Articles

Excerpt: Remember the good old days of ransomware? You would get an e-mail saying that you owed the IRS money and could pay it via a helpfully included link. Lots of people did this because it was only a couple of hundred dollars. And who wants to duke it out with the IRS? The same dull-witted people fell for the e-mail claiming that someone at your home had downloaded music or movies illegally (much more likely true than the first scenario) and you needed to pay a fine so no one would come after you (or your spouse/child) for a much greater sum. Again, the price was relatively small and many people paid.

The likelihood that a lawyer would fall for these primitive versions of ransomware was small. Fast forward to the days of Cryptolocker which began in 2013. This ransomware Trojan attacked computers running Microsoft Windows, propagating itself by getting a user to click on an attachment or a link contained in an e-mail. Click on the link or attachment and “Winner, Winner, Chicken Dinner” the malware invisibly downloaded and began to encrypt your files. The malware encrypted files stored locally on the computer system as well as on any mapped network drives, such as those files on your server, connected flash drives and other external USB drives.

Read the entire article here.

Excerpt: Over the last 20 years, I have reviewed hundreds of resumes. Most of them hit the wastebasket very rapidly. There are a lot of reasons why.

1. The author can’t write proper English, punctuate properly or obey the rules of grammar. Even little things matter – attention to detail is important in the business world and a resume should be proofed carefully before it is sent out. Don’t just proof it yourself – have someone you know to be a good editor review it as well.

2. The resume sounds like puffery (“I am wonderful” is not the right tone).

3. The objective has no hint of personality or originality. Some are like eating a spoonful of the Sahara. Add some color (without going bonkers) and make yourself stand out. I always like language that indicates that applicants are self-starters who enjoy both working individually and in a team. You’ll certainly have to do both. The truth can be refreshing. I remember someone whose objective indicated his passion for digital forensics while noting that, thus, far, his experience was limited. His passion and candid recognition of his minimal experience struck me, both in his resume and in his cover note. He still works for me.

Read the entire article here.

Excerpt: When we were asked to do this article for senior lawyers, our first question was: “Are they still practicing law?” The answer was that the majority of readers were likely retired but certainly not all. We were therefore asked to do a general cybersecurity piece where the advice would apply to those still practicing as well as to those who have retired but want to ensure their personal security.

We thought the best way to do this might be through short, plain English tips. Technology makes the “plain English” goal a bit challenging, but . . . away we go!

Read the entire article here.

Excerpt: More and more companies and law firms are moving to the cloud and not in a small way. BetterCloud reports that by mid-2017, large enterprises are expected to have adopted 52 Software as a Service (SaaS) applications on average. In last year’s survey, 14% of G Suite organizations and 5% of Office 365 organizations ran 100% of their IT in the cloud. It shouldn’t be a surprise that those percentages are expected to increase. By 2020, it is expected that 50% of G Suite organizations and 34% of Office 365 organizations will be running 100% of their IT in the cloud. The message is that the cloud is here to stay, but what does that mean for law firms? Should lawyers move to Google’s G Suite or Microsoft’s Office 365? This is a question we are asked more and more by audience members when we lecture – it has begun to recur so often that it finally occurred to us that it might be a useful article.

Read the entire article here.

Excerpt: One of a law firm’s most critical assets is its website – and yet protecting it is a priority that is often overlooked. Reading this and you’re not in a law firm? The same rules apply, so keep reading!

A lot of lawyers simply don’t think about protecting their websites. They ask why anyone would target them, especially if they are solos or small law firms. The sad truth is that, today, the majority of attacks against websites are automated. The bad guys throw out a net looking for websites with vulnerabilities and pull in whatever insecure fish they can find – along with any data held on your website.

If you are targeted, the risk is much greater. In all likelihood, you are now facing a more sophisticated attacker with a clear agenda who is likely to have more sophisticated tools.

Read the entire article here.

Excerpt: Some days are just more interesting than others. You could almost hear the mournful wailing of spooks (the CIA kind) as WikiLeaks released thousands of documents describing sophisticated software tools used by the Central Intelligence Agency to break into smartphones, computers and even Internet-connected televisions.

The New York Times reported that the documents, at first review, appeared to be authentic. The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments. The entire archive of CIA material consists of several hundred million lines of computer code according to WikiLeaks.

Initial reports overstated what the technology could do, suggesting that the encryption for popular apps such as Signal and WhatsApp had been compromised. As the details become more clear, it was noted that the apps themselves were NOT compromised. Rather, if the phone was compromised, by malware for example, encryption doesn’t do you any good since the app has to decrypt the message for you to read it, thus allowing a successful attacker to read it. The real news was that both Androids and iPhones have allegedly been compromised by the CIA and allied intelligence services, meaning that apps such as Signal and WhatsApp cannot protect your privacy.

Read the entire article here.

Excerpt: Can lawyers actually manage their technology (instead of it managing them)? Can firms create and enforce policies that provide a secure environment for their users and protect client data, rather than acting like computer usage and security if the “Wild Wild West,” where anything goes?

Buying, implementing, replacing, and securing technology are huge challenges – especially when you have billable work to do. And yet, technology (and the policies that govern its usage) is the most important part of a law firm today – at least after the carbon-based units!

Read the entire article here.

Excerpt: Recently, author Nelson had the pleasure of interviewing David Beech, the CEO of the professional services firm Knights in the UK. David has led the business, originally a law firm, since 2011. His vision for Knights is to become the leading regional professional services business in the UK.

The interview took place on the Legal Talk Network podcast (The Digital Edge: Lawyers and Technology) with co-host Jim Calloway, available here.

By way of introducing David, he qualified as a corporate lawyer in 1990 and in the late 90’s turned to law firm management until 2004 when he left the practice of law to raise and manage a private equity fund. He brought these skills together by leading Knights to become the first professional services firm to raise external private equity investment in June of 2012 and to become the fastest growing commercial firm in the UK.

Read the entire article here.

 

Excerpt: Sadly, your greatest asset – your employees – are also the greatest threat to your cybersecurity. We know this because we regularly see data breaches and ransomware infections caused by click-happy employees. You also have rogue employees determined to use their own devices, go where they want on the Internet, irrespective of firm policies. When we train them, they tell us that they are scared – and you know what? That means we did our job. One of the great fallacies that employees believe is sometimes called “The IT Shepherd” – they simply have faith that the flock (employees) is protected no matter what they do by the shepherd (technology). You need to make them understand that no technological defenses are ironclad.

Read the entire article here.

Excerpt: People are inherently lazy. After all, why do something today that you can put off until tomorrow? Users hate to do anything that would slow down their access to their computer or data. That means they would much rather just sit at a keyboard and start to surf the Internet instead of entering logon credentials and then entering a second factor. How many times have you been tired of the constant password changes only to resort to using one you know you’ll remember and have previously used? Didn’t feel like creating a new account so passed on that online purchase? You are not alone.

A recent study from the National Institute of Technology (NIST) found that the majority of typical computer users experience security fatigue, which leads to risky computing behavior at work and in their personal lives. Security fatigue is defined as a reluctance or weariness to deal with computer security. So what does this mean for law firms? A balanced approach is the way to go. If you make things too difficult for the users, they will find ways around the security measures.

Read the entire article here.