Category: General Management

Windows Security Patches Released

Microsoft Released a security patch on Thursday, May 1st, which fixed all Windows versions of Internet Explorer, including for Windows XP!

XP has been out of support, but with a heavy installed base — estimated at 30% of the world’s computers by some — Microsoft made an exception to its policy by updating the operating system.  At a lot of law firms, there was a visible sigh of relief.  Kudos to Microsoft for doing the right thing.

Personally, I took the opportunity to change my default browser to Chrome, and I don’t regret it.  There are a few software packages I have which are not compatible.  For example, Copernic Desktop Search.  But I only use that for searches internal to my system, so I don’t really care.

In case you’re curious, data from NetMarketShare.com indicates that Windows 7 powers 49.27% of the world’s computers, while Windows 8.0 and 8.1 combined account for only 12.24%.   MAC versions 10.6 through 10.8 combined holds 3.25% of market share.   That number surprises me, as I’m seeing strong growth in the legal industry.

Computer Security Issues – Windows XP, Adobe Flash, Internet Explorer

When Homeland Security issues a warning about new risks of using your computer, you should stop and pay attention.  When mighty Microsoft tells you to temporarily stop using one of their programs due to a security issue, you should stop and pay attention once you’ve recovered from fainting.

Yes folks, our computing environment has just gotten a whole lot riskier, especially when exploring the internet.

First, let me advise you that the issues have not yet been resolved, despite reports issued based on misinformation and misunderstanding.  That’s because we’re dealing with multiple issues, on multiple software platforms.

The issue dealing with Adobe Flash Player was resolved (hopefully) by a security update from Adobe on Monday, April 28.  That problem involved a Flash bug that was attacking computer visitors of a Syrian government web site.  Although that bug was significant, it is not at all related to the major boo-boo in Internet Explorer.  And it’s doubtful it would have impacted too many of you in the legal environment.

The “big” Microsoft bug, which Microsoft is currently scrambling to address with a patch, affects versions 6 to 11 of Internet Explorer.  It potentially gives data thieves the same access to a network computer as a legitimate user.  Microsoft has acknowledged that there have been “limited, targeted attacks that attempt to exploit a vulnerability.”  Excuse me?  It can’t be so limited if Homeland Security is involved, along with every major media outlet.

The security flaw in Internet Explorer comes into play if you click on a bad link.  Not the type which gives you an innocent “404, Not Found” but rather the kind which takes you to a fake web site, where malicious code can be injected into your computer.  Some of these sites are so realistically designed, you have no clue they’re fake and “bad”.

This is the first major security flaw discovered since Windows XP support was discontinued.  That means that when the security patch is issued, both Internet Explorer and Windows 8.0+ will be updated.  Windows XP will remain vulnerable.

What should you do?

  1. Stop using Internet Explorer for now.  Use one of the competitors like Google Chrome or Firefox.
  2. Don’t click on links found on web sites which go outside that site.  Rather, use your “favorites” to get to the other site, or look up the other site and go there directly.  It’s estimated that as much as 40% of legitimate web sites may unknowingly have malicious code on their site.  One example would be replacing a legitimate link with one which misdirects you to a “bad” web site.
  3. Make sure you’re installing all security updates which arrive at your computer.
  4. Be sure your anti-virus and anti-spyware software is kept up to date, and is running continuously in the background.
  5. Make sure your firewall is up to date.
  6. If you’re still using Windows XP, make a permanent change to your internet browser choice.  Also, whichever browser you choose, you may want to have your security software checking each site before it actually allows you to land on it.  It will slow your travels, but keep you much safer.

Keep in mind that you will have to get off of Windows XP in short order.  Hey, I don’t like it one bit either!  But keep in mind that law firms must take due diligence in safeguarding client confidentiality.  Knowingly using software which will never receive additional security updates is much like putting your most confidential client documents in a trash bag, and throwing it off the Empire State Building.  It’s not a question as to whether those papers will be scattered on impact, but rather how far they’ll be scattered!

Security Issues on iPhone 5s

Attorneys who use the iPhone 5s should refrain from enabling Touch ID.  There have already been two patches in response to two security flaws.  But tech experts feel that the Touch ID feature is still a risk for phones carrying confidential client information.  Michael Pham of Winstead Attorneys has some insights in a post on the WinTech blog.  He suggests that employers implement strict written policies and  procedures that require employees to keep their mobile devices current with the latest  software updates concerning security, and that they notify the company the  minute a phone goes missing.  Wise advice.  I also recommend that remote swipe be enabled before any client information is synched to the phone.

