Important Advice from the Oregon AG About the Equifax Breach

Yesterday the Oregon Attorney General shared important advice about the Equifax data breach. Here are the key takeaways:

  1. Do not visit the Equifax website to determine if your information has been compromised.
  2. Check your credit report.
  3. Place a freeze on your credit. 
  4. Place a fraud alert in your credit file.
  5. File your taxes as early as possible.
  6. Visit identitytheft.gov to learn more.

Read the full post, including AG Rosenblum’s reasoning for avoiding the Equifax website, here.

MS Ignite 2016: New Ideas, New Features for OneDrive, Office 365, and More

September 26-30 marked Microsoft’s second annual technology conference known as #MSIgnite. With over 22,000 attendees, the conference set Twitter afire with a long list of product enhancements – some available now, others coming before year-end.

New Functionality for OneDrive Users

If you’re a OneDrive user, you’ll be thrilled to hear about these new features:

  • Ability to sync SharePoint Online document libraries and OneDrive folders
  • One-stop shopping for browsing and editing SharePoint Online and OneDrive files using the OneDrive browser client
  • Ability to download multiple documents as a .zip file
  • Improvements to the Android OneDrive App – support for SharePoint Online files and multi-page scan enhancements
  • Notifications to your mobile device when someone shares a OneDrive file with you
  • Ability to see over time how many people have discovered and viewed your files in OneDrive for iOS

See the full list of OneDrive updates here.

Enhancements to the Outlook Mobile App

  • The new, improved calendar app on iOS and Android devices now offers event icons, simpler scheduling, and on-the-fly editing of recurring meetings
  • Use the “smart location” feature on the mobile app to easily add maps and directions to event details.  Next time you create an event, just start typing a location.  Choose one of the suggestions and Outlook will include a map with your event details.
  • Use the @ symbol to get someone’s attention: typing the @ symbol followed by a person’s name in the body of an email message or a meeting invite will automatically add the person to the To line of the email or meeting invite.
  • Coming soon: meeting invites will support real-time availability checks with a slide-bar interface – via @thevarnish
  • Outlook for iOS and Android is now powered by the Microsoft Cloud for Office 365. All your data is now fully delivered through Microsoft’s secure servers (no third party vendor, no mailbox data cached outside Office 365).
  • New assistive technology has been added for reading email, scheduling meetings, and adding a signature

Improvements to Word, Excel, and PowerPoint

Word

  • Use Researcher to find credible sources and content: “Researcher is a new service in Word that helps you find and incorporate reliable sources and content for your paper in fewer steps. Right within your Word document you can explore material related to your topic and add it—and its properly-formatted citation—in one click. Researcher uses the Bing Knowledge Graph to pull in the appropriate content from the web and provide structured, safe and credible information.”
  • Improve your writing with the new digital writing assistant known as Editor, a cloud-based service that uses machine learning, natural language processing, and input from linguists to improve writing through advanced proofing and editing. [Caveat: not suitable for confidential content.]
  • Write or draw with your finger, a pen, or a stylus in Word, Excel, and PowerPoint mobile apps (known as “inking.”)

Excel

PowerPoint

  • Use Designer to instantly turn a bulleted process list into a SmartArt graphic
  • Get an “instant slide makeover” any time by selecting the “Design” tab in the ribbon.  Choose “Design Ideas” (far right of the Design toolbar) to preview new slide designs.
  • Use the Recording tab to create a presentation that includes recorded slides, screen recordings, narrations, and videos. Embed quizzes and other apps in your presentation to make it more interactive for your audience.
  • Use QuickStarter to find outlines for any topic, including recommendations on information to include, categories to consider and associated images tagged with Creative Commons licenses.

Making Skype Better

Skype for Business is already the number one meeting app, so how can it get any better? Consider these improvements announced at #MSIgnite 2016:

  • Skype for Business for Mac will be available in October, with hi-def audio and video, one-click join for meetings, and video and desktop sharing
  • Also coming in October: enhancements to the iPhone app: Skype for Business calls will work just like a cellular call on your iPhone. You can accept a call via the lock screen or put a Skype for Business call on hold to take a cellular phone call—it works just like a phone.
  • Real-time transcription and translation in 50 languages will come to Skype Meeting Broadcast by year-end

Migrating to Windows 10

If you haven’t migrated to Windows 10, check out this free migration assessment tool from VMWare.  Announced at #MSIgnite, the new tool is designed to assess:

  • Windows 10 readiness;
  • End-user behavior;
  • Device inventory and configurations;
  • Software dependency and usage information; and
  • Web and network usage patterns.

If this sounds like tech-speak, it is.  But the goals are simple: (1) identify potential problems transitioning from your current operating system to Windows 10; (2) Optimize your use of Windows 10.

Still not sure?  Contact your computer consultant.

