End of the Line for Viivo Encryption

In late June, PKWARE announced the end of life for Viivo encryption.  If you’ve relied on Viivo to protect your files in Dropbox or elsewhere on the Web, you need to find another encryption solution sooner rather than later.

How Long Will Support Continue?

Users of the free and commercial versions of Viivo will have one year of support.

What Does Viivo Recommend?

While Viivo can be used after the service is shutdown, the company does not recommend this. All customers should move to another encryption solution.

How Long Do I Have to Act?

Viivo service will remain online until July 1st, 2018.  (But don’t wait until next year to tackle this issue!)

Next Steps

  1. Research and select another encryption solution (see below).
  2. Backup all files currently protected by Viivo.
  3. Decrypt all files currently protected by Viivo (the Website has step-by-step guides that walk you through the process).
  4. Implement the new encryption solution.
  5. Review your credit card statement.  If you have a paid Pro or Business subscription, your payment processing should have been suspended automatically.

Alternatives to Viivo

If you really like Dropbox and don’t want to switch, finding another cloud-based encryption service to fill the gap is imperative. BoxCryptor and Sookasa are two options. Sadly, CloudFogger and TrueCrypt are no more.

All Rights Reserved 2017 Beverly Michaelis

Saving Gmail to PDF Using Zapier

Google Calendar in one hourAre you a Gmail user?  Many lawyers are.

Gmail and Google Calendar [sometimes coupled with Google Apps] is a popular alternative to Outlook.  But there is a key issue with using web-based email that lawyers often overlook: messages stored online simply don’t make it to your client file.  If you prefer web-based email and rebel against the idea of downloading messages to a local program on your desktop or laptop, how can you document your file?

This has been a challenge.  Until now.

The Bad Old Days: Saving Messages as Individual PDF Files

Gmail – as stand-alone web-based email – does not offer an easy way to capture a group of messages labeled or stored in a folder online.  If you want to save client emails, you must do so one at a time by printing each message to PDF (or scanning each message to PDF).  This is so incredibly tedious that most lawyers never do it.  Messages are saved online and nowhere else, resulting in non-cohesive client records.

Today’s solution: Zapier

Zapier is one way to solve this problem.  It automatically files Gmail by moving messages for you.  The only trick is the destination, which must be another web-based service or account.  Google Drive and Dropbox are two examples of locations where mail can be saved.  Here is a simple explanation of how the service works.

If you are paperless and storing your client records at one of the supported online destinations, then Zapier can make your client file cohesive.  Everything is in one location and your records are complete.  One of the most popular approaches is to use Zapier to save client email to Dropbox.

Parting Thoughts

“Zapping” your Gmail to the same online location where you keep your other client records seems like a good way to go.  As with any cloud-based solution, there are ethical concerns.

  1. Is Zapier secure?  Zapier stores the data it is moving on your behalf for 7 days, then purges it.  Your credentials are protected by bank-level encryption.  HTTPS or SSL connections are used whenever possible [If the destination app you are connecting to is not HTTPS or SSLZapier cannot “force” that type of connection.]  Users can monitor the task history of Zapier for the life of their accounts to verify activity and data transfer. Read more here.
  2. Is it a good idea to keep confidential and privileged client records in Dropbox, Google Drive, Box, or One Drive?  Yes, provided you supplement the built-in protection of your online accounts with a private [client side] encryption product like Viivo.  Problem solved.
  3. Won’t I just be safer if I store files on my own computer?  This is another way to go, but you’ll be stuck with the one-at-a-time process of saving email as described above.  Additionally, the tide of expert thought is shifting to the belief that cloud-based solutions are superior.  See The great IT myth: is cloud really less secure than on-premise?

 

All Rights Reserved [2016] Beverly Michaelis

Cyber Security – Horrifying Stats and Tips for Dropbox Users

For the last two weeks, I have been featuring a potpourri of posts gleaned from tweets posted during the ABA TECHSHOW.  Today we explore cyber security with extra bonus tips for good measure.

Cyber Security – Numbers, Trends, Protecting Your Firm

Tips for Dropbox Users

  • Dropbox security: use third party apps – like Viivo – to encrypt. You own the key. @VIIVOkey happens to be in attendance.… @MrsMacLawyer RT @rocketmatter
  • Dropbox security: use 2 step authentication but put recovery code in safe place. It’s not retrievable. @larryport RT @rocketmatter
  • Also see my post, The 7 Rules of Using Dropbox and search this blog for related Dropbox posts.

Thanks 2014 ABA TECHSHOW tweeters for the tips!  And check out these resources for lawyers posted by the author on Scribd.

All Rights Reserved – Beverly Michaelis [2014]

What Lawyers Can Learn from the Yahoo Email Hack

Yahoo, the second largest email service worldwide, reported a security breach last untitledweek which exposed personal information from sent email folders.

The Associated Press reports:

Yahoo Inc. said in a blog post on its breach that “The information sought in the attack seems to be the names and email addresses from the affected accounts’ most recent sent emails.”

That could mean hackers were looking for additional email addresses to send spam or scam messages.  By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

If you correspond with friends, family, clients, or colleagues who use Yahoo’s mail service, scrutinize incoming e-mail carefully to avoid phishing scams. 

This breach has another takeaway for lawyers – you are only as secure as your third party vendors.  The Yahoo and Target breaches were both the result of third-party vendor hacks.  In the case of Yahoo, the information was collected from a third-party database.  In the Target hack, credentials were stolen from a third party vendor.

Lawyers should take this to heart when evaluating their own cyber liability and security – specifically with regard to HIPAA compliance.  If your servers are hosted in the cloud, or you use cloud-based practice management, accounting, or backup solutions, inquire into the security procedures of your vendors.  Remember that encryption is your friend.  All data stored in the cloud should be encrypted – minimally by your vendor.  Better yet: go the extra mile.  Seek out cloud providers who permit you to add your own third party encryption, like Viivo or TrueCrypt, so that you (and only you) hold the final encryption key.

All Rights Reserved [2014]

Beverly Michaelis