All posts by Betty Nelson

Internet Safety Tips on Cyber Monday & Beyond…

It’s that time of year – next Monday is “Cyber Monday,” meaning many people (possibly your employees) will be rushing around on the Internet, quickly clicking on links to obtain great deals while holiday shopping. They will be clicking on ads, signing up for discounts and getting emails from all sorts of resellers, and yes – quite often using their work email accounts.

That’s why I thought it was a good time to remind everyone about Internet safety and security. It’s a risky time of year with all of the online shopping and browsing that’s going to happen in the next few weeks.

Beware of Phishing Scams

Phishing is the activity of defrauding an online account holder of financial information by posing as a legitimate company.  Here’s some of the ways this can be accomplished.

Bad Links

If you receive an email that contains links and are suspicious, one quick way to see where the link is going to take you before clicking it is to hover over the link and just pause. A little window will pop up showing where the link is pointing. If the URL that pops up differs from the one you see, DO NOT CLICK IT!

Threats

We aren’t talking about normal threats, but threats like, “If you don’t click this link and enter your password now, your account will be deactivated.” Always be suspicious of these types of emails. If it is from a company, you should go directly to their website to see if this is a scam. Do not click anything in the email. Again – do not go to the website by clicking a link contained in the email. A common email we’re seeing recently is a notice that you have an overdue invoice being sent to collections – that really makes you want to click the link and get more information. If you fall for this type of phishing scam, you are risking locking down your company’s data and/or your personal identity. Don’t let that person be you.

Big-Name Companies and Common Emails

One of the most popular scam emails circulating is a UPS and FedEx “track your package” email. We all get emails from UPS and FedEx, and this will increase with the holidays approaching. It is natural instinct to click the “track your package” link. Absolutely triple-check these emails and instead of clicking the link, go to the site where you ordered your packages and track it from there.

Be Savvy While Traveling 

Anytime you are on a public network (at the airport, for example), it is important to not connect to banking systems or any website where you will pull up confidential information. Without the proper security software and protection, your data, usernames and passwords could be logged.

Microsoft’s new Wi-Fi Sense feature allows users to share their network’s password with a list of friends to give them automatic access. The trouble? Like so many other apps, this one can sync up automatically with your Facebook and Outlook contacts, inadvertently giving the masses of people in your friends list access to your network, and if you’re not careful, access without your knowledge.

Pay Attention to Other Concerns

Password Theft

Most users find strong passwords annoying, but it’s so important to make sure you use a strong password and change it often. Be careful any time you receive an email asking for your password, or encounter someone on the phone attempting to get your password. Please do not post your password on sticky notes on the bottom of your computer or anywhere around your desk.

Outdated Software

Keeping your software up-to-date on your computer, tablets and mobile phones is extremely important. Be sure to run Windows updates, and update Android OS and iOS devices as soon as new updates come out.  Most of these updates are security-related and released to combat the latest ideas the bad guys have come up with.

Cloud Computing

Cloud does not mean automatically secure. Please make sure any address where you are entering your password and information starts with https://. Also do your research before choosing an online platform to save your secure documents. The “S” in https stands for secure; remember that.

Fraudulent Phone Calls

Never give someone access to your computer that you do not know and never disclose information over the phone even if the phone number looks legitimate. There is a current phone call going around that appears to be from the U.S. government and they ask you to verify your Social Security number and date of birth. If you fall for this one, know that someone else will likely be using your identity soon. If you receive a suspicious phone call hang up, verify the company is someone you should be talking to then look up the phone number yourself and call back to verify the call was a legitimate one. Remember, the IRS is not calling your cell phone to inform you that you owe income taxes and are about to be charged criminally. My personal creed is to not answer calls from numbers that are not in my contacts. After I listen to one of these fraudulent voicemail messages, my next move is to block the caller.

Free Games

Do you like to play free games online? Congratulations! You’re a winner and your gift is malware on your computer. Almost every site that has free games or other ‘free’ items still wants to make money and the way they make money is to advertise or infect your computer with spyware. This is the same for free games and tools you download.  And this is also the same for emails saying you will win a free iPad if you respond to their survey. Very risky.

