Cyber Security and Data Breach Response

lock“Cyber threat is one of the most serious economic and national security challenges we face as a nation.”  Barack Obama, President of the United States

The Identity Theft Resource Center has documented over 500 data breaches in 2014 through early September.  This represents a 26.2% increase over the same time period last year. The news isn’t any better for the legal profession.

The latest ABA Legal Technology Survey Report notes that “Nearly half of law firms were infected with viruses, spyware or malware last year.”  Fourteen percent of law firms “experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Where to Start

With such staggering numbers, it is easy to become overwhelmed.  If you are concerned about cyber security but don’t know where to start, begin here at the ABA Web site. If you are a prolific user of mobile devices, be sure to check out the ABA’s suggestions for Security on the Go.  To understand the state of security in US law firms, read this post by Bob Ambrogi.

Make Encryption Your Best Friend

Encryption is a powerful way to protect sensitive data belonging to you and your clients. The ABA post Playing it Safe provides a good overview.  Since TrueCyrpt is no longer available, check out the following reviews of encryption software: LIfehacker, GFI, PC World, and Gizmo.

You’ve Heard it Before: Use Strong Passwords

It seems we are reminding lawyers every other day about the importance of using strong passwords unique to each account or Web site.  See these recent posts on the ABA Law Technology Today blog:

Firewalls, Anti-Spam, Anti-Virus, Malware Protection

The best protection is comprehensive.  This excerpt from The 2014 Solo and Small Firm Technology Guide provides guidance.  Don’t be afraid to hire an IT expert to help.

Purchase Cyber Liability and Data Breach Coverage

The Professional Liability Fund (PLF) Excess Claims Made Plan automatically includes a cyber liability and data breach response endorsement with these features:

  • Forensic and legal assistance to determine compliance with applicable law
  • Notifications to individuals as required by law
  • 12 months credit monitoring to each notified client
  • Loss mitigation resources for law firms

If you aren’t eligible or don’t wish to purchase excess coverage through the PLF, contact a commercial carrier.

Protect Yourself Against Scams

The security measures outlined above are a good start toward protecting your firm and your clients from scams.  For more complete protection, get educated.  Order the free PLF CLE: “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss,” and talk to your bank about fraud protection services.

[All Rights Reserved – 2014 – Beverly Michaelis]

 

 

The State of Law Firm Security

Viruses are More Common at Law Firms than Encryption, ABA Survey Shows

Firms-with-virus

“Nearly half of law firms were infected with viruses, spyware or malware last year, according to the latest ABA Legal Technology Survey Report. At the same time, only a quarter of law firms had any kind of email encryption available for their lawyers to use, the survey found.

Also, 14% of law firms experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Bob Ambrogi

Read the full post here.

Leaving Your Firm

Parting isn’t always such sweet sorrow.  In fact, it can be downright contentious.

If you are contemplating leaving your firm, do your research. Meeting your ethical obligations fulfills only part of your responsibilities.

IF YOU ARE A PARTNER

Conduct your partnership withdrawal in a manner that honors the contractual and fiduciary responsibilities owed to your fellow partners.  Contractual duties are controlled by your written partnership agreement.  Fiduciary duties are described in case law and codified by statute in Oregon’s Revised Partnership Act.

IF YOU ARE NOT A PARTNER

Review your employment contract, employment letter, office policies, office procedures, or any other applicable terms that may control the process for terminating your relationship with your current firm or your obligations upon departure.

ARE ISSUES LIKELY TO ARISE?

Consult outside counsel experienced in the areas of lawyer mobility, partnerships, fiduciary duties, lawyer separation, and law firm dissolution.

PUT CLIENTS ABOVE ALL ELSE

If you are making a lateral move to another firm or setting up your own practice, remember that the client’s freedom of choice in selection of counsel is paramount.  Always put the interests of your clients first.  Keep the transition as amicable, professional, and stress-free as possible.  Contentious withdrawals alienate clients and damage relationships.

