Category: Disaster Planning and Recovery

Data Breach Prevention

Glaring headlines in the March 29, 2016 The American Lawyer detailed that 48 of our nation’s top law firms were specifically targeted by a Russian hacker seeking to trade on M&A information. Most of the firms found out they were a target only because their name was included in the article. On March 22, 2016 the FBI issued an alert warning law firms of criminals seeking access to their networks.

What should you do? First, realize that some of the largest firms have experienced breaches. And they have huge IT staff, and lots of money to throw at the problem. Don’t throw up your arms in disdain and say you have no chance by comparison. For firms of all sizes I recommend . . . READ MORE

Data Breach Prevention

It’s really not a question of IF your firm will experience a data breach at some point, but rather WHEN your firm will experience the breach. Don’t assume that your firm has no desirability as a target because of your size, or even your practice areas. Cyber criminals are increasingly targeting law firms of all sizes for private information about clients, which often enables them to more effectively target the client directly.  READ MORE

Disaster Planning, Prevention and Recovery — Free Seminar

I am pleased to let you know that the Greater Philadelphia Professional Counsel will be presenting a seminar on Disaster Planning on Wednesday, March 19, 2014.  Registration and free breakfast begins at 7:45 – 8:30 am.  The seminar will run from 8:30 am to 10:00 am.  There is no charge for the seminar, but pre-registration is required.

It will be held at the Hilton Garden Inn in Fort Washington, PA.  I will be one of the panel members.  Additional information and registration can be found at

I hope to see you there!

Cyberattacks on U.S. Banks – Are You Safe?

McAfee warned of this months ago, and their predictions are coming true.  U.S. Banks are under attack.  As are some cloud providers, for that matter.  The attacks are more massive and organized than ever before.  An article in CNet News on December 13, 2012 revealed that a report released by McAfee Labs predicted an impending attack on U.S. financial institutions — dubbed Project Blitzkrieg — was a “credible threat.”

Project Blitzkrieg is believed to be headed by an individual known as vorVzakone, according to McAfee. In September, vorVzakone announced a massive fraud campaign to be launched against 30 U.S. banks in spring 2013. VorVzakone also put out a call to arms for fellow hackers to join his cause. The attacks are said to be done with a highly developed Trojan that could infect victims’ computers, plant software, and allow cybercriminals to steal information and money.

Rather than being a sweeping attack, McAfee said the campaign will selectively target accounts at investment banks, consumer banks, and credit unions. Going after selected groups makes it easier for vorVzakone to stay under the radar and not be detected by network defenses, according to McAfee.

The attack was to expected to hit hard in Spring, 2013.  But it looks like plans have moved up a bit.  And are not being executed as predicted.  A January 10, 2013 article in the Philadelphia Business Journal carried the title “PNC, Wells Fargo Cyberattacks Work of Iran, U.S. Believes. ”  The real story is based on a January 8, 2013 article in the New York Times entitled “Bank Hacking Was the Work of Iranians, Officials Say“:

But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.

The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.

Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.

A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters has claimed in online posts that it was responsible for the attacks. . . . But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems.

Iranian officials emphatically deny any connection with the attacks.  However, the attackers allegedly stated last week that they had no intention of halting their campaign. “Officials of American banks must expect our massive attacks,” they wrote. “From now on, none of the U.S. banks will be safe.”

I don’t know what I believe about who or what is behind these attacks.  I do believe that the threat, no matter the source, is very real.  Thus far there has been no theft; simply a consistent disabling of the bank’s abilities to service online customers.  However, I have no doubt that this is camouflage designed to distract security professionals from the eventual real consequences of these attacks, which has the potential to create havoc with assets of individuals and businesses. 

What do you need to do? 

  1. Be mindful of the insurance limits which apply to all of your combined accounts.  (Excluding IOLTA.  See “Unlimited FDIC Insurance on IOLTA Accounts Due to Expire” for further details about this issue.) 
  2. Make sure that you are not dependent on online banking for essential transactions.  Even if you do your deposits and bill paying remotely, have good old-fashioned deposit slips and checks handy. 
  3. Be sure you print out your monthly statements if you do electronic review.  You may need to access your information quickly at a time when your financial institution is trying to clean up a mess.  Those with an audit trail of their own will always fare better.
  4. Be careful about where you conduct your business.  Never log onto your secure encrypted accounts from a public computer, or over a public WiFi connection.
  5. If you don’t have a password on your smartphone, netbook and/or tablet, put one on immediately.  Yes, I know it’s a pain that after 3 – 10 minutes of idle time you have to put in a password to resume work.  On the other hand, no one can pick up your device when you’re not looking, and find your autologin information for your bank!
  6. Be especially wary of any so-called email communications from your banking institutions asking you to logon and reset your password, enter your SSN, or other sensitive information, and especially if they provide you with a link to do so.  Verify the legitimacy of the request by calling the institution on the phone before clicking on the link.  Nowadays sophisticated fraudsters create web sites that are so close to the real thing it can fool most people into entering sensitive information.

