Using Zoom for Video Conferencing

I love Zoom, but like any tech, there are potential vulnerabilities for new users.

Protect your Zoom account and avoid Zoombombing (aka hacking) by following these suggestions:

  • Be wary of links. Login at Zoom directly rather than using the meeting link. Enter the provided meeting ID to join a meeting.
  • Set screen sharing to host only. Doing so prevents your meeting from being hijacked by a hacker.
  • Use the waiting room feature to prescreen and approve attendees.
  • Try Zoom webinars instead (this is the method I use for all my CLEs). Webinar settings offer advanced controls, including several approaches to prescreening attendees.

Read more about these safety tips here.

Are Zoom Conferences Recorded?

Webinars

When I conduct Zoom CLE webinars, I record them. This is a setting I activate as host. It isn’t automatic.

Meetings

Zoom meetings are recorded by default. Zoom help explains this and instructs hosts on how to change settings. This is one area where the USA Today article is misleading. For information on Zoom encryption, see this.

Give Others a Heads Up

No matter what you do, it is common sense to give clients and others a heads up on how your video meeting will be conducted. Advise if you plan to record. Let attendees know if your conference is listen only, whether they can raise their hand, or submit questions.

Documenting Your File

Recordings have their place. For example, preserving the meeting as part of your file. Advanced settings in Zoom allow you to include all participant names, add a time stamp, save chat files, and automatically transcribe audio.

All in all, Zoom is a pretty terrific tool.

All Rights Reserved 2020 Beverly Michaelis

Focus on Security – More from the 2018 ABA TECHSHOW

We all know that securing our law firms and protecting client information is our ethical duty. Thus, the continuing focus on security at this year’s ABA TECHSHOW.

Among the topics:

Of course, there were the usual reminders: don’t use unsecured WiFi, don’t click without thinking, watch out for keyloggers when using public computers, and use strong (and unique) pass phrases for all accounts.

Even so, reminders don’t hurt.  And we need to stay on top of trends like how to secure your phone when traveling or Internet-connected printers, TVs, baby monitors, or appliances that may be spying on us.

So get a cup of coffee or tea, and take five with me.  Check out these “best of” summaries of what the experts at TECHSHOW shared:

For more summaries of 2018 ABA TECHSHOW tips, advice, apps, websites, and other useful resources for lawyers, see my main Wakelet page.

All Rights Reserved 2018 Beverly Michaelis

End of the Line for Viivo Encryption

In late June, PKWARE announced the end of life for Viivo encryption.  If you’ve relied on Viivo to protect your files in Dropbox or elsewhere on the Web, you need to find another encryption solution sooner rather than later.

How Long Will Support Continue?

Users of the free and commercial versions of Viivo will have one year of support.

What Does Viivo Recommend?

While Viivo can be used after the service is shutdown, the company does not recommend this. All customers should move to another encryption solution.

How Long Do I Have to Act?

Viivo service will remain online until July 1st, 2018.  (But don’t wait until next year to tackle this issue!)

Next Steps

  1. Research and select another encryption solution (see below).
  2. Backup all files currently protected by Viivo.
  3. Decrypt all files currently protected by Viivo (the Website has step-by-step guides that walk you through the process).
  4. Implement the new encryption solution.
  5. Review your credit card statement.  If you have a paid Pro or Business subscription, your payment processing should have been suspended automatically.

Alternatives to Viivo

If you really like Dropbox and don’t want to switch, finding another cloud-based encryption service to fill the gap is imperative. BoxCryptor and Sookasa are two options. Sadly, CloudFogger and TrueCrypt are no more.

All Rights Reserved 2017 Beverly Michaelis

A New Ethics Standard for Client Email?

A long time ago, in a galaxy far, far away the ABA issued Formal Ethics Opinion 99-413, the gist of which was to give law firms a free pass when it came to email encryption. Since 1999, technology has evolved by leaps and bounds, the ABA has updated its model rules, and cybersecurity is a national concern.  Therefore, it should be no surprise the ABA chose to revisit its 18 year-old position on email and electronic communications.

The New ABA Standard

Is email encryption required by the new ABA opinion?  Yes and no.

As Bob Ambrogi reports in his blog:

In this new opinion, the committee declined to draw a bright line as to when encryption is required or as to the other security measures lawyers should take. Instead, the committee recommended that lawyers undergo a “fact-based analysis” that includes evaluating factors such as:

  • The sensitivity of the information.
  • The likelihood of disclosure if additional safeguards are not employed.
  • The cost of employing additional safeguards.
  • The difficulty of implementing the safeguards.
  • The extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

However, special security precautions may be required “to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.” ABA Formal Opinion 477.

The Oregon Standard

The last bit of ABA Formal Opinion 477 may sound familiar to Oregon lawyers.  In this article written by Helen Hierschbiel in 2010, the bar gave us some insight on the topic of electronic communications, including email:

Although use of electronic communications is not a per se violation of the duty of confidentiality, special precautions may be necessary in particular circumstances. For example, if information is particularly sensitive or subject to a confidentiality agreement, a lawyer may need to implement special security measures. Also, if a client requests it, a lawyer may be required to avoid, or be allowed to use, a particular type of electronic communication notwithstanding expectations of privacy in the communication method.

While the article cites to a model rule that was later amended, the parallels between Hierschbiel’s language and that of the new opinion are hard to miss.  Bottom line? Email encryption is required if the circumstances warrant it.

Choosing an Email Encryption App

Fortunately, Bob Ambrogi has come to our rescue yet again.  In his article, Encryption so Easy a Lawyer Can Do It, Bob discusses three incredibly simple solutions that allow lawyers to send encrypted messages.  No more clunky interface requiring the sender to transmit keys before the recipient decrypts the message.  No more need for both parties to use the same software.  (Although a simple plug-in may be needed, depending on the software you choose.)

With secure cloud-based solutions Enlocked, Virtru, or Delivery Trust, Ambrogi concludes:

What all three programs have in common is that they make encryption as easy as the push of a button.  If you use email to communicate with clients or colleagues about sensitive matters – and what lawyer does not? – you have no excuse not to encrypt.

What To Do Next

  • Encrypt all client email, not some client email.  Why?  Mainly to eliminate guesswork, reduce risk, and preserve your sanity.  Not convinced?  Consider how clients might view on again/off again encryption: some messages are worth protecting and other’s aren’t?  Hmmm….
  • Put sensitive content behind a secure client portal.  Many practice management programs have this functionality, but if yours doesn’t, consider Slack.
  • Discuss electronic communication policies with clients and reiterate them in your fee agreement or engagement letter.

All Rights Reserved Beverly Michaelis 2017