As always, if you are suspicious of an email, reach out to Terrapin Technology Group before opening it. No question is a silly one and, like you, we prefer helping you now rather than after a data breach. With the right preventative steps, you can play a role in keeping your network safe and secure.

Happy Thanksgiving from Terrapin Technology – be safe!

 

 

2016 Worldox Reseller Conference

Nathan Johanson, Joseph O’Donnell, Emilio Flores and Betty Nelson attended the Worldox Reseller Conference October 19 – 22, at the Phoenix Marriott Tempe at the Buttes.

It was exciting to hear that Worldox knows how important security, mobility and collaboration are to attorneys. Worldox is finalizing a new product that will include “encryption-at-rest” technology built into the Worldox Document Management System. In this scenario all of the activity occurs in the background yet you can be confident when you leave the office that even if your server was stolen your content would be unreadable to the thief.

“Worldox Connect” will include enhancements in the near future. Uniting the advanced file sharing and sync functionality of Connect with the ability to review and compare, Worldox empowers professionals to collaborate on files without boundaries. Collaborate on and share files with colleagues, outside consultants, and clients without sacrificing the security of your sensitive information. Due to its seamless and secure linking capabilities, Worldox Connect is ideal for top law firms or any organization that depends on the security of private information.

It was exciting to learn about these advancements that will surely impress clients and help our Worldox clients practice law from wherever they need to be, without having to worry about security issues.

It was great connecting with the impressive and talented team at Worldox. So refreshing to see a group of software professionals that truly understand what our clients need and want.

worldox2016_2 worldox2016_1

Keeping Our Kids Safe in This Digital World

Smart phones, tablets, computers – it’s hard to imagine keeping track of our kids and getting their homework done without these tools. However, the dark side of our children having access to technology is the possibility of them seeing things they can’t “unsee” and connecting with people who could harm them.

Ten years ago the idea of protecting our children on the Internet looked to parental controls to keep children from going to seamy websites. The rapidly changing world of apps has made that concept much more challenging.

Now, the best steps for keeping our children safe include education, knowing where they are and who they are interacting with, and understanding the apps that can lead them into dark places with people they don’t know.

Talk to Your Kids About What’s Out There

You only have to look at a few articles about Internet safety to realize the risks. There are stories of broken-hearted parents sharing how their children did everything they possibly could to get around the safety precautions they had carefully put in place. I’m talking about children as young as eight, who seemingly lost their innocence in the matter of a few clicks.

Dangerous Apps You Need to Know About

There are a number of apps known to be high-risk. This list changes as quickly as programmers come up with new apps, but may include some surprising ones that seem innocent enough on the surface. A common risk you’ll see is how many of these apps use GPS technology that allow the bad guys to know the location of your child.

  • Whisper is an anonymous confession app. It allows users to superimpose text over a picture 18in order to share their thoughts and feelings anonymously. Even though you post anonymously, it displays the area from which you’re posting. You can also search for users posting within a mile from you. I know of a case where a teacher had 25 different profiles on Whisper and was asking students at his school to post nude photos.
  • Yik-Yak is an app that allows users to post text-only “Yaks” of up to 200 characters. The messages can be viewed by the 500 Yakkers who are closest to the person who wrote the Yak, as determined by GPS tracking. There are numerous issues with this app, but a big one is that children can be exposed to and contribute sexually explicit content and personal attacks. Although posts are anonymous, kids often share personal information as they get more comfortable with others.
  • Kik Messenger is a private messenger app and frequently used by kids under 18. Kik allows kids to send private messages that their parents can’t see. This app also allows users to identify themselves by a made-up username, posing the dangers of anonymity. To make matters even scarier, third party websites allow users to search for people based on gender and age. There is very little you can do to verify the identity of someone on Kik, which obviously poses the risk of sexual predators chatting with your child.
  • Omegle allows you to chat or video chat. The participants are only identified as “You” and “Stranger.” You don’t have to register for the app, but you can connect Omegle to your Facebook account to find chat partners with similar interests. When choosing this feature, an Omegle Facebook App will receive your Facebook “likes” and try to match you with a stranger with similar likes. This app is the perfect channel for sexual predators.
  • Blendr is a flirting app to meet people through GPS services. There is no authentication of users, so adults (including predators) can attempt to meet minors and sext.
  • SnapChat allows a user to send photos and videos to anyone on his or her friend list. The sender can determine how long the receiver can view the image and then the image disappears after the allotted time. Users are duped into thinking their messages and nude photos are safe because they will disappear. But these “snaps” are easily recovered and can be preserved with a screen-shot and shared.
  • Poof allows users to make other apps “disappear” on their phone. Kids can hide any app they don’t want you to see by opening the app and selecting other apps. The good news is that this app is no longer available for purchase. However, if your child downloaded before it became unavailable, they may still have it. Similar apps are continuously being created. Others to look for: Hidden Apps, Hide It Pro and App Lock.