GIVE NOTICE TO YOUR FIRM BEFORE YOU CONTACT CLIENTS

Inform the firm of your decision to leave before contacting any clients.  Failing to give adequate and timely notice to your firm or partners before you contact clients is a violation of the duty of loyalty owed by a lawyer to his or her firm based on their contractual or agency relationship.  It may also constitute conduct involving dishonesty, fraud, deceit, or misrepresentation in violation of Oregon RPC 8.4(a)(3).

RESOURCES

The Professional Liability Fund has extensive resources for Oregon lawyers who are departing a firm, withdrawing from a partnership, or dissolving a firm.  Visit our Web site for more information.

All rights reserved [2014] Beverly Michaelis.

 

 

Free Shred Days: Pendleton, Astoria, Grants Pass

The Professional Liability Fund is expanding its free shred events statewide for Oregon lawyers.  We will be in the following cities in August:

  • August 2 – Pendleton
  • August 9 – Astoria
  • August 23 – Grants Pass

For details, including start time and directions to the shred events, check your email inbox.  Broadcast emails will be sent soon to lawyers in eastern Oregon, the northern Oregon coast, and the south valley.

Shredding generally continues until the trucks are filled to capacity.  Please respect the box per firm limit so we can provide this service to as many regional law firms as possible.  You must wait until your material is shredded and retrieve your boxes.  We cannot dispose of cardboard.  Paper clips and binder clips can be shredded, but 3-ring binders cannot.

shred

If you have any questions about the upcoming shred events in Pendleton, Astoria, or Grants Pass, please contact DeAnna Shields at 503-639-6911, ext. 440 or deannas@osbplf.org.

Free shredding services are provided courtesy of the PLF and Blue Mountain, Clatsop County, and Rogue Community Colleges, respectively.  Mobile shredding trucks from Recall, the PLF’s document management company, will be shredding the materials on site.

Calling all Marion and Polk County Lawyers

On Saturday, July 26 the Professional Liability Fund (PLF) and Willamette University College of Law (WUCL) are hosting a FREE shred event in Salem at the university.  All Marion and Polk county lawyers are encouraged to participate.  For details, including start time and directions to the shred event, check your email inbox.

Shredding generally continues until the trucks are filled to capacity. Please respect the box per firm limit, so that we can provide this service to as many Marion and Polk county firms as possible. You must wait until your material is shredded and take your boxes back with you. Paper clips and binder clips are okay to shred but 3-ring binders should be removed.

If you have any questions about the July 26 shred event in Salem, please contact DeAnna Shields at 503-639-6911, ext. 440 or deannas@osbplf.org.

Free shredding services are provided courtesy of the PLF and WUCL.  Mobile shredding trucks from Recall, the PLF’s document management company, will be shredding the materials onsite.

 

 

 

Free Shred Day – Coming Soon to a City Near You?

We hope so!

The Professional Liability Fund has held several successful shred events at the OSB Center, most recently on May 17:

678 bankers boxes shredded

box

Stretching the equivalent of 24 school buses parked end-to-end

bus1bus2bus3

Weighing as much as 2 full-grown hippos with 26 stout offspring

h2

baby h

We are working with Recall, our document storage and destruction provider, to host future shred events in:

  • Salem
  • Bend
  • Eugene
  • Medford
  • Newport or Tillamook
  • La Grande
  • Pendleton

Stay tuned!

 

13 Resources for Protecting Data – Courtesy of the FTC

With data breaches in the news on an almost daily basis, how do you protect your law firm’s assets? What advice should you give to your clients?

The FTC offers a list of 13 data security resources to help you get started. From mobile apps to digital copiers and shutting down spam, there is a ton of good advice to be culled from these posts and PDFs: Continue reading

Free Shred Day for Multnomah County Lawyers

The Professional Liability Fund is providing free shredding of legal files on Saturday, March 15, from 8:00 a.m. to 12:00 p.m. in the Oregon State Bar Center parking lot. Mobile shredding trucks from Recall, a document management company, will be shredding the materials onsite. Limit: 15 boxes per firm.