Key Microsoft Security Improvements

There are two kinds of big companies: those who have been hacked
and those who don’t know they’ve been hacked. 

@JPvR_NL

Protecting Browser Sessions

Most cyber attacks start at the browser level, making browser security critically important. Windows Defender App Guard for Microsoft Edge protects against browser-based security incursions:

Unlike other browsers that use software-based sandboxes, which still provide a pathway for malware and vulnerability exploits, Microsoft Edge’s use of Application Guard isolates the browser and employee activity using a hardware-based container to prevent malicious code from impacting the device and moving across the enterprise network.

Once enabled, enterprise administrators can configure a trusted network site list policy and distribute the group policy to any devices it wishes to protect with Application Guard. Even if an untrusted site successfully loads malware, the malware is unable to reach beyond the isolated container to steal data or permanently compromise devices or the network. Once the employee exits their Microsoft Edge browsing session, any malware is erased, preventing further attacks.

Detecting and Responding to Cyber Attacks

Security features and cyber threat intelligence gathered from WDATP (Windows Defender Advanced Threat Protection) and Office 365 ATP (Advanced Threat Protection) are now combined to allow enterprises to detect, investigate, and respond to advanced attacks on their networks, Windows 10, and Office 365.

Now, IT can identify and follow the complete chain of an attack from an email – to across the network – with detailed timelines and analysis. This real-time access and product integration converts the time to investigate an incident from days or weeks to mere hours. And the comprehensive security intelligence from Microsoft and our industry partners, including FireEye iSight threat intelligence, puts all the information needed to investigate and respond in an easy, simplified interface with clear steps for remediation. It’s the most comprehensive and robust security solution available today.

Interesting Stats from the Keynotes and Other Presentations

  • There are 70 million Office 365 users and over 400 million Windows 10 users
  • The Department of Defense is targeting to have Windows 10 on more than 4 million devices
  • Office 365 has an uptime of 99.98%
  • The average person uses 3 mobile devices at work (expected to increase)
  • Skype for Business is the most-used meeting app: Microsoft manages over 13,000 meeting rooms; 38% of all international calling uses Skype; the Skype app has been downloaded 1.1 billion times on iOS and Android devices
  • 58% of workers admit to sending data to the wrong person
  • Microsoft scans 200 billion emails every month for malware
  • 50% of cloud-era millennials will be in the workforce by 2020

Other News from #MSIgnite

  • You may have heard of Azure – Microsoft’s integrated cloud service platform. #MSIgnite 2016 included a number of Azure upgrades of interest to developers and IT professionals.  Read more here.
  • Many SharePoint improvements were announced at #MSIgnite 2016.  For all the details, check out this post.  Also see this summary from Microsoft.
  • Over 150 on-demand video sessions are available at no charge from the 5 day conference. Check out the list here.

All Rights Reserved 2016 Beverly Michaelis

All the Tech Tips You’ll Ever Need

Well… that may be a bit of a stretch, but this is still a goodie.

If you enjoy the ABA TECHSHOW format of 60 TechTips in 60 Minutes, you will certainly appreciate the lead-off presentation from this year’s inaugural Oregon State Bar Solo & Small Firm Conference.

Featuring Paul Unger and Barron Henley, “60 Legal Tech Tips, Gadgets, Apps and Websites” was a technology whirlwind.  I can honestly say I’ve saved the best post for last.  [If you missed out on prior posts, just time travel back to July 13 to see the beginning and work your way forward.]

Here are a few of the jewels Paul and Barron shared:

For the complete compilation, see this post on Storify.

All Rights Reserved 2016 Beverly Michaelis

Postscript

Also see the related story featuring Barron’s tips on “Superior Methods for Drafting Complex Legal Documents.”

7 Steps You Can Take Now to Protect Your Data

lockUnless you’ve been playing ostrich, you’re likely aware that data breaches and ransomware are about as common as Mom and apple pie.  Witness the recent hack of 272 million Gmail, Microsoft, and Yahoo! accounts.

Fortunately, there are simple steps you can take now that will help protect your data.  [With thanks and all due credit to Lane Powell’s Beyond IP Law post, The Scariest Hack So Far, for inspiring this elucidation of their original list]:

Step 1: Start Using Encryption

For your desktop, cloud-based accounts, mobile devices – anywhere or any place you store or transmit confidential or private information.  For a thorough discussion of how to implement encryption throughout your firm, see Encryption Made Simple for Lawyers, now a book available for purchase on the ABA website.  (Non-ABA members in Oregon can save money at checkout by using the OSB Professional Liability Fund discount code: OSBPLF.)

Step 2: Set Up Two-Factor Authentication for Cloud Services

“The concept of two-factor authentication is that a person cannot access another user’s account without something she knows and something she has. In the case of popular services (like Google or Dropbox), the solution is a strong password plus a secondary code that is sent via text to a smartphone or mobile device.”  Catherine Sanders Reach, Set Up Two-Factor Authentication: What Are You Waiting For?  [Read Catherine’s post for step-by-step directions or search Help in your cloud-based service for assistance in setting up two-factor authentication.]