What’s Next?

There are many ways to address your concerns. Start by having a family discussion about media rules, such as getting permission from a parent before downloading a new app or game, when and where devices can be used, and the fact that you may check their devices periodically. Consider collecting devices before bedtime and set up a common charging area so you can easily check phones.

Remember, older teens will go to great lengths to stay connected, including purchasing an older, broken phone and running it on Wi-Fi so they can chat through the night. Consider changing your Wi-fi password often, so kids need to ask permission to connect.  Some families give out the Wi-fi password after their children’s list of chores has been completed.

Visit staysafeonline.org for ideas on how to discuss these issues, the latest parental controls and dangerous apps. Whatever steps you take, keep an open dialog with your kids and stay on top of the latest threats to their safety.

Best Practices of Successful Law Firms

With all of the daily demands at law firms, it’s easy for planning to go on the back burner. However, as the adage goes, a firm that fails to plan is planning to fail. The last thing you want is to have your firm flying by the seat of its pants and giving in to the demands and whims of employees. You also don’t want inconsistent practices, unclear goals, and no way of measuring accomplishments or fostering accountability to stand in the way of success.

Before you push off planning yet again, keep in mind that you could damage employee morale. It’s well known that people like to work for an organization that makes them feel valued and part of feeling valued is having guidelines in place and a standardized way to measure success.

Successful firms are:

  • Focused
  • Have a sense of where they are and where they are heading
  • Have a vision and a strategy
  • Have business and financial plans
  • Have goals and measured attainment
  • Foster accountability from self and others
  • Proactive
  • Establish best practices for document production, file management, email archiving and document retention.

What Exactly Are Best Practices?

Best practices are procedures that are widely accepted as being the most effective method or efficient way of accomplishing particular tasks. The adoption of best practices can lead to sustainable outcomes in productivity, quality and customer satisfaction, and will improve an organization’s performance and efficiency in specific areas. There isn’t a law firm out there that wouldn’t like to achieve those goals.

Why Follow Best Practices?

By following best practices there are efficiencies to be gained. Successfully identifying and applying best practices can reduce business expenses, in terms of time and resources, and improve productivity. Your law firm’s education strategy should include training that is focused on standards and best practices to ensure everyone on the team understands them. After all, best practices are only beneficial if they’re actually put into use by your employees.

As you can imagine, it is easier to accomplish the task of setting up best practices guidelines for your firm if it is a smaller organization. However, not having them in place puts you at risk no matter what the size of your office.

Law firms should have guidelines in place for:

  • Retainer agreements
  • New client/matter intakes
  • Conflict checks
  • Engagement letters
  • Accounting and billing
  • Calendaring and docketing
  • Document creation and management
  • Client file management and retention

Be sure to solicit input from key people on your team when you create your own best practices. Involving various members of your firm in the creation of these best practices will allow them to feel invested and an important part of the team. Terrapin Technology Group is happy to work with you in drafting document creation and management best practices, and can assist you with writing policy to help your firm serve its clients better.

Lawyers in the Cloud

“Times have changed” is an understatement when it comes to practicing law and the introduction of cloud computing. It wasn’t long ago that law firms still had “war rooms” stacked with banker boxes filled with client documents. Fast forward to 2016, and the documents that used to be stored in those boxes are not in the office – not even in electronic format. Now, they are in “the cloud.”

