Category Archives: General Blog

Defending Yourself Against Covid Related Scams

We’ve shared information more than once in the past about how to avoid phishing and other risks – malware, ransomware, etc.

The “Bad Guys” couldn’t be happier about Covid, I assure you. The pandemic and constant news about it has made most of us stressed and anxious, and more vulnerable to attack.  Consider yourself lucky if you haven’t had one of the Covid related scams show up in your Inbox.

Google has reported more than 18 million daily malware and phishing emails related to COVID-19 scams just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus, the company says.

The phishing attacks and scams “use both fear and financial incentives to create urgency to try to prompt users to respond,” Google says. In other words, same email scam, different subject line.

These scams include impersonating government organizations like the World Health Organization to try to solicit donations or trick users into downloading malware; pretending to have information about government stimulus payments; and phishing attempts aimed at workers who are working remotely.

Examples include emails purportedly sent from a governmental agency:

A screenshot of a social media post Description automatically generated

Workplace Policy Emails

Some scams would like you to believe your employer is asking you to review your company’s new “safety measures.”  If you click on this link, your computer/network could be infected with a virus or malware.

A screenshot of a cell phone Description automatically generated

Some go as far asking you to read and acknowledge your company’s new policy:

A screenshot of a cell phone Description automatically generated

Because many of us are working remotely for the first time, it isn’t as easy to stop by your human resources department to confirm if this is a legitimate communication.

Reminders for Recognizing Phishing Emails

  • Like other types of phishing emails, Covid themed email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft.
  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data. The IRS is not going to email you asking for your bank account for your stimulus check.
  • Reminder – you can inspect a link by hovering your mouse button over the it to see where it leads (don’t click!). If it seems sketchy, delete the email.
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

FBI Warnings

 People are also urged to be on alert for attackers selling products that aim to prevent or treat COVID-19, as well as counterfeit sanitizing products and personal protective equipment.

The FBI has also reported there are numerous fraudulent apps available that offer to keep you informed, while infecting your computer or mobile device instead.

Bottom line take the time to scrutinize emails now more than ever. If something seems out of context, take the time to call the sender to confirm the communication is legitimate. Never share personal email via email, especially now.

Terrapin is here for you…

Your Terrapin techs are working and are available to help you confirm whether communications are legitimate. It is always better to be safe than sorry. Be safe!

Staying Connected While Working Remotely

During the past few weeks Terrapin has worked with our clients to successfully change their place of business from their offices to their homes in response to CV-19.  Now that most of us are settled in our new work space, we wanted to share some of the most popular tools we have found to help you stay connected.

Video Conferencing

  • Zoom.  Free account allows a 40 min conference with up to 100 people at one time. Paid accounts get unlimited time and more participants, and a phone number for dial-in.
  • Skype Business (included with Office 365 Business Premium subscriptions).

Internal Communication/Chat

  • Microsoft Teams. (Comes standard with any Microsoft Office 365 account). Allows instant messaging, file sharing, video conferencing and screen sharing within the team/group.
  • Slack. Allows instant messaging and file sharing within an internal group. (No screen sharing/collaboration or video conferencing.)

Cloud Phone/Voice Conference Calls

  • Mitel/Shoretel Cloud. Phones  work  anywhere there is an internet connection, even from home. Conference bridge line built-in and available as part of the service.
  • Ring Central. Conference bridge available as part of the service.

File Sharing/Collaboration


ShareFile. Share files/folders with external recipients (HIPPA compliant). Send large files securely.
  • HighTail. Send large files securely and allow collaboration on videos, such as video depositions, with annotations.

External Access to Documents

  • If you use a DMS, most offer a web portal to access your files, such as iManage, Worldox and NetDocuments. Contact us to find out what is required to set this up.
  • OneDrive and/or SharePoint are included with most Office 365 suites.

Reach out to your primary Terrapin Tech if you have questions or need assistance implementing any of these tools for your team.


What’s The Deal With The California Consumer Privacy Act?

