End of the Line for Viivo Encryption

In late June, PKWARE announced the end of life for Viivo encryption.  If you’ve relied on Viivo to protect your files in Dropbox or elsewhere on the Web, you need to find another encryption solution sooner rather than later.

How Long Will Support Continue?

Users of the free and commercial versions of Viivo will have one year of support.

What Does Viivo Recommend?

While Viivo can be used after the service is shutdown, the company does not recommend this. All customers should move to another encryption solution.

How Long Do I Have to Act?

Viivo service will remain online until July 1st, 2018.  (But don’t wait until next year to tackle this issue!)

Next Steps

  1. Research and select another encryption solution (see below).
  2. Backup all files currently protected by Viivo.
  3. Decrypt all files currently protected by Viivo (the Website has step-by-step guides that walk you through the process).
  4. Implement the new encryption solution.
  5. Review your credit card statement.  If you have a paid Pro or Business subscription, your payment processing should have been suspended automatically.

Alternatives to Viivo

If you really like Dropbox and don’t want to switch, finding another cloud-based encryption service to fill the gap is imperative. BoxCryptor and Sookasa are two options. Sadly, CloudFogger and TrueCrypt are no more.

All Rights Reserved 2017 Beverly Michaelis

Cyber Security and Data Breach Response

lock“Cyber threat is one of the most serious economic and national security challenges we face as a nation.”  Barack Obama, President of the United States

The Identity Theft Resource Center has documented over 500 data breaches in 2014 through early September.  This represents a 26.2% increase over the same time period last year. The news isn’t any better for the legal profession.

The latest ABA Legal Technology Survey Report notes that “Nearly half of law firms were infected with viruses, spyware or malware last year.”  Fourteen percent of law firms “experienced a security breach last year in the form of a lost or stolen computer or smartphone, a hacker, a break-in or a website exploit.”

Where to Start

With such staggering numbers, it is easy to become overwhelmed.  If you are concerned about cyber security but don’t know where to start, begin here at the ABA Web site. If you are a prolific user of mobile devices, be sure to check out the ABA’s suggestions for Security on the Go.  To understand the state of security in US law firms, read this post by Bob Ambrogi.

Make Encryption Your Best Friend

Encryption is a powerful way to protect sensitive data belonging to you and your clients. The ABA post Playing it Safe provides a good overview.  Since TrueCyrpt is no longer available, check out the following reviews of encryption software: LIfehacker, GFI, PC World, and Gizmo.

You’ve Heard it Before: Use Strong Passwords

It seems we are reminding lawyers every other day about the importance of using strong passwords unique to each account or Web site.  See these recent posts on the ABA Law Technology Today blog:

Firewalls, Anti-Spam, Anti-Virus, Malware Protection

The best protection is comprehensive.  This excerpt from The 2014 Solo and Small Firm Technology Guide provides guidance.  Don’t be afraid to hire an IT expert to help.

Purchase Cyber Liability and Data Breach Coverage

The Professional Liability Fund (PLF) Excess Claims Made Plan automatically includes a cyber liability and data breach response endorsement with these features:

  • Forensic and legal assistance to determine compliance with applicable law
  • Notifications to individuals as required by law
  • 12 months credit monitoring to each notified client
  • Loss mitigation resources for law firms

If you aren’t eligible or don’t wish to purchase excess coverage through the PLF, contact a commercial carrier.

Protect Yourself Against Scams

The security measures outlined above are a good start toward protecting your firm and your clients from scams.  For more complete protection, get educated.  Order the free PLF CLE: “Protecting Your Firm and Your Client from Scams, Fraud, and Financial Loss,” and talk to your bank about fraud protection services.

[All Rights Reserved – 2014 – Beverly Michaelis]

 

 

What Lawyers Can Learn from the Yahoo Email Hack

Yahoo, the second largest email service worldwide, reported a security breach last untitledweek which exposed personal information from sent email folders.

The Associated Press reports:

Yahoo Inc. said in a blog post on its breach that “The information sought in the attack seems to be the names and email addresses from the affected accounts’ most recent sent emails.”

That could mean hackers were looking for additional email addresses to send spam or scam messages.  By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

If you correspond with friends, family, clients, or colleagues who use Yahoo’s mail service, scrutinize incoming e-mail carefully to avoid phishing scams. 

This breach has another takeaway for lawyers – you are only as secure as your third party vendors.  The Yahoo and Target breaches were both the result of third-party vendor hacks.  In the case of Yahoo, the information was collected from a third-party database.  In the Target hack, credentials were stolen from a third party vendor.

Lawyers should take this to heart when evaluating their own cyber liability and security – specifically with regard to HIPAA compliance.  If your servers are hosted in the cloud, or you use cloud-based practice management, accounting, or backup solutions, inquire into the security procedures of your vendors.  Remember that encryption is your friend.  All data stored in the cloud should be encrypted – minimally by your vendor.  Better yet: go the extra mile.  Seek out cloud providers who permit you to add your own third party encryption, like Viivo or TrueCrypt, so that you (and only you) hold the final encryption key.

All Rights Reserved [2014]

Beverly Michaelis