Talking about the cloud used to be a bit of a joke in the last law firm I worked. The younger lawyers would tease the more experienced lawyers about everything being “in the cloud,” knowing full well that the intangibility of the concept made them uncomfortable. Likely because no one wanted to admit that they weren’t quite sure what the cloud was – or where it was, for that matter.

So let’s dispel any mystery:  Cloud computing, broadly defined, is a category of software and services delivered over the Internet rather than installed locally on a user’s computer.  One of those services is data storage. Another is litigation document management. More recently, the concept of software as a service has been introduced, known as SaaS. The number of services and software is simply too long to list.

When you really think about it, cloud computing isn’t new to lawyers. Law firms have used cloud computing applications such as Lexis and Westlaw, and stored documents in the cloud to support litigation document review, for many years.

What is new about cloud computing is how it has now expanded to include a multitude of legal applications (software) delivered over the Internet.  In this blog post, I’ll touch on both the benefits and considerations of cloud technology for law firms.

The lure of cloud computing includes:

  • Low upfront costs
  • Easy mobile access
  • Simple setup and configuration
  • Built-in disaster preparedness

First Things First: Ethical Considerations

It’s important to remember that cloud computing places client data on remote servers outside of the law firm’s direct control. That is one reason the American Bar Association and state bar associations issue ethical opinions on this topic. Cloud computing is allowed in California and the standard is to use “reasonable care.”

Specific requirements and recommendations include:

  • Evaluate the nature of the technology, available security precautions, and limitations on third-party access.
  • Consult an expert if lawyer’s technology expertise is lacking.
  • Weigh the sensitivity of the data, the impact of disclosure on the client, the urgency of the situation, and the client’s instructions.

For further clarity, read the Formal Opinion No. 2010-179 issued by the State Bar of California Standing Committee on Professional Responsibility and Conduct.

The ABA offers a guide showing the ethics standards for cloud computing in each state, as well as cloud computing opinions.

Software as a Service (SaaS)

In recent years, a new software model has emerged: SaaS. SaaS is distinguished from traditional software in several ways. Rather than purchasing software and having it installed on your computer or the firm’s servers, SaaS is accessed via a web browser over the Internet. Data is stored in the vendor’s data facility rather than on the firm’s computers or servers. Upgrades and updates, both major and minor, are rolled out continuously. A big difference is that SaaS is usually sold on a subscription model, meaning that users pay a monthly fee rather than purchasing a license upfront, and paying annual maintenance costs.

One of the biggest game changers is Microsoft Office, which moved from a licensed model to Office 365, which is a subscription. Office 365 users have access to their Office components on their desktops, laptops, via a web-browser and on their mobile devices. The flexibility and mobility is impressive. 

Advantages of Cloud Computing

Cloud computing offers so many advantages that it is difficult to resist the temptation. SaaS maintenance is usually included in the offering, so there may be no need to worry about keeping up with updates, as they are installed automatically. The services are accessible from anywhere, a feature of great interest to attorneys who work long hours and may take advantage of the remote access capabilities. Altogether, cloud computing requires less in-house expertise and capability and less infrastructure, which may result in significant savings.

Another great feature is that cloud computing services are often sold by per-user subscriptions, making it easy to scale your use of specific software up or down depending on your firm’s needs. You can also easily increase the amount of data stored in the cloud as your needs increase.

Cloud computing may also provide increased stability and security. Reputable cloud providers usually employ the most up-to-date, sophisticated security measures. Their experienced, adequately trained staff excels at implementing security measures that take into account the current trends. They have access to sophisticated tools to monitor unauthorized access to the systems or manage permissions. These entities also have the ability to put in place sophisticated disaster recovery and business continuity features that are likely to be more powerful and effective than those that a small or lean law practice could implement.

Remember, however, that entrusting data to cloud providers is not without danger. For instance, a large cloud provider that is known for servicing prestigious customers might also be the target of cyber-attacks aimed at them. Attorneys need to be sure that their ethical obligations are met by the provider’s security policies.