Step 3:  Erect Firewalls

Firewalls sit between you and the rest of the Internet.  They protect unauthorized access to your computer by ignoring or repelling information that appears to come from unsecured, unknown, or suspicious locations.  The best firewall configuration is a one-two punch:  hardware firewall + software firewall.

Setting up a hardware firewall requires no effort on your part.  While you can buy a stand-alone appliance, hardware firewalls are now automatically incorporated into your router (the box in your office or house installed by your Internet Service Provider).

Software firewalls are installed on your computer system like any other application, and are also easy/breezy since they are typically built into anti-virus software.  (See discussion that follows.)

Step 4: Install Anti-Virus, Anti-Malware, Anti-Spyware Programs and Keep Them Updated

This seems pretty explanatory, but let me add some free advice:

  • Don’t disable automatic updates to your virus definition database
  • Run quick scans when prompted
  • Run full scans at least monthly
  • Don’t ignore notifications that your software isn’t running properly

For a list of the best anti-virus utilities for PCs, see this list from PC Magazine.  For a list of the best anti-virus utilities for Macs, check out this MacWorld post.  For other recommendations, run a Google search.

My personal opinion: run far, far away from McAfee.  [I really don’t give a rip that it is “now part of Intel Security.”]  First, McAfee blocked access to my work VPN (virtual private network).  There was no way to set a rule or create an exception and tech support was incredibly unhelpful.  Second, McAfee is notoriously hard to uninstall. Using Add/Remove Programs in the Control Panel is only the first step; you must download a separate application from McAfee to get rid of it.  I mention this because McAfee tends to come pre-installed on laptops or desktops purchased from retailers like Best Buy.  What to do?  If McAfee was inflicted on you (pre-installed), get rid of it.  Follow the link above for the uninstaller.  Next, buy Kaspersky.  I have been very pleased with Kaspersky from day one and it has never interfered with my VPN connection.

Step 5:  Run Operating System and Other Software Updates

This also seems self-explanatory.  Mac and Windows OS ship with automatic updates enabled – don’t fuss with this.  If Microsoft or Apple thinks you need a security patch, a fix, or upgrade, let it run.  The same goes for every application installed on your computer:  Microsoft Office, Acrobat DC, Quicken, QuickBooks – let automatic updates run.  If you’re not sure whether automatic updates are enabled, check Help or search the product’s website.  Some programs also allow you to manually search for updates. Acrobat DC is an example.  In the menu, select Help, and choose “Check for Updates…”

Step 6:  Be Ready to Kill Your System If You Suspect a Breach

In the original post which inspired me to write on this topic, author Jane E. Brown comments: “Consider using a “kill switch”— when suspicious events happen, the IT department should automatically be notified and the network should shut down if no protective measures are taken.”

I have known of events that required a kill switch.  One Oregon lawyer was hacked via a phishing email.  The hacker was able to get enough information from the lawyer and the lawyer’s system to contact clients by email and request that they input credit card information to pay their bills. Fortunately, a few clients recognized that this request was outside the lawyer’s usual billing process and called the office.  The lawyer had to pull the kill switch and take other steps, including freezing bank accounts.  This turned out to be a smart move, as within 24 hours the hacker also attempted to withdraw thousands of dollars from the lawyer’s trust account.

Step 7:  Lose Your Device?  Lose Your Credentials.

There are some obvious times when it makes sense to reset or revoke user names and passwords (login credentials):

  • At termination
  • If a network-connected device is lost
  • You experience a security intrusion
  • Your security, privacy, or confidential policies are breached

Final Thoughtsth

None of these steps are difficult, but bouncing back from a security breach is.

 

 

[All Rights Reserved 2016 Beverly Michaelis]

2016 ABA TECHSHOW Takeaways: 10 Security Steps to Take Now!

The incomparable Tim Baran from Legal Productivity has done it again. His post, 10 Actionable Privacy, Security & Encryption Takeaways From #ABATECHSHOW is a must-read for all lawyers.  (Important enough that I bumped the post I was planning to publish today.)

Included in Tim’s roundup:

  • Password managers
  • Secure web browsing with HTTPS Everywhere
  • No-track search engines
  • Using false answers to security questions to foil ne’er-do-wells
  • Encrypted telephone conversations and text messages
  • Encrypted files in the cloud
  • Protecting your smartphone camera
  • Using multi-factor authentication
  • Turning on automatic updates
  • Communicating over VPNs in lieu of insecure public WiFi

This is the best of the best.  Take two minutes from your day and read Tim’s post!  While you’re at it, consider subscribing to the Legal Productivity RSS feed for great practice tips on technology, mobile lawyering, marketing, organization, making money, and wellness.