Focus on Security – More from the 2018 ABA TECHSHOW

We all know that securing our law firms and protecting client information is our ethical duty. Thus, the continuing focus on security at this year’s ABA TECHSHOW.

Among the topics:

Of course, there were the usual reminders: don’t use unsecured WiFi, don’t click without thinking, watch out for keyloggers when using public computers, and use strong (and unique) pass phrases for all accounts.

Even so, reminders don’t hurt.  And we need to stay on top of trends like how to secure your phone when traveling or Internet-connected printers, TVs, baby monitors, or appliances that may be spying on us.

So get a cup of coffee or tea, and take five with me.  Check out these “best of” summaries of what the experts at TECHSHOW shared:

For more summaries of 2018 ABA TECHSHOW tips, advice, apps, websites, and other useful resources for lawyers, see my main Wakelet page.

All Rights Reserved 2018 Beverly Michaelis

Best Password Generators for the New Year

A reader recently recommended I revisit the subject of random password generators, many of which also log passwords for us.  Everyone seems to know about LastPass, but are there any other options?

Luckily, TechRadar and PC Magazine have done the work for us.  LastPass topped both lists for “best password generator of 2017,” followed by DashLane.  Also worth your consideration:

Which is the best?

It depends on what you want the password generator to do.  For example, RoboForm also serves as a digital wallet and form filler – helping you securely complete online forms.  If your top priority is free, look at KeePass, but remember the features are limited.  For a side-by-side comparison of cost and what each option offers, see the PC Magazine post.  Once you’ve narrowed your choices down, check out TechRadar, which has more in-depth reviews.

All Rights Reserved – Beverly Michaelis 2018

7 Steps You Can Take Now to Protect Your Data

lockUnless you’ve been playing ostrich, you’re likely aware that data breaches and ransomware are about as common as Mom and apple pie.  Witness the recent hack of 272 million Gmail, Microsoft, and Yahoo! accounts.

Fortunately, there are simple steps you can take now that will help protect your data.  [With thanks and all due credit to Lane Powell’s Beyond IP Law post, The Scariest Hack So Far, for inspiring this elucidation of their original list]:

Step 1: Start Using Encryption

For your desktop, cloud-based accounts, mobile devices – anywhere or any place you store or transmit confidential or private information.  For a thorough discussion of how to implement encryption throughout your firm, see Encryption Made Simple for Lawyers, now a book available for purchase on the ABA website.  (Non-ABA members in Oregon can save money at checkout by using the OSB Professional Liability Fund discount code: OSBPLF.)

Step 2: Set Up Two-Factor Authentication for Cloud Services

“The concept of two-factor authentication is that a person cannot access another user’s account without something she knows and something she has. In the case of popular services (like Google or Dropbox), the solution is a strong password plus a secondary code that is sent via text to a smartphone or mobile device.”  Catherine Sanders Reach, Set Up Two-Factor Authentication: What Are You Waiting For?  [Read Catherine’s post for step-by-step directions or search Help in your cloud-based service for assistance in setting up two-factor authentication.]

Step 3:  Erect Firewalls

Firewalls sit between you and the rest of the Internet.  They protect unauthorized access to your computer by ignoring or repelling information that appears to come from unsecured, unknown, or suspicious locations.  The best firewall configuration is a one-two punch:  hardware firewall + software firewall.

Setting up a hardware firewall requires no effort on your part.  While you can buy a stand-alone appliance, hardware firewalls are now automatically incorporated into your router (the box in your office or house installed by your Internet Service Provider).

Software firewalls are installed on your computer system like any other application, and are also easy/breezy since they are typically built into anti-virus software.  (See discussion that follows.)

Step 4: Install Anti-Virus, Anti-Malware, Anti-Spyware Programs and Keep Them Updated

This seems pretty explanatory, but let me add some free advice:

  • Don’t disable automatic updates to your virus definition database
  • Run quick scans when prompted
  • Run full scans at least monthly
  • Don’t ignore notifications that your software isn’t running properly

For a list of the best anti-virus utilities for PCs, see this list from PC Magazine.  For a list of the best anti-virus utilities for Macs, check out this MacWorld post.  For other recommendations, run a Google search.

My personal opinion: run far, far away from McAfee.  [I really don’t give a rip that it is “now part of Intel Security.”]  First, McAfee blocked access to my work VPN (virtual private network).  There was no way to set a rule or create an exception and tech support was incredibly unhelpful.  Second, McAfee is notoriously hard to uninstall. Using Add/Remove Programs in the Control Panel is only the first step; you must download a separate application from McAfee to get rid of it.  I mention this because McAfee tends to come pre-installed on laptops or desktops purchased from retailers like Best Buy.  What to do?  If McAfee was inflicted on you (pre-installed), get rid of it.  Follow the link above for the uninstaller.  Next, buy Kaspersky.  I have been very pleased with Kaspersky from day one and it has never interfered with my VPN connection.

Step 5:  Run Operating System and Other Software Updates

This also seems self-explanatory.  Mac and Windows OS ship with automatic updates enabled – don’t fuss with this.  If Microsoft or Apple thinks you need a security patch, a fix, or upgrade, let it run.  The same goes for every application installed on your computer:  Microsoft Office, Acrobat DC, Quicken, QuickBooks – let automatic updates run.  If you’re not sure whether automatic updates are enabled, check Help or search the product’s website.  Some programs also allow you to manually search for updates. Acrobat DC is an example.  In the menu, select Help, and choose “Check for Updates…”

Step 6:  Be Ready to Kill Your System If You Suspect a Breach

In the original post which inspired me to write on this topic, author Jane E. Brown comments: “Consider using a “kill switch”— when suspicious events happen, the IT department should automatically be notified and the network should shut down if no protective measures are taken.”