Make sure to train your own staff and professionals who will use cloud services and products, and obtain their written agreement to comply with your firm’s security measures and those that are recommended by the cloud provider such as the use of strong, complex passwords.

Final Thoughts

There is no doubt that cloud computing is here to stay and that gradually companies will move most of their data to the cloud. However, switching the physical custody of client data to a third-party does not relieve a law firm from its legal and ethical obligations to protect the data and ensure adequate security, confidentiality and integrity.

Reach out to Terrapin Technology Group to discuss the pros and cons of using cloud services in your organization’s environment.

Spring Cleaning – Geek Style!

“It’s time for Spring Cleaning!” I used to cringe when my Mom said that, because I knew it meant I’d be plenty busy. Now I understand how important it is. But what I’ve learned even more recently, is that it’s a great idea to apply to technology. Once a year I set time aside to clean up my technology act.

Even if you’re great about managing your tech at work, don’t forget about getting it right at home. It’s the small tasks that are easy to do, but often forgotten when we are busy, that are the most significant – once they are done.

Back-Up, Download and Delete!

How many times have you lost precious photos, important documents and other data because you hadn’t quite gotten around to backing up your devices? Your company has probably had Terrapin take care of this for you at work, but is your data at home just as secure? Consider backing up your data up to the cloud. Or, if you prefer to be more personally in charge of the process, back up your data to an external hard drive. Did you know you can buy a 2 TB external hard drive for under $100? Your peace of mind will be worth the time and investment.

Also think about all of those recordings on your devices. Download photos and videos to free up space. Your smart phones and tablets will thank you.

On a similar note, go through your folders and delete files you don’t need. Get rid of unnecessary emails and contacts while you’re at it. Also review portable devices and delete apps you aren’t using.

Get Your Inbox in Order

Email management can seem like a giant chore, but living with hundreds of unread emails, spam messages, etc. all in one place isn’t glorious either.

Take time to organize your Inbox. Make sure any rules and filters you’ve set up in the past make sense today. If you haven’t already, set up folders for each important client or topic to you so you can easily drag and drop messages making them easier to find later.

Think Safety

It’s still surprising to see how few people have complex passcodes on their mobile devices, or current, up-to-date anti-virus software installed on their computers –– even in a business environment. Now is the time to make sure you’re doing all you can to make tech safety a priority.

  • Change your device passcodes each spring. It’s hard to believe, but many smart business professionals still don’t have security enabled. Set up thumbprint security on your mobile device and change your passcode.
  • If you are an iPhone user, set up your iCloud account so you can activate Find My iPhone. Not only does this help you locate a lost device, but allows you to wipe your data remotely if your phone is lost or stolen.
  • Find out what’s new in computer anti-virus protection. There are new companies popping up and offering both good free and paid protection. If you’re unsure which one suits your needs, check with Terrapin for recommendations. If you think you can’t get malware on your Mac, think again. A new ransomware virus, nicknamed “KeRanger” hit Apple users recently. Better to be safe than sorry.
  • Change your password for your social media and website accounts. Start using two-factor authentication, if it is offered.
  • Make sure your home network is secure. Set a complex password on your home Wi-Fi router and only share it with trusted friends and family.

Get Rid of Old Hardware

We all have an old printer or six-pound laptop sitting around. It’s not cool to simply put your electronic devices in the trash. Many communities and schools have an “electronic disposal” day – make note of those dates and take advantage of them. Just be sure to remove all CDs and DVDs before saying goodbye to your devices. And definitely wipe your hard drive clean of any personal information.

Now it’s time to get busy! You’ll never regret adding technology to your spring cleaning ritual. And, remember, you can always ask a Terrapin Technology Group team member for help or advice with any of these topics.

 

Two-Factor Authentication: Why You Need It Today

Remember the good ole days? You had a password you used for everything. It was something that was easy to remember  —  your child’s name, a pet’s name, your name. Well, those days are long gone. The bad guys seem to be upping the ante on a daily basis.

If you want to keep your personal information secure, you should be using two-factor authentication (2FA). It may sound complex, but it’s not.

What Is It?

