Cybercrime: An Ongoing Threat to Law Firms

In the most recent issue of Law Practice Today Sheri Davidoff describes how hackers exploit weak security measures to steal from you and your clients. The most common targets: your email, logins, and files.

Email hacks

Once a hacker gains access to your email, he or she may download your entire mailbox, set up a rule to forward your messages to their account, or use email content to begin victimizing clients.

Preventive steps

Use proper passwords

Pass phrases (sentences) are the best. Otherwise, choose passwords at least 14 characters in length which contain symbols and numbers. It is critical to create unique pass phrases or words for each login to limit the scope of a security breach. Do not share them. Do not write them on sticky notes posted to your monitor. A password manager can make the job easier.

Turn on two-factor authentication

This sounds fancy, and if you’re not familiar with it, intimidating. It is neither. Login as usual, have your smartphone or cell phone handy, and enter the code texted to you to complete your login. It’s that easy.

Biometrics

You can use your face or your fingerprint to login if your device or software supports it. A quick Google search generates pages of “pros and cons” posts, which I will avoid repeating here.

Limit substantive content in email

Consider limiting what you say by email when the information is sensitive. Pick up the phone or send the client a message prompting them to login to your secure client portal instead. As Davidoff points out in her post, “Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment.”

Malware and ransomware abound

The most likely way to get infected with malware or ransomware is to click on a suspicious attachment or link. Use common sense before you click and if in doubt: don’t! Even if the message appears to come from a trusted source. Pick up the phone or compose a new message and ask the sender if he/she sent the email. (Don’t ask by forwarding the suspicious message – you are only spreading the threat.)

The US Department of Homeland Security has valuable tips on combating malware and ransomware. Also, take a few minutes and peruse the resources available at the ABA Law Practice Division (search: “malware”) or checkout the Professional Liability Fund CLE, Data Security/Data Breach: What Every Lawyer Needs to Know to Protect Client Information.  

All Rights Reserved 2019 Beverly Michaelis

Phishing Scam Hits OJD Users

Here are the details.

Astonishing Admission from Amazon about your Data

Thanks to Delaware Senator Chris Coons we recently learned that Amazon keeps Alexa transcripts and voice recordings indefinitely and only removes them if they’re manually deleted by users. Maybe.

While the company is engaged in an “ongoing effort to ensure those transcripts do not remain in any of Alexa’s other storage systems,” there are still records from some conversations with Alexa that Amazon won’t delete, even if people remove the audio.

In addition, Alexa also retains all purchase requests, reminders, and alarms.

Wow!

You, the user, must take the extra step to delete this data – and even if you do – Amazon doesn’t always follow through.

Despite reports by cnet and other tech sites, this news flew under the radar when reported last Tuesday – two days before Independence Day.

Smart Technology

As cnet points out, voice assistants aren’t the only cause for privacy concerns. Any smart home device – locks, doorbells, or appliances – can potentially collect and share your data. Be aware that the price you pay for convenience may mean sacrificing privacy.

All Rights Reserved 2019 Beverly Michaelis

See the Data Apple Has Collected on You — Via Ball in your Court

Two-and-a-half years ago, I concluded a post with this bluster: “Listen, Amazon, Apple, Microsoft and all the other companies collecting vast volumes of our data through intelligent agents, apps and social networking sites, you must afford us a ready means to see and repatriate our data. It’s not enough to let us grab snatches via an unwieldy […]

via Cloud Takeouts: Can I Get That to Go? — Ball in your Court

Legal News and Upcoming Events

Is Mandatory Malpractice Coverage Coming to Washington?

Mandatory malpractice coverage is well known by Oregon lawyers and may be coming soon to members of the Washington bar (WSBA).

In July, the WSBA Mandatory Malpractice Insurance Task Force presented a tentative recommendation to the Board of Governors (BOG) to mandate malpractice insurance for Washington-licensed lawyers. The task force expects to present a final report to the BOG in four short months.

Next steps include:

  1. Considering feedback from the Board of Governors;
  2. Ramping up information efforts among WSBA members, and obtaining and considering additional comments received;
  3. Detailing the recommended malpractice insurance mandate, including the specific
    required coverage minimums;
  4. Identifying in detail the recommended exemptions from the professional liability
    insurance requirement; and
  5. Drafting a proposed Court Rule for the Board of Governor’s consideration

Members may submit comments to insurancetaskforce@wsba.org. The task force continues to meet monthly through the end of the year. Read the interim report here.

Free Access to PACER

This past week, the ABA Journal reported a potential end to PACER fees:

A new bill before the U.S House of Representatives would prohibit the federal courts from charging for public documents. The Electronic Court Records Reform Act would require that documents downloaded from the PACER database be free. Currently, the repository for federal court documents charges up to 10 cents a page.

The article notes that PACER has become a reliable money-maker for federal courts, pulling in $150 million in fees in 2015 alone.

Of further interest to federal court practitioners, the proposed bill would require documents to be posted to PACER within five days of being filed in federal court in a manner that allows for easy searching and linking from external websites.

Additionally, it would require consolidation of the Case Management/Electronic Case Files (CM/ECF) system, allowing for one-stop shopping when searching for federal court cases. Presently, each court operates its own separate CM/ECF system.

Free Data Breach CLEs in Bend and Medford

The Professional Liability Fund is offering two free data breach CLES in October:

These CLEs will explain data breach, what you can do to protect your client’s information, your ethical duties, and what to do if a breach occurs. For more information, follow the links above. Register for the Bend CLE by emailing DeAnna Shields at deannas@osbplf.org. Register for the Medford CLE by emailing Eric B. Mitton at eric.mitton@cityofmedford.org.

All Rights Reserved – 2018 – Beverly Michaelis