Have you heard about California’s big new privacy law? The “California Consumer Privacy Act of 2018” (the “Privacy Act”; Cal. Civil Code § 1798.100 et seq.) goes into effect in January of 2020. Significant media coverage surrounding the new law has led many businesses – Terrapin included – to question whether and how the law may apply to them. Terrapin has analyzed the new law and while we do not expect it will affect our clients from an operations or business perspective right now, we feel it’s important to understand how it may impact you personally.

What Is The Privacy Act About?

The Privacy Act is intended to give consumers greater control over personal information that businesses collect about them. The legislative findings in support of the law refer to the proliferation of personal information in the digital and Internet age, and the increasing difficulty people have controlling the use of such information. Remember the 2018 Facebook-Cambridge Analytica scandal? That is cited as one example and motivator for the new law. The Privacy Act is frequently compared to the EU General Data Protection Regulation (Regulation (EU) 2016/679), commonly referred to by its initials “GDPR.”

What Information Is Covered By The Privacy Act?

The Privacy Act defines personal information broadly – information “that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”  Cal. Civil Code § 1798 .140(o).  This information includes:

  • Names
  • Addresses – postal, email, and Internet Protocol (“IP”) addresses
  • Social security numbers
  • Account names
  • Drivers license numbers
  • Passport numbers
  • Biometric information
  • Internet activity (browsing history, search history, and info regarding a consumer’s interaction with a website, app, or advertisement
  • Geolocation data
  • Audio/visual information
  • Professional or employment related information
  • Education information
  • “Inferences drawn” from such information to create a “profile” about a consumer reflecting their preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Id.  Personal information does not include information that is “publicly available,” such as information “lawfully made available from federal, state, or local government records,” or consumer information that is “deidentified or aggregate” in nature.  Cal. Civil Code § 1798.140(o)(2).

What Businesses Are Covered By The Privacy Act?

Again, Terrapin does not expect that the Privacy Act will impact our clients from an operations or business perspective. It applies to for-profit businesses that: 1) do business in California; 2) collect, or have collected for their benefit, consumers’ personal information; 3) participate in the determination of the purposes and means of the processing of such personal information; and 4) satisfy one or more of the following thresholds:

  • Have annual gross revenues in excess of twenty-five million dollars ($25,000,000);
  • Annually buy, receive, or share, for commercial purposes, the personal information of 50,000 or more consumers, households, or devices; or
  • Derive 50 percent or more of their annual revenues from selling consumers’ personal information.

Cal. Civil Code § 1798.14(c)(1).

What Are Consumers’ Rights Under The Privacy Act?

The Privacy Act provides consumers three basic “rights” regarding their personal information:

  • The right to know what personal information a business has collected about them; the sources of that information; what that information is being used for; and if and to whom that information has been sold. Civil Code §§ 1798.100(a), 1798.110(a), 1798.115(a)
  • The right to “opt-out” of having their personal information sold. Civil Code §§ 1798.120.
  • The right to request that a business delete any personal information about the consumer which the business has collected from the consumer. Civil Code § 1798.105(a).

Though not couched as a consumer’s “right,” the Privacy Act prohibits a business from discriminating against a consumer who exercises any of their rights under the Privacy Act, such as by denying goods or services to the consumer, or charging a different price for those goods or services, or offering a different level of quality of goods or services.  Cal. Civil Code § 1798.125.

What Happens If A Covered Business Violates The Act?

A business covered by the Privacy Act that violates it can be subject to civil penalties pursued by the Attorney General. Cal. Civil Code § 1798.155(b). The business can also be subject to lawsuits for statutory or actual damages brought by consumers whose personal information is disclosed by a theft or hack against the business. Cal. Civil Code § 1798.15.

Some Takeaways…

Regardless of whether or not you determine the Privacy Act applies to your business, it is significant new legislation that is sure to receive continued attention as it comes into effect and enforcement actions are pursued under its provisions. Depending on the law’s success (or failure), it may lead to further privacy related laws that are even broader in scope and reach.

1.5 Billion Gmail Calendar Users Are the Target of a Crafty New Phishing Scam

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.

In business, we schedule meetings all the time. One-off calls, recurring weekly updates, and the like. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

Here’s how it works:

Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it’s pointing you back to for more details.

