Excerpt: Before you can protect your data, you need to know where it is. That seems pretty obvious, but a lot of lawyers are unaware of all the locations where their data resides. We’re aware that we need to protect the data on the disks that exist in our desktop computers, laptops and servers. We know that there may be confidential data on external media such as USB hard drives and flash drives. However, many attorneys forget about data stored on voicemail systems and their smartphones. Data on backup media needs to be protected too. So let’s dive in and get to the basics of protecting your data securely.
Excerpt: Recently, the Virginia State Bar Council voted to adopt changes to the Model Rules of Professional Conduct. The changes were based on the American Bar Association’s modifications to the Comments of Rule 1.1 respecting Competence (“…a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with technology…”) and Rule 1.6 respecting Confidentiality (“(c) A lawyer shall make reasonable efforts to prevent the unintended disclosure of, or unauthorized access to, information relating to the representation of a client.”)
What’s reasonable? The Comments go on to list relevant factors:
1. the sensitivity of the information
2. the likelihood of disclosure if additional safeguards are not employed
3. the cost of employing additional safeguards
4. the difficulty of implementing the safeguards
5. adverse effect on the lawyer’s ability to represent clients
Excerpt: Remember the good old days of ransomware? You would get an e-mail saying that you owed the IRS money and could pay it via a helpfully included link. Lots of people did this because it was only a couple of hundred dollars. And who wants to duke it out with the IRS? The same dull-witted people fell for the e-mail claiming that someone at your home had downloaded music or movies illegally (much more likely true than the first scenario) and you needed to pay a fine so no one would come after you (or your spouse/child) for a much greater sum. Again, the price was relatively small and many people paid.
The likelihood that a lawyer would fall for these primitive versions of ransomware was small. Fast forward to the days of Cryptolocker which began in 2013. This ransomware Trojan attacked computers running Microsoft Windows, propagating itself by getting a user to click on an attachment or a link contained in an e-mail. Click on the link or attachment and “Winner, Winner, Chicken Dinner” the malware invisibly downloaded and began to encrypt your files. The malware encrypted files stored locally on the computer system as well as on any mapped network drives, such as those files on your server, connected flash drives and other external USB drives.
First published in the September/October edition of Law Practice magazine at http://www.lawpracticemagazine.com/
Excerpt: Not a single day goes by when you don’t hear something about cloud computing. It could be some new feature or service offering or even a data breach. So what’s all the hype? Are you destined to be using some type of cloud service in your practice, assuming you aren’t already? It’s even likely that you are already using the cloud and don’t realize it. If you use Gmail or other web-based providers, you are using the cloud. Let’s take a look at whether cloud computing is right for your practice and suggest some questions you should be asking of any cloud service.
Excerpt: Ever since Apple delivered an iPhone with Touch ID there have been all kinds of ways to defeat the fingerprint sensor. There have been some elaborate (and expensive) methods from using 3-D printing to using Gummi Bears and everything in between. Back in September of 2013, German hacker Starbug successfully proved that bypassing Touch ID was “no challenge at all,” according to Ars Technica. As Starbug mentioned in the interview, it took him nearly 30 hours from unpacking the iPhone to developing the hack to reliably bypass the fingerprint security.
Excerpt: What does the Internet of Everything mean for lawyers? Evidence – lots and lots of new sources of evidence. The continuing loss of privacy. A life that is so connected to the Internet that it will be hard to get through even a few minutes of our day without the Internet having an impact. But we are ahead of ourselves – so let’s step back and analyze an accelerating trend.
We first became interested in the Internet of Everything (known as IoE) when wearable technology became the hot new trend. We’ve heard the words for a couple of years but wearable tech really started to pick up steam in 2014 as companies rushed to the marketplace with, in particular, smartwatches.
Research firm Gartner anticipates that revenues from wearable tech will more than triple by 2016, going from $1.6 billion to $5 billion. It is no wonder that companies are rushing to board that train.
Excerpt: Technology has come to rule us all – to varying degrees – and with dire consequences in some cases. We’ve seen lawyers suffer from depression, alcoholism and drug use connected to their technology use. We’ve seen marriages dissolve. We’ve talked to lawyers who can’t sleep at night. Their blood pressure is terrible – some have chronic headaches, even chest pains. They are restless when not online. They neglect family and friends. They develop carpal tunnel syndrome or dry eyes. Their backs and necks hurt. They’ve made attempts to restrict their conduct – unsuccessfully. They lose track of time while on the computer – who among us has not felt an hour or two slip away unnoticed?
We can’t blame technology for everything, but there is no question that it is causing a lot of lawyers major stress.
Excerpt: Can lawyers actually manage their technology (instead of it managing them)? Buying, implementing, replacing and securing technology are huge challenges – especially when you have billable work to do. And yet, technology is the most important part of a law firm today – at least after the carbon-based units!
What are lawyers doing wrong?
Rare is the solo/small firm which does an annual review of its technology. Firms tend not to plan, but rather to buy technology when a new need arises, when a partner demands the latest cool tech toy, or when something breaks. In our world, we call that the “Break/Fix” method of (not) managing technology.
Excerpt: Did you know that cyberthieves also have Black Friday and Cyber Monday sales – of stolen credentials, including IDs, passwords, e-mails, credit card info, addresses, etc.? Your information IS their product so be wary of making it easy for them to engage in identity theft.
Excerpt: In the simplest terms, cryptography is the science of secret communication. It involves transmitting and storing data in a form that only the intended recipient can read. Encryption is one form of cryptography.
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form (plaintext), so it can be understood.