Two-factor authentication is a security process in which the user provides two means of identification from separate categories of credentials. We already use 2FA when we use a debit card. One credential is physical — the debit card — and the other is often something memorized, such as your personal identification code.

It works a little differently with online browsing and computers.

Where You Can Use It

Ticketmaster just started enforcing use of 2FA. If you want to download and print your tickets, you need to provide a code they send to your registered email. You will see 2FA popping up more frequently every day, and in some instances, you can’t opt out from using it. Google, Facebook, Twitter, Microsoft and LinkedIn are just a few companies embracing 2FA.

By requiring an additional factor, such as secret code sent by text to your phone or via email, the risk of being impersonated is dramatically reduced.

Google does a great job making 2FA easy. You can opt to register devices (a cell phone, iPad, etc.) and enter a lengthy one-time code. If your device is stolen or lost, you log into Google and remove that device from your trusted list. Also, when you first activate 2FA and initially log into a web browser with your username and password, a six-digit code is generated and sent to your cell phone via text messaging. In order to complete the log-in process you must next enter the six-digit code. At that time, you can opt to have Google remember and trust that browser, eliminating the need to use a six-digit code when you return to Google on that specific browser (Firefox, Chrome, etc.) from that same computer.

Banks are now starting to ask additional questions after you log in from a new device. That’s what’s important — because someone who is trying to log into your bank most likely isn’t doing it from your computer, but from a computer in Russia, China or other location. If you use two-factor authentication, you can stop that from happening.

Why Attorneys Should Care

I’ve seen attorneys and staff say this is too much work and skip voluntary 2FA, but we need to remember the risks of information being compromised. Not only can your bank account and personal information be stolen, but hackers often send out “spoof” emails from your account to everyone in your address book and include malicious embedded links. If you or your friends and clients click on those links, malware can be installed on your computer, making all of your data and files visible to the bad guys. This is where the real trouble starts.

Terrapin recommends you start using 2FA for your personal email and social media accounts. It doesn’t take much effort but can make a big difference in protecting your data. You can get started through these links:

Google

Facebook

Twitter

LinkedIn

Microsoft

 

What Law Firms Need to Know About Information Governance

Let’s face it – lawyers produce a lot of documents, because they want “everything in writing.” No doubt your own firm produces a significant amount every week.

The dilemma is how to best manage the mounting paper and electronic files we collectively call “records.” What complicates matters is that courts and bar associations see most of these documents as “client files,” so they need to be handled with particular care. Considering courts are becoming less patient with law firms and their clients if they find that records were not properly secured or destroyed, it’s important to follow information governance standards and put your firm’s document management practices into written policy.

What is information governance? It is defined as the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.

Getting Started with Information Governance

The first phase of the process includes defining your firm’s policies and trying to get partners to agree on them.

Start by documenting your current practices.  This can be done fairly easily in small firms.  Make sure your file closing processes are compliant with State Bar retention schedules based on your practice type. Do you return original documents to clients?  Scan remaining documents into the file before destroying them? Document the date you closed the file?  If so, you actually have policy – you just need to document it and adhere to it. Next, take a look at your electronic documents: How do you organize them, store them and secure them?

Larger firms have the benefit of administration teams assigned to risk management, records management and information technology. Have those managers get together and document what is actually being done at your firm. Is email archived, and if so, what is the process and frequency?  If email is deleted after a certain time period, document the criteria that is used to reach that threshold.

First and foremost, your policies must comply with ethical and legal requirements. Be sure to review the ABA and California State Bar guidelines.

It’s also important to address security issues. Prospective new clients often ask for a firm’s security and electronic records policies before making a hiring decision. Be prepared to discuss these topics with sophisticated clients.

Making Sure It’s Done Correctly

Consider hiring a consultant to assist with information governance and preparing a written policy.  The fast-paced changes in technology can complicate matters, so outside expertise can prove invaluable. Client data can be stored on networks, flash drives and in the “cloud.” Technically these are all client files and need to be accounted for and secured.

It’s important that your records policy is comprehensive and encompasses all aspects of managing client data. Working with an outside party may help streamline the process, which is critical when it’s time for your firm’s partnership to define, review and refine your proposed policies.