Once clicked, it’s back to the usual tactics of trying to infect the user’s endpoint with malware and so on.

This kind of attack has a massive attack surface, given the number of users utilizing Google’s Calendar service. It also has that contextual appeal by being hidden within a meeting invite and uses a seemingly valid URL for more information.

Users have long been warned about their interaction with email and the web. Now it’s important to add Calendar invites to the list.

Think carefully before you click “Add to Calendar.”  Reach out to your Terrapin tech if you have any concerns about a Google calendar invite you’ve received.

Proactively Manage eDiscovery Issues by Leveraging Rules of Court

What if there was a way to suss out eDiscovery issues in California state court litigation fairly early in the case, outside of law and motion? What if doing so was simply following the rules?

California’s Rules of Court require parties to meet and confer to consider certain issues before a case management conference (CMC).  Cal. Rules of Court, Rule 3.724.  The topics of consideration expressly include “the discovery of electronically stored information” (ESI). subd. (8).  The specific issues to be considered relating to ESI include among others the “preservation of discoverable electronically stored information;” “form or forms in which information will be produced;” “scope of discovery of the information;” “method for asserting or preserving claims of privilege or attorney work product, including whether such claims may be asserted after production”; and “other issues . . . including developing a proposed plan relating to the discovery of the information.”  Id.

Parties that conduct the meet and confer conference in a perfunctory manner (or worse fail to meet and confer at all) miss out on an early opportunity to understand the contours of eDiscovery issues that may arise in the case.  On the other hand, parties that faithfully carry out the meet and confer duty can have a meaningful conversation about the who, what, when, where, how, and why of eDiscovery in the case. The effort can yield valuable information the parties and their counsel and eDiscovery vendors can use to chart out, budget for, and streamline eDiscovery issues during fact discovery. If a party seeking to obtain these benefits finds itself stymied by its adversary’s unwillingness to engage in the pre-CMC meet and confer discussions, that fact can be reported in the required CMC Statement and a request made that the Court take up the issue at the CMC.

The takeaway?  By leveraging California’s Rules of Court, litigants have an opportunity to learn about potential eDiscovery issues beforethey are knee deep in discovery, and help to manage what can otherwise become a difficult, time consuming, and expensive component of discovery.

Terrapin’s Litigation Support team is headed by an attorney with sixteen years of litigation and trial experience.  Our team understands eDiscovery and is here to help you with your eDiscovery needs and projects.

Contact Terrapin to learn more.

Going to Trial? Terrapin can help…

Did you know we have someone at Terrapin who can help you prepare a winning trial presentation? You may think of Terrapin as the people you call when your Wi-Fi router is down, or your email isn’t flowing. But we also have someone on our team who has prepared many trial presentations that have led to great trial results.

Betty Nelson started working in law firms in 1980—back when going to trial meant banker boxes, trial binders, and lots of copying and labels.

Fast forward to the year 2000, when Betty went from working as a litigation legal secretary to joining the IT department. A team of attorneys at her firm was preparing for a million-dollar plaintiff’s mediation and their usual trial support team wasn’t available. Betty said, “I think I can help!” Well, she has never stopped helping.

It soon became a passion of Betty’s to help attorneys think about how to present their case to jurors and triers of fact. She has a knack for taking a step away from the complexities of the case and helping attorneys realize they need to look at the case from the eyes of the jury who don’t know any of the parties or understand any of the thousands of complex facts about their case. Her 39 years of working with attorneys and law firms give her the depth and breadth to be able to successfully help in this regard.

Add in her flair for creativity and innovative approaches and you have a winning combination. Betty has prepared many complex timelines and callouts, and other ways of showing demonstrative evidence to juries. She works closely with attorneys and is fast at turning work around. Betty has an amazing attention to detail and a true passion for the law.

