding or mass destruction, it is best to have a backup in the cloud. Test your backup regularly to make sure it is working. There are many reputable cloud providers – examples include Mozy, Carbonite, Backblaze, CrashPlan SMB and Acronis.
Excerpt: We’re quickly approaching 2018 and a week doesn’t go by without another variant of malware causing havoc across the globe. First it was the WannaCry ransomware worm, which infected more than 230,000 computer systems in over 150 countries demanding ransom payments in exchange for the decryption of files. More recently, a new variant using code from the Petya ransomware (named “notpetya”) struck first in Ukraine followed by other European countries and disabled critical utility services such as the radiation monitoring system at the Chernobyl Nuclear Power Plant, as well the affecting the countries’ banks and metro systems.
What caught the attention of lawyers was that an apparent infection in one of DLA Piper’s European offices brought the law firm’s normal operations to a halt. As we write, the extent of the damage is still unclear.
The times have changed since Cryptolocker first ran wild in 2013, but the results are still as devastating. The costs of ransoms have significantly gone up from a few hundred dollars to the $1,000+ plus range now for the decryption key to unlock the affected files – and more than half of those who pay up do not receive the decryption key. So much for honor among thieves!
Excerpt: Many commentators have predicted that 2017 will be the year of Amazon’s Alexa. Alexa is one of several virtual voice assistants that are working their way into our everyday lives. The Amazon Echo and the smaller Echo Dot had a great sales year in 2016 and finished off the holiday season as the best selling items on Amazon. Estimates by Forrester indicate that 6 million Amazon Echo devices were sold by the end of 2016. That’s a lot of hardware.
Alexa is just one of the virtual assistants available for lawyers today. There’s also Google Home/Google Assistant, Siri, Cortana and Samsung’s Bixby on the Galaxy S8 and S8+. Siri was the first on the market but has rapidly lost ground to Alexa and Google Assistant, the two big players in the virtual assistant offerings. Google has the advantage for research since it has access to the power of Google search. Alexa is a better integration device, especially with the addition of “skills” that allow it to connect to other services and apps. Bixby is the newest player in the virtual assistant space and promises to have some unique features that don’t exist in the others. One such feature is the ability to take a picture of something in a foreign language (e.g. road sign, business advertisement, etc.) and Bixby will translate it for you.