It’s important for firms to take proactive steps to protect confidential client data.  Failure to take reasonable precautions could spell malpractice.

How One Keystroke Can Undo Your Deal — Confidentiality:

What does a teenager have in common with confidentiality?  Absolutely nothing.  Today’s youth live out their lives on social media without a thought of consequences from sharing every thought and action.  Following is a guest blog by Wayne, PA employment lawyer Robin Bond.  Read about how a college-age daughter’s Facebook post cost her father $80,000. These are your
employees and clients, folks.  Make sure they understand the meaning of the term “confidential.”

*************************

When a company and an employee sign off on a deal or settlement agreement, “confidentiality” about the terms of that agreement is often a key condition for payment. That means “keeping quiet” — and keeping your social media fingers, and those of your children, off the keys!

In Gulliver Schools, Inc. v. Snay, Patrick Snay’s lawyers negotiated a settlement of his age discrimination and retaliation claims; however, confidentiality was a key term for payment of $80,000.  Snay told his college-age daughter that the case “was settled” and that he was “happy with the result.” Snay’s daughter did what many of her age would do: she immediately went to her Facebook page and posted the following message: “Mama and Papa Snay won their case against Gulliver. Gulliver is now officially paying for my vacation to Europe this summer. SUCK IT.”

Snay’s daughter — a Gulliver alum – had approximately 1200 Facebook friends, and many of these were current or former Gulliver students as well - the exact population Gulliver did not want to know about the settlement. The school withheld the payment to Snay and the Court sided with the school, on the basis that the daughter’s social media posting violated her father’s duty of confidentiality under the settlement agreement.

Disaster Planning, Prevention and Recovery — Free Seminar

I am pleased to let you know that the Greater Philadelphia Professional Counsel will be presenting a seminar on Disaster Planning on Wednesday, March 19, 2014.  Registration and free breakfast begins at 7:45 – 8:30 am.  The seminar will run from 8:30 am to 10:00 am.  There is no charge for the seminar, but pre-registration is required.

It will be held at the Hilton Garden Inn in Fort Washington, PA.  I will be one of the panel members.  Additional information and registration can be found at info@gppcouncil.org.

I hope to see you there!

Coaching for PA Lawyers to Improve Marketing and Other Skills

My first major step onto the coaching soapbox came in the form of an article entitled “Coaching to Improve Skills,”  which appeared in the December 3, 2007 issue of The Pennsylvania Bar News.  I wrote it because I was sick and tired of hearing attorneys say that if an attorney did not instinctively know how to market, they would never learn.  It’s just wrong.

Most attorneys are not instinctively good at marketing.  However, marketing is very much a learned skill.  Any attorney is capable of learning how to become an effective rainmaker, or at least a strong contributor to a firm’s efforts.

The fact is that Baby Boomer attorneys grew up in a rapidly expanding marketplace.   Individuals and companies were happy to find an attorney who did decent work, and had a nice “bedside” manner.  That’s about all that was required to grow one’s practice through word of mouth.  There was plenty of room for new attorneys to try one methodology or another, and make mistakes along the way to honing one’s skills in asking for legal work, and referrals to new clients.  Those who chose not to do so were able to make partner by serving the needs of other partners’ clients.  Those “worker bees” chose not to develop skills outside their comfort level, because they didn’t need to do so in order to succeed.  That doesn’t mean that they weren’t capable of doing so.  Maybe they would have needed some assistance to get there, but if motivated, they could have.

When the marketplace leveled off, development of marketing skills started to become a determinant of who would make partner, and who would not.  Firms would invest enormous resources in helping attorneys develop professional skills.  But when the same attorneys did not “naturally” develop marketing skills by a certain point in their career, they were cut loose, on the assumption that they were a lost cause.  Such a shame.  Many who were cast aside went on to develop the skills out of necessity, in order to survive on their own.  Some did better than others, but most managed to survive in the profession.

Now that we’re in a highly-competitive, contracting marketplace, there is even less room for experimentation and trial and error in client development.  Smart firms are realizing that training in this area is as necessary as any other area.  And let’s keep in mind that real learning by lawyers is acquired by “doing” and not by “studying” about it.  That means one must know what to do, how to do it, and then practice and perfect the skills.

For many attorneys, coaching can provide the difference between success and failure.  And that doesn’t apply just to development of rainmaking skills.  Coaches work directly with attorneys to help them create a personal action plan.  They help attorneys identify what is holding them back, and develop strategies to overcome the roadblocks.

