Cybercrime: An Ongoing Threat to Law Firms

In the most recent issue of Law Practice Today Sheri Davidoff describes how hackers exploit weak security measures to steal from you and your clients. The most common targets: your email, logins, and files.

Email hacks

Once a hacker gains access to your email, he or she may download your entire mailbox, set up a rule to forward your messages to their account, or use email content to begin victimizing clients.

Preventive steps

Use proper passwords

Pass phrases (sentences) are the best. Otherwise, choose passwords at least 14 characters in length which contain symbols and numbers. It is critical to create unique pass phrases or words for each login to limit the scope of a security breach. Do not share them. Do not write them on sticky notes posted to your monitor. A password manager can make the job easier.

Turn on two-factor authentication

This sounds fancy, and if you’re not familiar with it, intimidating. It is neither. Login as usual, have your smartphone or cell phone handy, and enter the code texted to you to complete your login. It’s that easy.


You can use your face or your fingerprint to login if your device or software supports it. A quick Google search generates pages of “pros and cons” posts, which I will avoid repeating here.

Limit substantive content in email

Consider limiting what you say by email when the information is sensitive. Pick up the phone or send the client a message prompting them to login to your secure client portal instead. As Davidoff points out in her post, “Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment.”

Malware and ransomware abound

The most likely way to get infected with malware or ransomware is to click on a suspicious attachment or link. Use common sense before you click and if in doubt: don’t! Even if the message appears to come from a trusted source. Pick up the phone or compose a new message and ask the sender if he/she sent the email. (Don’t ask by forwarding the suspicious message – you are only spreading the threat.)

The US Department of Homeland Security has valuable tips on combating malware and ransomware. Also, take a few minutes and peruse the resources available at the ABA Law Practice Division (search: “malware”) or checkout the Professional Liability Fund CLE, Data Security/Data Breach: What Every Lawyer Needs to Know to Protect Client Information.  

All Rights Reserved 2019 Beverly Michaelis

Document Naming in a Paperless Law Practice

I am often asked for best practice recommendations in running a paperless practice. How should I organize my electronic files? How should I name documents that I create or scan?

There is no better source for answering these questions than Donna Neff and Natalie Sanna’s article in Law Practice TODAY, The Document Naming System in Our Paperless Office.

Donna and Natalie suggest the following protocols when naming a document:

Include the date – year, month, day
Add an abbreviation that describes what the document is (ltr for letter; rpt for report)
Add a brief description of the document contents
Specify whether the document was sent (generated by you) or received (and scanned into your system)
Optionally, add the initials of the staff person who created or scanned the document (if a question arises later you can go directly to the author or scanner)

A document named by Sam Lawyer using Donna and Natalie’s protocols would look like this:

2013 03 11 ltr re settlement offer SENT sl.pdf

Notice the file name does not include the client or matter. These could be added, but beware that your file names might become quite long.

Whatever you decide (include client/matter name or not) the only discretionary part of the file name is the description. Everything else, especially the abbreviation scheme describing the document type (ltr for letter, rpt for report, pld for pleading, etc.) should be written in stone. No file naming convention will work if it isn’t used consistently.

This same principle applies to naming client folders and sub folders: creating a set structure and sticking to it saves the day. Donna and Natalie refer to this as creating a folder template. See their article for specific directions and screen shots.

Law Practice TODAY is a free Webzine from the ABA syndicated by the PLF. Check out the latest issues of LPT on the PLF Web site > Practice Mgmt Advisors – Tips.

Law Practice TODAY – July issue

The July issue of Law Practice TODAY is out.  This month’s theme is “Phones, Tablets & Mobile Computing: Oh My!”

Articles in this issue include:

  • 6 Android Apps for Attorneys
  • Connecting to the Web 101
  • The Mobility Choice
  • Securely Deleting Data from Mobile Devices
  • Motivate Employees: Set Goals, Communicate, and Say “Thanks”
  • Technology Brings Billing and Receivables into the New World of Law

Law Practice TODAY is a free monthly Webzine published by the ABA Law Practice Management Section.

Law Practice TODAY – June issue

The June issue of Law Practice TODAY is out.  This month’s theme is social networking.  Articles include:

  • Keeping Up With Your Social Network Universe
  • From the Social Media Trenches: A Roundtable Discussion
  • Tweet Me Right: A Practical Primer for Developing Relationships and Clients through Twitter
  • Social Media Risk Monitoring: Has Your Organization Been Gazopted?
  • Social Media and Search: The Impending Marriage
  • Navigating the Uncharted Waters of Social Media Marketing and Ethics
  • How to Use LinkedIn to Turn Online Connections into Offline Business
  • What’s the ROI on Your Social Media Marketing?
  • Social Media for Litigators

Law Practice TODAY is a free monthly Webzine published by the ABA Law Practice Management Section.

For further tips on navigating the waters of social networking, see Sorting Out Social Media: Tools and Etiquette.

Law Practice TODAY – May issue

The May issue of Law Practice TODAY is out.  This month’s theme is “What’s Happening in the Cloud?”  Articles include:

  • New (and Often Overlooked) Features and Functions of Google Apps
  • Office 365 for Lawyers
  • Document Management: Finding it in the Cloud
  • Lawyering Security in the Cloud
  • How to Make Your Services Irresistible to Clients
  • Web Site 101: Build and Rebuild

Law Practice TODAY is a free monthly Webzine published by the ABA Law Practice Management Section.