These are just a few quick thoughts to get this issue on your personal radar screen.  I encourage you to add your thoughts in terms of what we need to do to protect our firms, ourselves, and our clients.

Law Firms and Disaster Recovery

Following disasters such as Hurricane Sandy, community residents struggle to get back on their feet.  They are in need of all sorts of assistance, including legal services.  Will you be one of those who step up to the plate?  Sure, you probably already have a ton of your own issues to deal with.  But at times like this I am reminded of Bradford County lawyer James R. Carroll Jr., who received special recognition at the May, 2012 Pennsylvania Bar Association Annual Meeting.  The Special Achievement Award was an acknowledgement of the extensive legal assistance he provided pro bono at Red Cross shelters and at Federal Emergency Management Agency and Pennsylvania Emergency Management Agency relief sites to victims of Hurricane Irene and Tropical Storm Lee flooding the previous fall.

I had the pleasure of speaking with attorney Carroll after the award was bestowed.   He was so self-deprecating about the significance of his contribution to the community.  As he tells it, his office was destroyed by the flood.  He was “camping out” at FEMA and PEMA sites while he attempted to get his law practice back in operation.   It just so happened that he managed to take time to assist hundreds of individuals he encountered at those sites with urgent legal needs.   I’m sure that no one in the community who was assisted by him will ever forget him.  And I have no doubt he made an impact on their lives with his assistance. 

If you’re thinking of helping out, you will no doubt have questions.  So you may want to look at the Allegheny County Bar Association‘s Disaster Legal Assistance Manual for Volunteer Attorneys which is available here

One concept I have learned over several decades of providing law practice management assistance, is something called the window of opportunity.  That is the brief period of time when the lawyers in a firm are “open” to discussing whatever issue they have been avoiding for some time.  It doesn’t matter whether it is about new computers, lateral hires, or a disaster recovery plan initiative.  The simple fact is that lawyers will prioritize their management time and budget dollars based on their own priorities and desires, usually without regard to what “non-lawyers” think are more important.  So when the time finally arrives when they are actually open to hearing what you have to say — usually prompted by some outside influence — one has to be ready with all the facts and information, and leap through the window with it in hand, before it slams shut again.

I’m willing to bet that given the events of this past week, the window of opportunity is open to discussing creation of a disaster recovery plan for your firm.  Most PA firms have experienced sufficient “pain” to realize this should be on the priority list.  Hey, I’ve been on the soapbox about this for the almost 14 years I’ve been with the Bar Association.  And before that when I privately managed firms.  It took a 500 mile long storm with 80+ mph wind gusts, followed by days without electric power, to get your attention at long last.  Better late than never.

Let me make this really easy for you.  Probably 1 in 10 readers has attended my Disaster Prevention and Recovery seminar at their local county bar association.  So they know it’s not that hard to prepare. The rest of you have to take my word for it.  You just have to make up your mind to do it.  That’s all.  Start by taking a look at the 44-page ABA publication entitled “Surviving a Disaster: A Lawyer’s Guide to Disaster Planning” which is available online here.  PBA members can follow up by contacting me at the Bar Association for additional assistance at no charge.


How Safe Is Your Laptop or Other Portable Device Housing Confidential Client Data?

Every once in a while I read an article in the news which reminds me to remind all of you about the responsibilities you have to safeguard client data.  Sometimes we forget how much “stuff” may be on digital dictation devices, smartphones, flash drives, laptops, netbooks and other devices, which are prone to disappear.  A recent article in the Philadelphia Business Journal entitled “Laptop Crime Wave at Office Buildings May be Solved” reminded me it’s time to remind you once again.  The  27-year-old suspect has been charged with stealing more than 30 laptops from four Philadelphia business towers since May.  During the day.  Many of the locations housed law firm tenants. 

What happens to your client data if your laptop is stolen?  How about if you lose your smartphone, dictation device, etc.?  Does your laptop have a boot password?  Is the hard drive encrypted?  Can you “wipe” your smartphone remotely? 