Read what two of Terrapin’s clients have said about Betty’s contributions to their success:

Tracy Hunckler, Partner – Day Carter Murphy LLP  

Betty assisted our team of litigators with a complex binding arbitration that was being held out of town in SF for two weeks. She knew exactly what we would need at our “home base-war room” at the hotel and how to work with the hotel staff and vendors to secure the necessary technology so that we could feel like we were back at the office. Betty has years of experience with setting up war rooms out of town and her assistance with our war room was invaluable to our team. Betty also helped prepare an opening statement presentation that included a detailed, animated timeline and other demonstratives that helped the arbitrator understand our complex case. Betty is very creative and has great attention to detail. Moreover, Betty is easy and fun to work with, and provides a sense of peace during the stress and pressure of litigation.


Shaye Schrick, Partner – Delfino Madden O’Malley Coyle Koewler LLP     

Betty has assisted me on three trials in the past two years. She has been a great asset in preparing demonstrative evidence, including PowerPoint presentations and blow-ups. With more than 35 years’ litigation support experience and undeniable intuition, she is able to anticipate what jurors might want to see to better understand the case and collaborates with us on ways to best present evidence and themes visually. She works efficiently—fast and smart—and has great attention to detail. Betty thinks outside the box and helps our firm present a clean, clear image of what the jury will see and/or has seen in trial. I highly recommend Betty for trial work!

If you are interested in learning more about how Betty can help you in trial, contact Betty at Terrapin!

How Metadata and Redactions Can Cause Law Firms Big Headaches

A typical law firm generates an enormous number of legal documents. The history revealed by those documents—both in the form of user history and uncovered redacted statements—can sometimes lead to a whole lot of unintended drama when mistakes are made. Is your firm doing all it can to ensure you’re minimizing the potential for problems?

Let’s look at the properties of a Word document—its metadata:

Clean Up Your Metadata

This type of information is useful not only in civil disputes regarding estates, plagiarism or stolen trade secrets, but also in criminal cases involving financial crimes such as fraud, or even more serious crimes in which a typed confession or suicide note is involved.

Perhaps the most high-profile case to have involved Microsoft Word was that of the BTK (Bind, Torture, Kill) Killer Dennis Rader, whose identity was unveiled after he tauntingly sent a floppy disk to police. The floppy disk contained metadata from a deleted Word document and analysis of the metadata revealed the location of the computer where it was created and the name of the user who last edited it: “Dennis.”

I’ve seen firsthand the impact of metadata mistakes at law firms. An attorney will send a draft agreement to a client, and receives a call saying, “Why is the name ‘Ralph Smith’ all over this agreement? No one named Ralph Smith is involved in this deal.” Next, I get an angry call from the attorney and have to explain about hidden text and/or metadata. Another situation that comes up is when attorneys use a prior document as boilerplate. They are careful to make sure there’s no hidden text, but they still get an angry client call. Why? Because the client went into the properties of the file (see image above) and saw that the author was another attorney in the firm. Not only that, the document was created in 2012, and the last edits took 10 minutes, but the client was billed 1.0 for the work. Not good.

Invest in Redacting Tools

Redactions are another critical concern for attorneys. A major news story hit recently involving redactions in a case involving former Trump chairman Paul Manafort, because the creators of a key document thought they had properly redacted the information they wanted to hide but hadn’t. If you’ve been involved in litigation, you know that redacting documents is something that is done to remove attorney/client privilege or other information that shouldn’t be shared.

Redaction of the document in the Manafort case appears to have been attempted in Word or PDF by drawing a black box over the text or highlighting it in black. When the document was converted to PDF and distributed, the text layer was still there. Readers quickly discovered they could highlight the ‘redacted’ text under the black boxes, copy and paste it, and thereby reveal the contents.

There are numerous tools for redactions, but only a handful that properly do the job.

At Terrapin, we recommend DocsCorp, which offers both a metadata removal tool and a redaction tool:

  1. cleanDocs removes metadata from documents
  2. pdfDocs has reliable redaction tools

We also work with Litera, which offers Metadact as their metadata removal tool.

Please reach out to your primary Terrapin tech if you have any questions about how to manage metadata and redactions at your firm.

Staying Safe on Cyber Monday

It’s Cyber Monday! A time for great deals online, but also a time to be particularly alert for scams. Terrapin wants to remind you that fraudulent websites are actively trying to obtain your personal/financial information.

