Using Zoom for Video Conferencing

I love Zoom, but like any tech, there are potential vulnerabilities for new users.

Protect your Zoom account and avoid Zoombombing (aka hacking) by following these suggestions:

  • Be wary of links. Login at Zoom directly rather than using the meeting link. Enter the provided meeting ID to join a meeting.
  • Set screen sharing to host only. Doing so prevents your meeting from being hijacked by a hacker.
  • Use the waiting room feature to prescreen and approve attendees.
  • Try Zoom webinars instead (this is the method I use for all my CLEs). Webinar settings offer advanced controls, including several approaches to prescreening attendees.

Read more about these safety tips here.

Are Zoom Conferences Recorded?

Webinars

When I conduct Zoom CLE webinars, I record them. This is a setting I activate as host. It isn’t automatic.

Meetings

Zoom meetings are recorded by default. Zoom help explains this and instructs hosts on how to change settings. This is one area where the USA Today article is misleading. For information on Zoom encryption, see this.

Give Others a Heads Up

No matter what you do, it is common sense to give clients and others a heads up on how your video meeting will be conducted. Advise if you plan to record. Let attendees know if your conference is listen only, whether they can raise their hand, or submit questions.

Documenting Your File

Recordings have their place. For example, preserving the meeting as part of your file. Advanced settings in Zoom allow you to include all participant names, add a time stamp, save chat files, and automatically transcribe audio.

All in all, Zoom is a pretty terrific tool.

All Rights Reserved 2020 Beverly Michaelis

Chief Justice Order Amended Today

This evening Oregon Chief Justice Walters issued amended CJO 20-006.

In addition to continuing the Level 3 health restrictions already in place, the Chief Justice is seeking legislative authority to (1) extend or suspend timelines currently set by statute or rule, and that apply after the initiation of both criminal and civil cases; and (2) ensure the ability to appear in court by telephone or other remote means in most circumstances. If that authority is granted, a supplemental order will be issued.

With exceptions, proceedings and trials scheduled to begin earlier than June 1, 2020, are postponed, and no trials will be scheduled to begin before June 1, 2020.

The Chief Justice also ordered temporary suspension of collection fees and amended UTCR 21.090 and repealed UTCR 21.120. The net result of this change is to permit the use of electronic signatures by declarants if created with secure software.

Read the full press release here.

Ethics of Disaster Recovery and Data Breaches

Coming December 10 at 1:00 pm Eastern, 10:00 am Pacific – a lawyer’s ethical duties in responding to disasters and data breaches. Featuring ABA Formal Opinion 483: Lawyers’ Obligations After an Electronic Data Breach or Cyberattack and Formal Opinion 482: Ethical Obligations Related to Disasters (2018).

This session will offer real-life examples on how to recover from a disaster or a data breach — ethically.

Disasters and data breaches bring with them conflicting priorities to resolve. Duties of disclosure compete with those of confidentiality for your attention. The responsibility to provide legal services for which your clients have contracted may be adversely affected by disaster. Model Rules 1.4 and 1.6 provide the standards and the recent ABA opinions flesh out your ethical duties in the event of a disaster (natural or man-made) or a data breach (which is of course a very specific form of a disaster!).

Join our panel of experts as they guide you through these opinions with practical examples of how best to ensure you and your clients are protected in the face of this new world and all it has to throw at you.

This is a free CLE for ABA members. Register here.

All Rights Reserved 2019 Beverly Michaelis

Cybercrime: An Ongoing Threat to Law Firms

In the most recent issue of Law Practice Today Sheri Davidoff describes how hackers exploit weak security measures to steal from you and your clients. The most common targets: your email, logins, and files.

Email hacks

Once a hacker gains access to your email, he or she may download your entire mailbox, set up a rule to forward your messages to their account, or use email content to begin victimizing clients.

Preventive steps

Use proper passwords

Pass phrases (sentences) are the best. Otherwise, choose passwords at least 14 characters in length which contain symbols and numbers. It is critical to create unique pass phrases or words for each login to limit the scope of a security breach. Do not share them. Do not write them on sticky notes posted to your monitor. A password manager can make the job easier.

Turn on two-factor authentication

This sounds fancy, and if you’re not familiar with it, intimidating. It is neither. Login as usual, have your smartphone or cell phone handy, and enter the code texted to you to complete your login. It’s that easy.

Biometrics

You can use your face or your fingerprint to login if your device or software supports it. A quick Google search generates pages of “pros and cons” posts, which I will avoid repeating here.

Limit substantive content in email

Consider limiting what you say by email when the information is sensitive. Pick up the phone or send the client a message prompting them to login to your secure client portal instead. As Davidoff points out in her post, “Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment.”

Malware and ransomware abound

The most likely way to get infected with malware or ransomware is to click on a suspicious attachment or link. Use common sense before you click and if in doubt: don’t! Even if the message appears to come from a trusted source. Pick up the phone or compose a new message and ask the sender if he/she sent the email. (Don’t ask by forwarding the suspicious message – you are only spreading the threat.)

The US Department of Homeland Security has valuable tips on combating malware and ransomware. Also, take a few minutes and peruse the resources available at the ABA Law Practice Division (search: “malware”) or checkout the Professional Liability Fund CLE, Data Security/Data Breach: What Every Lawyer Needs to Know to Protect Client Information.  

All Rights Reserved 2019 Beverly Michaelis