I have searched for coaches I can recommend for many years.  Most that I have met over the years do not meet my expectations.  It’s not about the credentials; it’s about the person and their methodology.  I have a few I can recommend to PA Bar Members.  Some focus just in marketing.  Others in more general areas contributing to success.  However, I was recently so impressed by one in particular, I will mention her here.

We became acquainted through LinkedIn.  After some e-conversation, we met in person.  Obviously I was impressed.  So let me recommend you take a look at the credentials of Dena Lefkowitz.  If you decide to call, tell her Ellen sent you.  I don’t get any referral,  just satisfaction knowing attorneys are getting the additional skill training they need to be successful.

 

Why You Need to Connect With Your Colleagues

Attorneys who practice in a solo or small firm (15 or fewer attorneys) setting have lots of advantages.  One big disadvantage for many is a lack of feedback and support mechanisms.  That’s certainly one area where a larger firm provides benefit.  At the larger firm, one need only walk down the hallway and poke a face in to get some immediate feedback.  Whether one seeks a dispassionate perspective, some additional creative thought, sympathy about a matter gone awry, or even direct assistance on client work or a marketing initiative, help is often just down the hall.

For those operating in small or solo environments, the need for connection to ones colleagues was often met by regular lunches at the bar association, or the neighborhood restaurant.  Regrettably, lives for most attorneys have become so hectic, it’s hard to squeeze in these type of events unless one can justify the time with CLE credit or some other more tangible justification.

The solo and small firm attorneys who experience the greatest feeling of loss of collegiality are those who have at one time or another experienced life in a larger firm setting.  It takes little time for them to realize that they are more isolated, and in a real way handicapped, than they were in the larger setting.  What to do?

Well, in most states, the state bar association has a section just for solo and small firm attorneys.  That’s the case in PA.  Not only is there a Section, but there is a Listserv which enables all of the members of the section, who choose to join, to communicate with each other with a single email.  Talk about collegiality . . . responses are usually received within minutes for anything from vendor or technology information, to sample forms, cites, and creative strategies to pursue on behalf of clients.  The Listserv also provides a means for geographically diverse attorneys to get to know one another, for referral purposes.  What a relief to be able to identify attorneys who can provide expertise in a specific practice area, without worrying about them stealing your client.

As in many other states, the PA Bar Association‘s Solo & Small Firm Section has an educational conference.  It is a two day event which is packed with excellent educational opportunities, networking opportunities, and many options for family fun as well.  Talk about multi-tasking!  Earn a full year’s CLE credit, meet a whole bunch of helpful colleagues face to face, and have a family vacation as well at the awesome Bedford Springs Resort, where there is activity desirable to any family member of any age.  Probably the greatest value of these events are obtained  at the social events, or at the bar, where you get to compare notes with colleagues, and find out they are facing the same challenges, and how they’re doing it.  It will recharge your batteries.

Bedford Springs Resort

 

 

The closing date to lock in the special resort rate for the conference is almost here.  You’ve been working hard.  You probably haven’t properly rewarded yourself with some well-deserved downtime.  And no doubt you’re feeling too “alone” in your solo or small firm practice.

There’s an excellent faculty waiting to assist you with substantive practice area education, and practice management expertise.  I am honored to be the opening and closing presenter.  In between I will be offering “One-on-one with Ellen” private consulting meetings for anyone who signs up at the conference.  First come, first served.

If you’re not a PA attorney, take time now to go the web site of your county or state bar association, to determine if they have a similar event.  PA welcomes non-members of the Section or Association. Those who sign up for the Section while at the Conference typically get the first year of Section Membership free.

Additional information and registration is found here.  The conference is August 1st and 2nd.  Don’t think about it, just DO IT!  You deserve it.

Does Communication Overload Impact Civility in the Profession?

I have  theory, but I’m not sure I have any answers.    I’m hoping you do, and will take the time to express your thoughts.

My theory starts with a base assumption that most people in the legal environment are suffering from information-overload anxiety.  Some refer to the new forms of communication known as social media as a “sea change” in communications.  I don’t think it’s a change; meaning that these forms of communication have not replaced traditional forms of communication.  Rather, it’s more like a Tsunami.  New forms of communication have been added in addition to traditional forms.

Yes, for the most part, email attachments have replaced faxes.  And in that one respect, we’re dealing with change.  But we now must process additional forms of communication.  Facebook, LinkedIn, Google+, eNewsletters, Tweets, Blog posts, Alerts, Listservs, Discussion Groups, and text messaging.  This on top of traditional business-related email, voicemail, and for some, video mail.

If I’m out of the office just one day, I come back to a backlog of 350 – 450 emails, mostly excluding spam.  That means on the day I’m back in the office I will have to go through 700 – 900 emails to stay current.  On top of all the other work waiting for me.  Yeah, right!

Even though I teach lawyers and law firm staff how to use Rules and Folders to allow the cream to rise to the top of the inbox, and follow those suggestions myself, it’s just not enough anymore.  What’s that old saying?  The faster I go the farther behind I get!

Over the span of several decades serving the legal industry, I have observed a myriad of changes.  Some have been for the good, some not.  A matured marketplace presents profitability and competitive challenges.  The pendulum has swung from flat fee to hourly billing, and back toward flat fee in many practice areas.

From my perspective, one of the most undesirable consequences of industry changes has been a considerable decrease in the civility which had been an outstanding characteristic of this profession.

Have you noticed it?  Simple courtesy seems all but lost.  One-upmanship prevails.  Competitors act more like enemies than colleagues.

I am writing an article for an upcoming issue of  The Pennsylvania Lawyer.  It’s the annual technology issue.  However, even though I am a “techie” from the perspective of most, and am always promoting working smarter instead of harder through effective use of technology, I firmly believe that the entire legal industry is being crushed under the daily onslaught of communications.  I believe each and every lawyer is trying to keep their head above water in this area.  And I conclude that this constant barrage is making a lot of you cranky . . . really, really cranky.

Tell me what you think. Are you suffering from information overload? Are your colleagues? What techniques have worked, and which have failed, to help you stay on top? Does the pressure get to you? Are you crankier than you used to be?  Or are you just cranky for a whole set of other reasons?

Please share!

Children Responsible for Parental Debt

I never heard of the “filial responsibility” laws.  Until I read about a PA resident who must pay for Mom’s $93,000 Nursing Home bill.  Now that I’ve read about it, I’m sure glad my sister has the “deep pocket” in our family.

I thought my first post when I returned from TechShow would be about one of the many wonderful lessons learned.  I was in fact going to post diligently from there.  But the Chicago Hilton has about the worst Wi-Fi access I’ve encountered.  It was tough just getting a cell phone signal.  It was fairly humorous to see so many lawyers with cell phones to their ears and bodies literally plastered to the windows like some sort of human antennae.  At night, when I got back to the room after the myriad of social events, I was just too tired to think, let alone write.

Now that I’m back I’m anxious to share, but an article in the Anderson Elder Law Newsletter entitled “Son Liable for Mom’s $93,000 Nursing Home Bill Under ‘Filial Responsibility’ Law” really caught my attention.  How could that be?  Well, it be!  And I am so shocked by this, I feel compelled to share it right now.  The article explains:

Some 29 states currently have laws making adult children responsible for their parents if their parents can’t afford to take care of themselves. These “filial responsibility” laws have rarely been enforced, but six years ago when federal rules made it more difficult to qualify for Medicaid long-term care coverage, some elder law attorneys predicted that nursing homes would start using the laws as a way to get care paid for.

And it was precisely the application of this law which caused the son to be forced to take financial responsibility.  Unbelievably, the law does not require it to consider other sources of income or to wait until a parent’s Medicaid claim is resolved.  Even more pernicious is that the law permits the nursing home to choose which family members to pursue for the money owed.  In this particular case, they ignored a spouse and other siblings, and went after the apparent “deep pocket.”

Linda Anderson notes that after Pennsylvania re-enacted its filial support law in the mid-2000s, Williamsport attorney Jeffrey A. Marshall forecast that the new Medicaid law would trigger a wave of lawsuits involving adult children.  Obviously, he was correct, and this is just the beginning of what may become a tidal wave of lawsuits.  In Marshall’s blog post about this court decision he writes:

Children are often surprised to learn that they can be held responsible for their parent’s unpaid medical and care related expenses. It just doesn’t seem fair. But, whether fair or not, the Pittas case shows that the child’s support obligation to the parent is the law in Pennsylvania.  Children: be warned. If your parent needs long term care and may someday be unable to pay for it, you should find out about your potential financial liability and what to do about it.

So what is the son supposed to do, now that he has lost his appeal?  Is he to sue his father and siblings for their “fair share” of the debt?  Declare bankruptcy?  I’m just thinking out loud on this, while I shake my head in disbelief.  Our lives are already so stressful . . . raising children in a two-income household, trying to care for aging parents, trying to save for retirement in an ever-increasing financially hostile future environment, and to have some quality of life and semblance of balance in the current moment.  Is this the straw which breaks the back of American families?

I am so grateful I “strongly encouraged” my mom to purchase optional Long Term Care Insurance through her employer’s Cafeteria Plan some 30 years ago, so that it’s there if she needs it.   We found out from personal experience about 2 years ago how quickly the bills can mount after my mother suffered a fall at home.  The nursing home costs, followed by rehab at home, and then extended personal care until she was recovered enough to be completely on her own again, added up to a huge amount of money which her Medicare and additional excess policy didn’t cover.   They paid plenty, don’t get me wrong.  But there was a lot of uncovered additional expense, especially the personal in-home care, which cost a fortune.  At least the Long Term Care contributed toward some of that once the elimination period was passed.  (Although I admit I had to really duke it out with them to get her benefit paid, despite her making premium payments like clockwork for 30 years.  But hey, don’t even get me started on the topic of insurance companies!  :-(  )

If you have living parents, this is not something you can afford to ignore.  Make sure they have adequate insurance coverage, and talk to an Elder Care attorney just to see what risks you face, and how you might avoid them.  The investment to protect yourself now is a pittance compared to the potential exposure later.

 

Cyberattacks on U.S. Banks – Are You Safe?

McAfee warned of this months ago, and their predictions are coming true.  U.S. Banks are under attack.  As are some cloud providers, for that matter.  The attacks are more massive and organized than ever before.  An article in CNet News on December 13, 2012 revealed that a report released by McAfee Labs predicted an impending attack on U.S. financial institutions — dubbed Project Blitzkrieg — was a “credible threat.”

Project Blitzkrieg is believed to be headed by an individual known as vorVzakone, according to McAfee. In September, vorVzakone announced a massive fraud campaign to be launched against 30 U.S. banks in spring 2013. VorVzakone also put out a call to arms for fellow hackers to join his cause. The attacks are said to be done with a highly developed Trojan that could infect victims’ computers, plant software, and allow cybercriminals to steal information and money.

Rather than being a sweeping attack, McAfee said the campaign will selectively target accounts at investment banks, consumer banks, and credit unions. Going after selected groups makes it easier for vorVzakone to stay under the radar and not be detected by network defenses, according to McAfee.

The attack was to expected to hit hard in Spring, 2013.  But it looks like plans have moved up a bit.  And are not being executed as predicted.  A January 10, 2013 article in the Philadelphia Business Journal carried the title “PNC, Wells Fargo Cyberattacks Work of Iran, U.S. Believes. ”  The real story is based on a January 8, 2013 article in the New York Times entitled “Bank Hacking Was the Work of Iranians, Officials Say“:

But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.

The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.

Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.

A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters has claimed in online posts that it was responsible for the attacks. . . . But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems.

Iranian officials emphatically deny any connection with the attacks.  However, the attackers allegedly stated last week that they had no intention of halting their campaign. “Officials of American banks must expect our massive attacks,” they wrote. “From now on, none of the U.S. banks will be safe.”

I don’t know what I believe about who or what is behind these attacks.  I do believe that the threat, no matter the source, is very real.  Thus far there has been no theft; simply a consistent disabling of the bank’s abilities to service online customers.  However, I have no doubt that this is camouflage designed to distract security professionals from the eventual real consequences of these attacks, which has the potential to create havoc with assets of individuals and businesses. 

What do you need to do? 

  1. Be mindful of the insurance limits which apply to all of your combined accounts.  (Excluding IOLTA.  See “Unlimited FDIC Insurance on IOLTA Accounts Due to Expire” for further details about this issue.) 
  2. Make sure that you are not dependent on online banking for essential transactions.  Even if you do your deposits and bill paying remotely, have good old-fashioned deposit slips and checks handy. 
  3. Be sure you print out your monthly statements if you do electronic review.  You may need to access your information quickly at a time when your financial institution is trying to clean up a mess.  Those with an audit trail of their own will always fare better.
  4. Be careful about where you conduct your business.  Never log onto your secure encrypted accounts from a public computer, or over a public WiFi connection.
  5. If you don’t have a password on your smartphone, netbook and/or tablet, put one on immediately.  Yes, I know it’s a pain that after 3 – 10 minutes of idle time you have to put in a password to resume work.  On the other hand, no one can pick up your device when you’re not looking, and find your autologin information for your bank!
  6. Be especially wary of any so-called email communications from your banking institutions asking you to logon and reset your password, enter your SSN, or other sensitive information, and especially if they provide you with a link to do so.  Verify the legitimacy of the request by calling the institution on the phone before clicking on the link.  Nowadays sophisticated fraudsters create web sites that are so close to the real thing it can fool most people into entering sensitive information.

These are just a few quick thoughts to get this issue on your personal radar screen.  I encourage you to add your thoughts in terms of what we need to do to protect our firms, ourselves, and our clients.

WordPress Themes