I have known of events that required a kill switch.  One Oregon lawyer was hacked via a phishing email.  The hacker was able to get enough information from the lawyer and the lawyer’s system to contact clients by email and request that they input credit card information to pay their bills. Fortunately, a few clients recognized that this request was outside the lawyer’s usual billing process and called the office.  The lawyer had to pull the kill switch and take other steps, including freezing bank accounts.  This turned out to be a smart move, as within 24 hours the hacker also attempted to withdraw thousands of dollars from the lawyer’s trust account.

Step 7:  Lose Your Device?  Lose Your Credentials.

There are some obvious times when it makes sense to reset or revoke user names and passwords (login credentials):

  • At termination
  • If a network-connected device is lost
  • You experience a security intrusion
  • Your security, privacy, or confidential policies are breached

Final Thoughtsth

None of these steps are difficult, but bouncing back from a security breach is.

 

 

[All Rights Reserved 2016 Beverly Michaelis]

Critical Security Concerns for Internet Explorer, Flash, and AOL Users

On the heels of Heartbleed, more security concerns:

Stop Using Internet Explorer Now
By now you have likely heard about the security issues with Internet Explorer. However, you may not realize that the US government warned users to quit using IE until Microsoft fixes a security hole that could allow hackers to gain remote access to your computer.

To be safe, download an alternate browser like Firefox or Chrome and avoid Internet Explorer until Microsoft issues a patch. UPDATE: a patch is now available for all Windows users, even XP. Run Windows Update to verify the patch has been installed. in my case, I found it had been downloaded but not installed.

Update Adobe Flash Player
A second security bug involves Adobe Flash Player. This vulnerability permits remote code execution, potentially giving hackers access to your computer. (For those who are curious, the result is the same as the Internet Explorer vulnerability, but the two security issues are unrelated.)

Adobe has already pushed out an emergency security patch which all users should download immediately.

AOL Compromised
In a third security incident, AOL reported a security breach of its email servers. AOL users should change their passwords immediately.

25 Law Practice Tips from Twitter

If you follow this blog, then you know I’m a fan of Twitter – in part because it is a great source for law practice and technology tips.  Consider these 25 recent tweets in the areas of organization, financial management, marketing, security, and iPhone/iPad tips:

Organization

  • Are you an e-hoarder? Here’s how to tell. http://t.co/4FmX6ZH8 (So true!) (RT @NetworkWorld)
  • Protect yourself from e-mail overload: http://t.co/codvw2Ad #smallbiz #organization #business (RT @bettybudget)
  • Organizing your workspace based on function zones http://t.co/RYBW3duG #organization (Good tips from The Unclutterer) (RT @rocketmatter)
  • 17 Best Tools and Apps for Building New Habits and Goals. http://t.co/pjViXVgA #SPU Do you use any? (RT @SoloPracticeU)

Financial Management

  • What lawyers need to know about 1099s and other tax compliance issues: Wash St Bar News, p. 32: http://t.co/i08xDml (from @OreLawPracMgmt)
  • “The sky still hasn’t fallen on the hourly rate model” | Daily Report http://t.co/m0yRUSuE (RT @AdvertisingLaw)
  • Can I Double My Fee if the Client Doesn’t Pay? http://t.co/WFr124BK(from @OreLawPracMgmt)
  • Don’t Leave Receivables in Limbo http://t.co/7Ek7A8zQ (unless you want to go out of business) (RT @Law_Practice)
  • In some sense, all lawyers are sole practitioners. Why *you* should build a portable book of business, http://t.co/gf7h36Kp (from @OreLawPracMgmt)
  • Check Scams Continue to Plague Oregon Lawyers, http://t.co/PPvlZDJV(from @OreLawPracMgmt)

Marketing

  • Cross-Selling, Up-Selling, and Communication Increase Revenue http://t.co/kcSsrIUJ (RT @lawyerist)
  • How to promote your law blog – RLHB http://t.co/k3XrbGLi (RT @jaredcorreia RT @rodneydowell RT @kevinokeefe)
  • Myrland Marketing Moment: Not happy others aren’t commenting on your Social Media? How often do you comment? (RT @NancyMyrland)
  • Online Marketing Strategies for Small Budgets – @attnyatwork http://t.co/8Zct2GL6 (RT @rocketmatter)

Security

  • Are Passwords the Weak Link in Your Firm’s Security Chain? http://t.co/yJt690rl (RT @ltrc RT @jaredcorreia RT @erikmazzone)
  • The State of Mobile App Security [TCTV] | @scoopit http://t.co/DUcrZtZf… (RT @deboraplehn)
  • Please Rob Me! Posting Location Data on Facebook http://t.co/Qsmc9U25 (from @OreLawPracMgmt)
  • Are You Safe & Secure On The Web? http://t.co/NjZTYJ1Y (RT @rocketmatter RT @nikiblack: via @advocatesstudio)
  • What Lawyers Should Know About Cloud Computing Security http://t.co/oqzSar5z (RT @PhilNugent RT @sfinnovation)

iPad and iPhone Tips

Social media offers a virtual means to share, exchange, engage, and learn.  Consider getting involved today!