The trucks will be located in the back Free Shred Day 8 24 2013 photo by Ivan Hernandezparking lot of the OSB Center, 16037 SW Upper Boones Ferry Road, Tigard, Oregon, 97224. Shredding will be available until the trucks are filled to capacity. Please respect the 15 box per firm limit, so that we can provide this service to as many firms as possible. You must wait until your material is shredded and take your boxes back with you. Paper clips and binder clips are okay to shred but 3-ring binders should be removed.

If you have any questions please contact DeAnna Shields at 503-639-6911, ext. 440 or deannas@osbplf.org.

Using Google Voice in Your Law Practice

The February issue of Multnomah Lawyer, the official publication of the Multnomah Bar Association, has an excellent article by Charley Gee about using Google Voice.

As Charley describes:

Google Voice is a service from Google that provides a user with a telephone number, voicemail, conference calling, and text messaging service. It is accessible from any computer with access to the Internet, or from a cellphone or tablet.

The best feature of Google Voice is its price: free. Using your Google account, just sign up, select the number you want from a list of available numbers, and verify and connect your cell phone to the account.

Google Voice supports call routing, text message archiving, and voicemail to e-mail transcription.  (But not emergency service calls.)  If traveling, you can access voicemails and make calls without cell service:

Google Voice users can make and receive calls and text messages, as well as fetch their voicemail, over the internet instead of a cell tower signal. I’ve accessed my voicemail and text messages from remote locations around the state just by finding a Wi-Fi hotspot.

Great tip Charley!  My only caveat is to keep security risks in mind when using Wi-Fi.

If you are evaluating Google Voice vs. Skype, read this post.  For more thoughts on the benefits of using Google Voice in your law practice, check out what Go Matters has to say.

If you’ve committed to Google Voice and want to know about using it on your Android Phone or iPad, see:

How to Use Google Voice for Your Primary Android Phone Number and Messages or App Review: Google Voice for iPad.

Final Thoughts

I blogged earlier this month about how to cope with Gmail outagesGoogle Voice is tied to your Gmail account.  If Gmail goes down, Google Voice may also experience an outage.  Without a doubt, you will lose WiFi functionality, voicemail to e-mail transcription, and perhaps other features.  A cursory search did not return an answer to the question: How many times has Google Voice experienced an outage?  However, searching for “Google Voice outage” returns numerous results dating back the last few years.  Whether Google’s uptime stats are better or worse than the competition is hard to gauge.

Finally, I can’t write a post about Google Voice without expressing how much I like Ruby Receptionists, our very own home-grown virtual reception service based in Oregon.  Ruby Receptionists goes far above and beyond Google Voice, with the advantage of personalized, live reception services.  Read about this awesome service for lawyers here.  For another take, see this post.

All Rights Reserved [2014] Beverly Michaelis

What Lawyers Can Learn from the Yahoo Email Hack

Yahoo, the second largest email service worldwide, reported a security breach last untitledweek which exposed personal information from sent email folders.

The Associated Press reports:

Yahoo Inc. said in a blog post on its breach that “The information sought in the attack seems to be the names and email addresses from the affected accounts’ most recent sent emails.”

That could mean hackers were looking for additional email addresses to send spam or scam messages.  By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

If you correspond with friends, family, clients, or colleagues who use Yahoo’s mail service, scrutinize incoming e-mail carefully to avoid phishing scams. 

This breach has another takeaway for lawyers – you are only as secure as your third party vendors.  The Yahoo and Target breaches were both the result of third-party vendor hacks.  In the case of Yahoo, the information was collected from a third-party database.  In the Target hack, credentials were stolen from a third party vendor.

Lawyers should take this to heart when evaluating their own cyber liability and security – specifically with regard to HIPAA compliance.  If your servers are hosted in the cloud, or you use cloud-based practice management, accounting, or backup solutions, inquire into the security procedures of your vendors.  Remember that encryption is your friend.  All data stored in the cloud should be encrypted – minimally by your vendor.  Better yet: go the extra mile.  Seek out cloud providers who permit you to add your own third party encryption, like Viivo or TrueCrypt, so that you (and only you) hold the final encryption key.

All Rights Reserved [2014]

Beverly Michaelis