With a laptop stolen at the rate of more than one every minute in the USA, these are questions you must be able to answer.  You may find this article entitled “Safeguarding Laptops, Electronic Devices, and Protecting Confidential Client Data” to be a good starting point.  Rule 1.15 [Safeguarding Client Property] requires you to give this some thought, and take reasonable precautions.  Given the vulnerability of these devices, don’t wait to find out the hard way that what is considered reasonable precaution may be far beyond what you currently employ.


Disaster Legal Aid Help for Civilians

Some PA residents and businesses, like me, dodged a bullet when hurricane Irene passed through.  But others are not as fortunate.  I have been getting lots of calls on the PA Bar Association Hot Line from lawyers whose offices were flooded, or worse, mudded, resulting in a loss of client files and other valuable papers.  Many people lost everything of a personal nature, including their homes, and many businesses are struggling to survive.  No, I will not take this opportunity to provide any lectures about disaster prevention steps that could have been taken.  I will reserve that for another time.  Right now I just want to get the word out about what resources are available to help.

The PA Bar Association has teamed up with PA Law Help to create a virtual law clinic.  The Allegheny County Bar Foundation has created a detailed model resource for Volunteer Attorneys.  In addition, local Bars have set up 7 sites for disaster relief around the state, and are asking their members to mobilize to provide support to the community.  The 7 centers are:

Wyoming County Tunkannock Area Administration 41 Philadelphia Avenue Tunkhannock, PA 18657

 Bradford County Towanda Fire Department 101 Elm St., Towanda PA 18848

 Luzerne County Community College 1334 South Prospect Street Nanticoke, PA 18634

 Dauphin County Harrisburg East Mall 3501 Paxton Street Harrisburg, PA 17111

 Lycoming County 740 Fairfield Road Montoursville, PA 17754

 Columbia County Agricultural Center 702 Sawmill Road Bloomsburg, PA 17815

 Sullivan County at Loyal sock State Forest District Office 6735 RT. 220 Laportte, PA 18626

These 7 sites are opening today, Wednesday, September 14, from 1 p.m. to 7 p.m. and starting tomorrow, on Thursday, September 15th, from 10 a.m. to 7 p.m. daily. Disaster officials recommend that individuals register before visiting a DRC so if there are any questions about the application process they can be answered face to face. Individuals may visit any DRC regardless of where they live or work.

Register for assistance online at; the screens will prompt you through the registration process.

 One can also apply by web-enabled mobile devices at, or call 1-800-621-FEMA (3362). Disaster assistance applicants who have a speech disability or hearing loss and use TTY, should call 1-800-462-7585 directly. For those who use 711 or Video Relay Service (VRS), call 1-800-621-3362. Operators will assist individuals seven days a week between the hours of 7 a.m. to 10 p.m.

Reach out to those around you.  That includes your vendors, employees, neighbors and friends.  Make sure they know of these resources.

Terror Lurking in the Cloud

The title of this post likely conjures up disturbing memories of 9/11.  And it should.  A newly released book presents the disturbing possibility that online gaming and virtual world communications have provided terrorists with an ideal medium to communicate and plan deadly assault scenarios, all of which is flying under the radar of the CIA and NSA.

Dutchman Emile van Veen spent two years researching how terrorists could utilize so called Massively Multiplayer Online Role Playing Games (MMORPGs). These online games appear to be an unbreakable code for intelligence agencies and offer communication channels like email, chat and voice chat. They are violent by nature, making it virtually impossible to detect dangerous conversations. They can be accessed from any computer, anywhere, by using anonymous accounts.

Recently the danger of terrorists using computer games as a secure communication channel led to alarming news articles by major newspapers in Europe, following the release of Van Veen’s technothriller “MMORPG: How a computer game becomes deadly serious.”

Van Veen’s story is set in both the real and the virtual world, a novel concept in itself. The author said, “Especially reproductions of our real world are dangerous. Someone who wants to blow up the Brooklyn Bridge could examine the target in detail and scout his way in and out as well.”  He thinks the real-life danger is imminent.

The CIA tentatively acknowledged this threat in its 2008 Data Mining Report and started the Reynard Project as a “seedling effort” to detect suspicious behavior and actions in the virtual world. Although online gaming has exploded and hundreds of millions of people participate in these games, not much has been heard about the Reynard Project since.

The book MMORPG: How a computer game becomes deadly serious [ISBN 9781456318086] by Emile van Veen is available through most retail channels in both paperback and eBook.