The ‘Bad Guys’ are more skilled than ever at creating websites that look legitimate. If you plan on doing any online shopping today, you may miss the warning signs.

Tips to remember:

  • Avoid any online shopping on your company’s computer. Use your personal computer or cell phone to avoid accidentally downloading and installing viruses and malware on your work computer.
  • Be wary of prices that are extremely low. Do your research first and know the price range of the item(s) you want to purchase.
  • Make sure the website starts with https – the ‘s’ stands for secure. This is especially important if you are entering credit card or PayPal information.
  • Avoid making purchases on websites you have never visited before.
  • Be careful on social media: While your Facebook page is likely covered in ads, you need to be cautious about clicking on them. Social media ads often include links that take you to sites off social media, which opens up the potential for malware and viruses to be downloaded onto your computer.
  • Read the fine print, including the features of the product and the company’s return policy.
  • Hover over links to see which websites they lead to once you click. Doing that can keep you safe from malware.
  • Avoid clicking on website ads and links in text messages and emails. If the deal sounds too good to be true, it probably is.

Don’t hesitate to reach out to Terrapin if you believe you have clicked on a malicious link or if you encounter pop-ups that warn you of viruses (never click on these, even to close them). Let’s make this a safe and happy holiday season!

Terrapin’s New Method to Identify Email Spoofing

You’ve probably noticed a significant increase in fraudulent emails pretending to be from someone at your firm. These messages are spoofed, often originating from outside the network, but that’s not always obvious at first glance. These message sometimes often give clients enough pause to inquire about them before deleting them outright.

To make it easier for clients to identify these types of messages, Terrapin can prepend a warning to all incoming messages originating from outside the organization. If a message from your associate down the hall arrives in your inbox with this warning attached, then you’ll know immediately that it’s fraudulent and should be deleted.

Please contact your primary tech at Terrapin if you are interested in adding this warning to your incoming email messages.



Choosing The Right Office 365 Plan for Your Team


Microsoft knew what they were doing when they introduced Office 365. It has been a game changer that has taken businesses of all sizes into the cloud – without a significant amount of pain.

Office 365 is a subscription service providing access to features and services including Microsoft Office applications both online and on multiple devices. One of the recent changes Microsoft introduced is the ability for 365 users to have their software installed on up to five devices.

The type of subscription is what determines which applications and services are available to you. No matter which subscription you choose, it’s great knowing you have the right to download the latest version of Office.

Six Office 365 Plans Available

There are six Office 365 plans divided into two areas: business and enterprise. The business plans cap out at 300 users; the enterprise plans are unlimited. The Office 365 Business Premium plan includes:

  • Full installed Office 2016 applications (Word, Excel, Outlook, PowerPoint, OneNote, SharePoint, Publisher & Access), which can be installed on up to five computers (PCs or Macs)
  • Access to Office Mobile (Word, Excel and PowerPoint) on up to five tables and five phones
  • Access to Office Online (Word, Outlook, OneNote, Excel and PowerPoint)
  • Skype for Business
  • 1 TB of storage on OneDrive for Business
  • Document management functions like archiving, rights management, data loss prevention and document-level encryption
  • Numerous business apps, including Bookings, Invoices and MileIQ

(For a complete rundown of all of the business plan options, visit Microsoft’s overview page.)

Commitment to Security, Privacy & Compliance

With the new lineup of options, Microsoft shows that it is committed to delivering multiple levels of security to safeguard data. These include multilayered physical data center security, encryption, auditing controls, and configurable privacy access controls for users and organizations. These security features are important because you can often be working in an area where various networks come into play.

Collaborating Across Devices

I recently had a chance to perform some real scenario testing with Office 365 across devices and platforms (using a selection of Microsoft, Apple and Android products). Although there are slight differences in how the program appears (ribbons, etc.), the functionality is there. And it goes without saying, the convenience is unparalleled.

I started with a Word document that contained complex formatting. You can see the results below:

For more information about Office 365 and help determining which plan is right for your firm, be sure to reach out to your Terrapin team member.