Once your formal policies are in place, make sure all firm members read and understand the new policies your firm adopts, and provide them with training. Periodically audit the process and document when exceptions are made and why.

For assistance in developing your firm’s information governance policies, contact Terrapin Technology Group at 916-481-1991.

How to Protect Client Confidentiality in Changing Times

Are your clients and potential clients asking you to prove that their information is being kept confidential on your network? Simply understanding attorney ethical obligations is no longer enough. Audit letters are only the first step these days. There are often follow-up phone calls, and even visits to the firm asking to view how electronic client data is maintained.

Why Client Files Are at Risk

When you ask an attorney who’s been practicing law for 30 years to describe client files, the person might talk about folders, redwelds and banker boxes. Those days are long gone.

Client files now conjure up images of data on network drives, in your document management system, and files located in “the cloud,” on CDs, USB drives and the like.

The challenge of protecting confidential client data has increased dramatically in the past few years.

ABA Model Rule 1.6(c) requires that “[a]lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

It sounds simple enough, but if you lose your iPhone and it contains attorney-client emails and client contacts, you possibly inadvertently disclosed information relating to the representation of your clients. The same can easily happen with a laptop that isn’t encrypted. If client files are compromised, you are required to notify the client of the breach. That could lead to not only losing a client, but embarrassment for the firm if the breach becomes public.

A Breach Can Happen to You

According to Digital Guardian, a data security software company, at least 80 percent of the biggest 100 law firms have had some sort of digital data breach. The demands of clients to keep their data safe and the expense posed to law firms to acquire top-notch cybersecurity has prompted the ABA and other groups to look for solutions. In fact, the ABA recently published “The ABA Cybersecurity Handbook,” available for purchase on the ABA website. The goal is to provide law firms with cost-effective solutions for keeping client data safe and avoid the type of catastrophic data breaches that have happened in the financial services sector.

Clients have become more demanding of law firms – often issuing cybersecurity surveys prior to hiring a firm. Your goal is to safeguard confidential client information while allowing access to the same data across numerous platforms.

As law firms feel pressure to increase security, firms are coming together to share ideas on how to balance client requirements for data confidentiality with the workflow and productivity of attorneys and staff. Five firms have formed an alliance to share information about data breaches and how they are strengthening their defenses. Instead of working against each other, as the competitive market often dictates, they are joining forces to bring about positive changes.

The pressure to change client data confidentiality comes in large part from regulatory pressure and health care and financial clients. That pressure is revealing itself in a few ways. Outside counsel guidelines include greater clarity of client expectations for confidentiality. They are giving a list of things not permitted and things they want done in a certain way.

Many clients are now requesting assurance for attorney “need-to-know” access to their data, asking to close down access from other members inside the firm. This creates the greatest challenge for firms moving forward.

Which Repositories Are Most at Risk?

DMS: Open access document management systems (DMS) – such as Worldox, iManage and OpenTextDM – improve collaboration and work-flow, but now clients are saying they do not want that approach by default and they are concerned about the confidentiality of their information when the access is that broad and open. The challenge is to modify the settings in your DMS to meet client needs while assuring easy access to documents to keep work-flow optimal.

File Shares: Think about file shares (network drives, lit support data, data in the cloud DropBox, ShareFile, etc.). What is being kept there? Rogue documents that belong in your DMS? Lit support data? It’s hard to keep up with security on this data. Who has access to those file shares? File share maintenance becomes very difficult. Clients are becoming more demanding that this data be looked at and accounted for.

Potential Solutions

Traditionally, law firms had an open by default system. Perhaps a document was secured, or set at view-only, but by and large the vast majority of documents were not secured. Law firms are now systematically changing how their DMS documents are managed based on client security needs.

The most draconian result is to make each document secure only to the author, but that’s not feasible, so many firms are considering restricting by practice group. However, that still will not be adequate for many clients who are asking for access on a “need to know only” basis. Restricting by client-matter may be more popular for some clients.

Firms are encouraged to offer these various levels of document security based on client needs.