Admittedly, this isn’t the type of information I normally post on my blog.  But after yesterday’s post I figured most of my readers would be fretting about how far behind they might be in technology, and how it might hamper their ability to compete.  So now, to put things into proper perspective, I’m giving you something bigger to worry about!


To return to the main page of the blog, click here.  To return to the blog  Index, click here.

Mobile Computer Security

By all accounts, a personal computer is lost or stolen every 12 seconds. Most contain confidential or sensitive information. Having to explain to a client or disciplinary authority about lost or exposed client data on a missing laptop would be unpleasant and difficult. With all of the reported instances of this happening, how could anyone seriously maintain that they had no idea that a laptop with confidential information could be lost or stolen? And PCs aren’t the only mobile devices that can contain confidential information.

It follows then that when we talk about mobile security, we are primarily talking about training staff and lawyers to be aware of the risks of losing important information, and about adopting policies to secure confidential information. There is a need for every firm to develop and implement a computer use policy which carefully balances the need for security with the need of users to accomplish tasks effectively and efficiently without creating undue administrative burden.

An article entitled “The Lawyer’s Guide to Mobile Computer Security” will examine the various areas to be considered when drafting and implementing a computer use policy. It was recently posted to the web site of Freedman Consulting, Inc. It should be a must-read for managing partners, IT professionals, law firm administrators, and chief information officers.


To return to the main page of the blog, click here. To return to the blog Index, click here.

When a Small Tech Adjustment Turns Into a Big Tech Headache

Too many IT people step over the line from cutting edge to bleeding edge or wind up just plummeting off the edge entirely into an endless free-fall of bad consequences for all end-users, all for the lack of a little forethought and well-considered conservatism. I’ve seen it one too many times.

Whether the IT person is in-house talent or outside service personnel, the result is too often the same. An hour after they leave, or sometimes moments after they arrive, the system comes screeching or grinding to a halt over a careless action. And they are either unavailable or powerless to fix it, leaving the end users holding the bag.

Example? How about the IT person who decided to just shut down a network without prior notice or query to implement a “3 minute” power supply replacement, only to find the system would not reboot with the new supply, and the old one officially died upon removal. Oh, did I mention that a lawyer was in the conference room in the middle of a 4+ hour complicated closing at the time? You would have thought it was the fourth of July based on the fireworks.

Example? How about the IT person who heard a funny noise coming from the PBX phone switch and decided to reboot it on the chance it would take care of the problem. Want to take a guess? Yep, you got it. It was an impending hard drive controller failure, and the hard drive failed when it stopped spinning. The firm was without phone service for over 24 hours, and lost all its voicemail messages, current and saved.

Example? How about the IT department at Research in Motion making a minor software update that was supposed to optimize system cache memory, without adequately testing it first? Want to take a guess? Well, if you know any Blackberry users, you probably already know most needed a padded cell and/or methadone to deal with the withdrawal symptoms when the system failed and left literally millions of users jonesing to use their thumbs from late Tuesday, April 17th, into Wednesday the 18th. Complicating matters was the fact that the company’s backup system also “performed poorly.”

“The system routine was expected to be non-impacting with respect to the real-time operation of the BlackBerry infrastructure, but the pre-testing of the system routine proved to be insufficient,” Research in Motion said in a statement.

I don’t care whether you outsource your IT, have your own in-house talent, or if you literally do it yourself. Just always keep in mind that you should never mess around with anything, no matter how “simple” or “straight-forward” or “non impacting” you think it will be, without first asking yourself what you can do to undo it if the worst happens. Do you have the ability to “go back” software-wise short of a full restore? If you have to do a restore, do you have a current backup? Have you done a restore recently, or even tested your back-up to make sure it will work as desired when needed?

If the system is down, even for a few minutes, who will be affected? Have you checked with them to see if they can deal with it without adversely impacting client deadlines?

How will you fix it if it turns into a boo-boo? How long will it take?

Always test everything you can in advance. Always make sure you have a full software backup before installing any software, patch update, whatever. Never ever power down unless you are pretty darn sure you can power back up, or have back-up hardware available. One thing I’ve learned time and time again — if you suspect a hardware problem, the worst thing is to power down before a technician with replacement parts arrives or is enroute. Ok, we’ll make an exception when there’s smoke coming out of the exhaust vent. 🙂

If we learn nothing else from RIM’s recent outage, it should be to remind us that there is virtually nothing we can do to our computers which is truly “non impacting,” so always take a conservative approach.


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes