Category: Technology

Windows Security Patches Released

Microsoft Released a security patch on Thursday, May 1st, which fixed all Windows versions of Internet Explorer, including for Windows XP!

XP has been out of support, but with a heavy installed base — estimated at 30% of the world’s computers by some — Microsoft made an exception to its policy by updating the operating system.  At a lot of law firms, there was a visible sigh of relief.  Kudos to Microsoft for doing the right thing.

Personally, I took the opportunity to change my default browser to Chrome, and I don’t regret it.  There are a few software packages I have which are not compatible.  For example, Copernic Desktop Search.  But I only use that for searches internal to my system, so I don’t really care.

In case you’re curious, data from NetMarketShare.com indicates that Windows 7 powers 49.27% of the world’s computers, while Windows 8.0 and 8.1 combined account for only 12.24%.   MAC versions 10.6 through 10.8 combined holds 3.25% of market share.   That number surprises me, as I’m seeing strong growth in the legal industry.

Computer Security Issues – Windows XP, Adobe Flash, Internet Explorer

When Homeland Security issues a warning about new risks of using your computer, you should stop and pay attention.  When mighty Microsoft tells you to temporarily stop using one of their programs due to a security issue, you should stop and pay attention once you’ve recovered from fainting.

Yes folks, our computing environment has just gotten a whole lot riskier, especially when exploring the internet.

First, let me advise you that the issues have not yet been resolved, despite reports issued based on misinformation and misunderstanding.  That’s because we’re dealing with multiple issues, on multiple software platforms.

The issue dealing with Adobe Flash Player was resolved (hopefully) by a security update from Adobe on Monday, April 28.  That problem involved a Flash bug that was attacking computer visitors of a Syrian government web site.  Although that bug was significant, it is not at all related to the major boo-boo in Internet Explorer.  And it’s doubtful it would have impacted too many of you in the legal environment.

The “big” Microsoft bug, which Microsoft is currently scrambling to address with a patch, affects versions 6 to 11 of Internet Explorer.  It potentially gives data thieves the same access to a network computer as a legitimate user.  Microsoft has acknowledged that there have been “limited, targeted attacks that attempt to exploit a vulnerability.”  Excuse me?  It can’t be so limited if Homeland Security is involved, along with every major media outlet.

The security flaw in Internet Explorer comes into play if you click on a bad link.  Not the type which gives you an innocent “404, Not Found” but rather the kind which takes you to a fake web site, where malicious code can be injected into your computer.  Some of these sites are so realistically designed, you have no clue they’re fake and “bad”.

This is the first major security flaw discovered since Windows XP support was discontinued.  That means that when the security patch is issued, both Internet Explorer and Windows 8.0+ will be updated.  Windows XP will remain vulnerable.

What should you do?

  1. Stop using Internet Explorer for now.  Use one of the competitors like Google Chrome or Firefox.
  2. Don’t click on links found on web sites which go outside that site.  Rather, use your “favorites” to get to the other site, or look up the other site and go there directly.  It’s estimated that as much as 40% of legitimate web sites may unknowingly have malicious code on their site.  One example would be replacing a legitimate link with one which misdirects you to a “bad” web site.
  3. Make sure you’re installing all security updates which arrive at your computer.
  4. Be sure your anti-virus and anti-spyware software is kept up to date, and is running continuously in the background.
  5. Make sure your firewall is up to date.
  6. If you’re still using Windows XP, make a permanent change to your internet browser choice.  Also, whichever browser you choose, you may want to have your security software checking each site before it actually allows you to land on it.  It will slow your travels, but keep you much safer.

Keep in mind that you will have to get off of Windows XP in short order.  Hey, I don’t like it one bit either!  But keep in mind that law firms must take due diligence in safeguarding client confidentiality.  Knowingly using software which will never receive additional security updates is much like putting your most confidential client documents in a trash bag, and throwing it off the Empire State Building.  It’s not a question as to whether those papers will be scattered on impact, but rather how far they’ll be scattered!

Security Issues on iPhone 5s

Attorneys who use the iPhone 5s should refrain from enabling Touch ID.  There have already been two patches in response to two security flaws.  But tech experts feel that the Touch ID feature is still a risk for phones carrying confidential client information.  Michael Pham of Winstead Attorneys has some insights in a post on the WinTech blog.  He suggests that employers implement strict written policies and  procedures that require employees to keep their mobile devices current with the latest  software updates concerning security, and that they notify the company the  minute a phone goes missing.  Wise advice.  I also recommend that remote swipe be enabled before any client information is synched to the phone.

It’s important for firms to take proactive steps to protect confidential client data.  Failure to take reasonable precautions could spell malpractice.

Twitter username worth $50k?

A very interesting article on CNET News caught my attention.  The headline “Coveted $50,000 Twitter username swiped in tale of woe” intrigued me on more than one level.  First, of course, are the security issues.  Definitely read the article, and track back to the blog post, to get an idea of how vulnerable your online accounts can be.

Second, was the fact that a username could have such a value.  Maybe it’s time to start thinking creatively and reserving free account names that may become desirous later.  Hmmm . . . wonder if @Personal_Injury is available?

Although the latest update to the story includes a strong denial from PayPal about divulging information which allowed the hacker to hijack the user’s accounts, I tend to believe the user, Naoki Hiroshima.  There are tons ways a “confused caller” can get small bits of information over the phone; enough to later claim an account.

PayPal’s name has been associated with all sorts of online fraud, almost since they first started.  Don’t get me wrong, it’s not PayPal itself, but nefarious individuals who have exploited their name for phishing and identity theft schemes since day one.  For that reason alone, I have long advised attorneys to use something other than PayPal for credit card service (merchant account) their clients can use to pay.  Just the association to the name still leaves a chill of risk for many who remember the horror stories.

Custom Apps Created by Law Firms – Brilliant Marketing

A terrific next step in education-based marketing strategy is the law firm mobile device app, designed to address a specific client need.  Law Technology News recently reported on  apps designed by Latham & Watkins and O’Melveny & Myers, to inform users about anti-bribery and anti-corruption laws.

The Latham & Watkins iPhone and iPad app, which is called the AB&C  Laws Application, was launched on  July 18th.  It is free from Apple Inc.’s iTunes app store. The app serves as a reference tool informing users about anti-bribery and anti-corruption laws  in major jurisdictions around the world. In November, 2012,  O’Melveny & Myers released a similar app with a more narrow scope, which focuses exclusively on the U.S. Foreign Corrupt Practice Act (FCPA).  The app can be downloaded free from  Apple Inc.’s iTunes app store. (search: “OMM FCPA”), and is designed for use on the iPhone® and iPad® devices. According to a firm spokesperson, the app has been downloaded 550 times since it  was launched.

More firms are jumping on board to develop apps.  Fox Rothschild launched its New Jersey Divorce app in June 2013, after taking six months to build it.

I completely agree with legal marketing guru Micah Buchdahl, owner of marketing company HTMLawyers, who is quoted saying, “there are more law firm apps on the market than people may realize. But that  doesn’t mean they are all effective. . . . The reality is that most of these apps that the law firms have developed have  very small usage and really it’s just about saying that you have one . . . If a firm does create an app, the best bet is to be practice-area specific . . . the apps have come down in price and can cost between $5,000 and $25,000 to  create, depending on the app’s sophistication.”

I didn’t say this was a cheap strategy.  I said it was a smart one.

Most firms don’t have the internal resources to develop an app.  Latham & Watkins and O’Melveny & Myers had the talent on staff.  I’m not sure whether Fox Rothschild did their own design work on the app, but suspect they did.  When West Virginia-based Spilman Thomas & Battle, which has an office in  Pittsburgh, decided to develop a human-resources-focused app, they turned to  Pittsburgh-based Quest Fore for assistance.  They launched their app, SuperVision in early July, 2013.

There is no doubt that we’re just scratching the surface of the development of law firm apps which are actually useful to clients, rather than being a glorified advertisement for the firm.  Right now this is a strategy which requires a significant investment of time and dollars.  Given increased demand by law firms,  I anticipate that tools will be developed which will make app development an affordable strategy for smaller firms.

 

Document Assembly – Work Smarter Instead of Harder

Repetitive documents are most cost-effectively produced using document assembly software.  I recall reading that approximately 80% of legal documents are mostly repetitive; using boilerplate language.  They provide opportunity to gain efficiency in production by working smart.

Document assembly software provides a user with the ability to create an “interview” or “standard information” form.  It then merges the information into a document.  While one can actually create quite intelligent merges using the native capabilities of Word or WordPerfect, it requires extensive training and skill to actually go beyond a simple merge, e.g. to include if/then logic in the merge.  Using document assembly makes it easier to do advanced work with less training.

Document assembly also makes it easier to ensure consistent collection of data through use of the interview form.  Think of it as your checklist to make sure all the essential information required to produce the document is collected each time.  Use of the interview form also allows for clients to input information directly, with the resulting document draft being delivered to the attorney for review and any additional required customization.

HotDocs is one of the first real document assembly programs to be introduced to the legal community.  According to the HotDocs website, their software is “the platform of choice for 35% of the US document-generation legal market.”  That’s impressive, given that there are some excellent competitors out there, such as DealBuilder, Ghostfill, Pathagoras, and one of my favorites, The FormTool, to name but a few.

HotDocs continues to retain its lead over other programs because most early adopters have continued to use it over the years, in order to preserve the investment of their intellectual capital.  Those who adopted document assembly later, were more inclined to use some of the other, newer programs.  Many are deemed easier to use, based on the feedback I receive from lawyers.  However, it should be said that HotDocs is still a solid program.  For firms which have been users, they will be glad to know that HotDocs now offers cloud-based document generation.  Pricing has yet to be announced.

If you routinely produce documents which lend themselves to automation, such as  wills, loans, interrogatories, leases, and so forth, you would be wise to investigate the excellent choices of software available, which are designed specifically for law firm use.  Remember, you can’t work harder.  You need to work smarter.  Document assembly software is all about helping you work smarter.

Simple Timeline Software

Sometimes you need to create a simple Timeline, but you don’t do it often enough to justify buying expensive application software.  What do you do?

We’re all probably familiar with TimeMap, now owned by LexisNexis.  It was probably the first really good and easy-to-use software designed specifically for this purpose.  It’s become a favorite of trial attorneys and paralegals.  There are always specials at trade shows, like ABA TechShow, and I grabbed it for $99 a number of years ago.

If you don’t do a lot of timelines, or don’t get to the shows, how can you produce a decent Timeline without spending the bucks?  Simple.  You already have tools to do it.  Here are instructions on how to create a Timeline using Excel.  Here are instructions to create a Timeline using the SmartArt graphics feature in PowerPoint.  There’s even free shareware called Timeline, which is a cross-platform application.

All three tips are courtesy of attorney Paula Gibson, on ABA’s LawTech listserv.  Thank you Paula!

Keep Track of Your “Stuff”

We all lose stuff, even if only temporarily.  What if you could “tag” all your stuff with a tracker, so that when misplaced, you could locate it easily on your Smartphone?  That’s what Tile is for.  A Personal Asset Manager to help track one’s stuff.  It’s about time.

Currently, Tile only works with the iPhone 4S, iPhone 5, iPad Mini, iPad 3rd and 4th gen, and iPod Touch 5th gen.  And I can’t say it’s really cheap.  One Tile is $18.95.  The more you buy, the more you save per Tile.  Up to 10 Tiles can be put on one account.  You attach, stick or drop your Tile into/onto any item you might lose such as laptops, wallets, keys, guitars, bikes—you name it.

The good news:  The Tile app saves the last GPS location it saw your Tile.  It shows the location on what looks like a Google Map. Tiles come with a built-in speaker so you can easily hear it in close range.  You never need to replace the batteries or even charge your Tiles.

The bad news:  Tiles last a year. You’ll receive a reminder when it’s time to order new Tiles and you’ll get an envelope to recycle your old ones.  So think of it as an annual subscription cost for asset protection.  For an expensive electronic device, bicycle, or even a pet, the annual cost is well worth it.

If this takes off, it will no doubt expand to other operating systems.  I’m intrigued.  Are you?

Does Communication Overload Impact Civility in the Profession?

I have  theory, but I’m not sure I have any answers.    I’m hoping you do, and will take the time to express your thoughts.

My theory starts with a base assumption that most people in the legal environment are suffering from information-overload anxiety.  Some refer to the new forms of communication known as social media as a “sea change” in communications.  I don’t think it’s a change; meaning that these forms of communication have not replaced traditional forms of communication.  Rather, it’s more like a Tsunami.  New forms of communication have been added in addition to traditional forms.

Yes, for the most part, email attachments have replaced faxes.  And in that one respect, we’re dealing with change.  But we now must process additional forms of communication.  Facebook, LinkedIn, Google+, eNewsletters, Tweets, Blog posts, Alerts, Listservs, Discussion Groups, and text messaging.  This on top of traditional business-related email, voicemail, and for some, video mail.

If I’m out of the office just one day, I come back to a backlog of 350 – 450 emails, mostly excluding spam.  That means on the day I’m back in the office I will have to go through 700 – 900 emails to stay current.  On top of all the other work waiting for me.  Yeah, right!

Even though I teach lawyers and law firm staff how to use Rules and Folders to allow the cream to rise to the top of the inbox, and follow those suggestions myself, it’s just not enough anymore.  What’s that old saying?  The faster I go the farther behind I get!

Over the span of several decades serving the legal industry, I have observed a myriad of changes.  Some have been for the good, some not.  A matured marketplace presents profitability and competitive challenges.  The pendulum has swung from flat fee to hourly billing, and back toward flat fee in many practice areas.

From my perspective, one of the most undesirable consequences of industry changes has been a considerable decrease in the civility which had been an outstanding characteristic of this profession.

Have you noticed it?  Simple courtesy seems all but lost.  One-upmanship prevails.  Competitors act more like enemies than colleagues.

I am writing an article for an upcoming issue of  The Pennsylvania Lawyer.  It’s the annual technology issue.  However, even though I am a “techie” from the perspective of most, and am always promoting working smarter instead of harder through effective use of technology, I firmly believe that the entire legal industry is being crushed under the daily onslaught of communications.  I believe each and every lawyer is trying to keep their head above water in this area.  And I conclude that this constant barrage is making a lot of you cranky . . . really, really cranky.

Tell me what you think. Are you suffering from information overload? Are your colleagues? What techniques have worked, and which have failed, to help you stay on top? Does the pressure get to you? Are you crankier than you used to be?  Or are you just cranky for a whole set of other reasons?

Please share!

Cyber Security and Data Privacy

Gibson Dunn & Crutcher LLP just published a very sobering article on this topic.  The article is entitled “Cyber-security and Data Privacy Outlook and Review: 2013,” and it is probably one of the most comprehensive reviews on the status of lawsuits, regulatory changes, and breaches I’ve read to date.  It’s guaranteed to make you wince.  The good news — maybe I should say the only good news– is that this arena has the potential to create lots of opportunities for lawyers.  Work abounds in class actions, defense, regulatory compliance, security audits and policies, trade secret protection, and white collar crime, to name but a few.

Just to give you an idea of how bad a year 2012 was in terms of security, here is a brief excerpt:

Data breaches continue to grow in both number and scale. This past year saw major hacks at Zappos (24M customer accounts), Statfor (private U.S. intelligence firm; 5M e-mails), Global Payments (1.5M credit card numbers), LinkedIn (6.5M passwords), eHarmony (1.5M passwords), Yahoo (0.5M passwords), Nationwide Mutual (1.1M customer accounts), and Wyndham Worldwide (600K credit card numbers). According to industry reports, this past year saw a sharp increase in browser-related exploits, such as luring an individual to a trusted website that has been infected with malicious code. Using browser vulnerabilities, attackers can install malware on the target system. In addition, the rise of “bring your own device” policies in the corporate world have led to security challenges for organizations. For example, many large organizations reported that security breaches were caused by their own staff, most commonly through ignorance of security practices.

This past year saw a dramatic increase in the number of breaches from state and local governments. Leading the pack was the South Carolina Department of Revenue, where an employee fell for a phishing e-mail that allowed hackers to steal 75GB of data containing the social security numbers, credit cards, and bank account information for 3.8M residents. The data also contained information about 700,000 businesses. The governor faulted outdated IRS standards, which did not require social security numbers to be encrypted. Another major hack affected the New York State Electric & Gas Company, in which 1.8M customer files were stolen that included social security numbers and some financial information. Investigations of the hack faulted out-of-date data security standards. Other notable breaches occurred at the California Department of Social Services (700K employees’ payroll information), Utah Department of Health (780K citizens’ health information), and the California Department of Child Support Services (800K health and financial records). Many of these attacks could have been prevented by following up-to-date security standards.

No wonder President Obama signed an executive order on February 12, 2013, seeking to strengthen the cyber security of critical infrastructure, by directing the development of a public-private sector cyber security framework, and increasing information sharing between the public and private sector.  If you’ve been following my blog, you’re read my previous posts “Another Cyberattack on a Major U.S. Bank;” “Cyberattacks on U.S. Banks — Are You Safe?;” “Beware Email Messages from Facebook Friends;” and “Trojan Infects 260,000 Android Devices” to name just a few.

It’s a very dangerous computing world.  That means you have to keep up to date on developments.  You need to keep your software updated to plug security holes as they’re discovered.  You need to actually use your shredder.  You need to avoid using public WiFi for accessing confidential information.  You have to train your employees not to click on links or email attachments which are unexpected, regardless of the source.  You should encrypt your laptop hard drive, and use a boot password too.  You should be sure you have enabled the ability to remotely wipe the data from your Smartphone before you put anything on there.  This is just a start off the top of my head.  If you’re not already doing all these things, or if you don’t even know about some of these things, perhaps your starting point should be a simple security audit by a qualified vendor.

WordPress Themes