How do you handle staff? At some point, this starts becoming similar to the issues considered in establishing ethical walls. Tools are increasingly becoming available to help manage these issues. Ask Terrapin about collaboration/security tools that would fit your firm’s needs.

Situations are arising where clients are asking for things that are either impossible to implement or impractical, and firms are starting to consider whether the request and what it would take to implement the change makes it feasible to represent certain clients. These are real issues for law firms.

Client requirements are dictating that attorneys can no longer say security and confidentiality are not my problem to worry about and that it’s for IT or risk management to handle.

Recommendations

Try to look at the war and not the battle. When you are looking at the issues of security and information governance, you need to find the right champion. Just because these items are housed in a repository maintained by IT, they should not be viewed as being owned by IT. There needs to be larger governance oversight with firm partners involved to champion the cause.

Build a system that has tools to allow changes to structure as demands change. Build these questions into the client-matter intake so that that security can be set properly at the inception of the client.

Make these decisions based on the demands of the clients, your firm culture and the complexity and size of your systems. Feel free to reach out to your contacts here at Terrapin Technology Group for advice. We can help you create a client data confidentiality solution that is realistic for your particular needs.

Successful Telecommuting Strategies for Attorneys

Times are changing and the support for telecommuting has never been better in the legal profession. Many attorneys are seeking better work-life balance and technology is making it easier for them to work remotely, even in truly remote locations. I once worked with an attorney who wanted to be able to reach clients from a tree stand in the middle of a forest in Montana! True story. I’ve also worked at a firm with such a strong “family” culture that two partnership candidates were voted into partnership while they were on maternity leave. That firm starting promoting working remotely in the 90’s and had great tools available, making it possible for new parents to work from home and spend more time with their family.

Telecommuting doesn’t just benefit employees –– there’s a financial incentive for law firms to support it. Office space is a large part of a firm’s annual budget, and being able to reduce space without reducing the total number of timekeepers is attractive. One firm conducted a study of the flow of their personnel and realized only thirty percent were in the office at any given time. They were able cut their office space by one-third.) With a growing number of practices going paperless, it’s becoming more feasible for employees to work from home. Another firm allowed their attorneys and staff to work from home and have conference room space in cities with the largest client base. They claim their clients haven’t even noticed.

The American Bar Association is even using a new phrase “eLawyering,” and has stated there is no formal ethical rule prohibiting lawyers from having a virtual office.

If you’re thinking telecommuting might be a viable option for you, here are some steps that can make this work option successful. (Note: If you are not a sole practitioner and work for a firm, the first course of business is to make sure your organization supports a remote workforce and find out about the tools they offer to help you.)

  • Make sure you can receive work email on your handheld device. There are numerous options to use Microsoft Outlook on your iPhone or android device, including Outlook calendar.
  • Use a timekeeping app. There are dedicated timekeeping apps or you may be lucky enough to work for a firm that has a mobile timekeeping plug-in.
  • Try Single Number Reach. Consider forwarding your office number to your cell phone, so clients only need a single number to reach you.
  • Connect to your office desktop computer. GoToMyPC can be used from a tablet, iPad or Mac.
  • Set up dictation options. Siri or Dragon Naturally Speaking are good choices.
  • Use a cloud-based solution for saving data. DropBox and ShareFile are popular options.
  • Stay organized. Microsoft Evernote allows you to save documents, notes, recordings and many other items and access them from various locations.
  • Be prepared for video conferencing. WebEx Meetings, FaceTime or Skype can be used on your iPhone or android.

So, exactly what type of technology tools should you have on hand? My list of “must-haves” include:

  • Laptop
  • Smart phone
  • iPad
  • Portable Wi-Fi Device (available through AT&T, Verizon, Sprint, etc.) for security and reliability
  • Battery Power Supply
  • Wi-fi Multi-Function scanner/printer/copier/fax for your home office (many are small enough to take on the road)
  • USB Portable Hard Drive (around $100 for 2 TB)

With a little creative thinking and a few tech tools, you could soon be with your family or sitting on a warm beach and still keeping your clients happy. Remember, you can always contact the Terrapin team to help you set up an effective and secure remote workplace.