In Depth: Cloud Computing for Lawyers

From: Law Technology Today, Posted by: Gwynne Monahan August 29, 2014

The phrase “cloud computing” is ubiquitous. Instagram. Dropbox. Google Apps. Evernote. Netflix. There is little in every day life not touched by cloud computing. That’s increasingly true for the practice of law and running a law firm as well. Here’s what you need to know to get the most of cloud computing applications, with an eye on ethics and client confidentiality.

The Basics of Cloud Computing

Cloud computing, broadly defined, is a category of software and services delivered over the Internet rather than installed locally on a user’s computer. Cloud computing offers a variety of potential advantages, including:

  • Low upfront costs.
  • Access from any device with an Internet connection.
  • Simple setup and configuration.
  • Built-in disaster preparedness.

Using cloud computing applications in your practice can give you freedom and flexibility. For example, it removes the worry of losing a day of work for solo and small firm lawyers, and it lets cross-country or otherwise disparate teams collaborate efficiently at mid-size and large law firms. Because cloud computing places data–particularly client data–on remote servers outside of the lawyer’s direct control, it is also cause for some concern regarding client confidentiality and the applicable rules of professional conduct.  Each lawyer considering using cloud-based tools will need to weigh those concerns and make sure they’re confident they’re taking reasonable steps to protect their clients. Further reading: Lawyers and the Cloud: 3 Myths Debunked

Chrome Plans to Mark All ‘HTTP’ Traffic as Insecure from 2015

From: The Hacker News, Tuesday, December 16, 2014

Google is ready to give New Year gift to the Internet users, who are concerned about their privacy and security. The Chromium Project’s security team has marked all HTTP web pages as insecure and is planning to explicitly and actively inform users that HTTP connections provide no data security protections. There are also projects like Let’s Encrypt, launched by the non-profit foundation EFF (Electronic Frontier Foundation) in collaboration with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the Internet at the beginning of 2015. <READ MORE>



ILTA’s 2014 Technology Survey: An Early Holiday Gift for the Legal Tech Community

From: Inside Legal, December 4, 2014

Now that Black Friday and Cyber Monday are behind us, the best deal we see this holiday season comes from the International Legal Technology Association (ILTA) with their annual report, ILTA’s 2014 Technology Survey. This granddaddy of legal technology deployment & usage benchmarks has it all … 454 law firms (33% of the ILTA membership representing more than 106,000 attorneys and 217,000 total users) responding to almost 200 questions about what technologies they are using to run their firms; expert commentary by ILTA staff and member firms to support the findings and useful technology trending and ‘un’ trending info based on ‘compare and contrast’ exercises with previous survey editions. And, oh yeah, if that hasn’t sold you already, the entire 300 page PDF ‘opus’ is free of charge … a more than gracious ILTA legal technology community service gesture.

While we have not had the chance to dive in to the freshly published (released to ILTA members today!) findings, we did receive some survey themes from ILTA’s executive director and tech survey ‘MC’ Randi Mayes worth sharing here:

Security: ILTA has seen a strong trend in security over the last few years, and it continues in 2014. Initiatives like security audits and web filtering have become the norm (now at 73% and 81% of responding firms, respectively,) and hard drive encryption (now above 50%) are becoming much more common. As the survey executive summary notes, to a large degree, firms’ security agendas are being pressed by clients and regulators, and the recent government privacy and security sanctions of blue chip financial services and telecommunications companies will only accelerate security as priority #1. <READ MORE>

Data breach trends for 2015: Credit cards, healthcare records will be vulnerable

From: PC World, Tony Bradley@tonybradleybsg, Dec 3, 2014

The data breaches of 2014 have yet to fade into memory, and we already have 2015 looming. Experian’s 2015 Data Breach Industry Forecast gives us much to anticipate, and I’ve asked security experts to weigh in with their thoughts for the coming year as well.

Experian highlights a number of key factors that will drive or contribute to data breaches in 2015. A few of them aren’t surprising: Organizations are focusing too much on external attacks when insiders are a significantly bigger threat, and attackers are likely to go after cloud-based services and data. A few new factors, however, merit your attention.

First, there is a looming deadline of October, 2015 for retailers to upgrade to point-of-sale systems capable of processing chip-and-PIN credit cards. As banks and credit card issuers adopt more secure chip-and-PIN cards, and more consumers have them in hand, it will be significantly more difficult to clone cards or perpetrate credit card fraud. That’s why Experian expects cybercriminals to increase the volume of attacks early in 2015, to compromise as much as possible while they still can.

The third thing that stands out in the Experian report is an increased focus on healthcare breaches. Electronic medical records, and the explosion of health or fitness-related wearable devices make sensitive personal health information more vulnerable than ever to being compromised or exposed. <READ MORE>

A Different Kind of Holiday Traffic Safety

Holidays are special time of the year.  Millions of people go online in search of that unique recipe, a special deal or maybe a coupon to save a little money.  The Holidays are also the best time of the year for hackers to launch malware attacks.  Their attacks are focused on the aforementioned things we all look for and the success rate much higher because of the sheer volume of opportunities, aka traffic, presented.

Please be vigilant about where you go and what you click on.
Look for websites with the https:// – the “s” stands for secure.
Wishing you a Happy Thanksgiving and a safe online experience

Multi-Factor Authentication is Effective and Easy to Use

From: Law Technology Today, Posted by: Andrew B. Stockment November 24, 2014

You have probably heard horror stories about people whose personal accounts were hacked or companies that suffered data breaches that exposed customer information. The personal and business repercussions of an account being hacked range from minor inconvenience to major embarrassment, a damaged reputation, and financial loss. And for those of us in the legal profession, we have an ethical obligation to take reasonable precautions to safeguard our clients’ confidential information.

In order to prevent unauthorized access to your account, most online services (such as your email provider and your bank) require you to enter a username and password in order to authenticate your identity and log-in to the service. Two big weaknesses of the username and password model are: <READ MORE>

The Data Guardian: Transforming Legal IT

From: Law Technology Today, Posted by: Anthony Foy September 11, 2014

Just like nearly every other knowledge worker, legal professionals are becoming more mobile than ever. Based on recent research commissioned by Workshare, 96 percent of legal professionals are accessing documents on the move, with as many as 84 percent requiring access to work documents outside of the office to get their jobs done. This requirement for mobile working is being sufficiently met with an abundance of cloud-based file sharing applications in the marketplace, but this is often at the expense of security.

More than half of employees are bypassing corporate policies and opting instead for unsanctioned file sharing applications – like Dropbox and Google Drive – and risk exposing sensitive and high-value legal documents. Not all law firms are equipped with their own security and risk management teams, which leaves essential data protection responsibilities unclaimed. And as consumer-grade apps continue to flood the workplace, it’s time for someone to regain control of corporate data and content. <READ MORE>

Am Law Survey — Information Security a Top Concern

From: Law Firm Risk Management Blog, American Lawyer Survey, 11/1/14

The American Lawyer has just published its annual technology survey: “Survey: Data Security Is Tech Chiefs’ Top Worry

  • “Worries about data security have reached new heights, our annual technology survey shows, with potential threats coming from outside the firm, and within.”
  • “Yet one topic dominates the discussion. In response to our question asking technology directors about their biggest challenges, 55 percent cited security, by far the most frequent answer. And overall, 74 percent of the chiefs say they are more concerned about security now than they were two years ago. Their clients are concerned too. While security was a leading topic on last year’s survey [“A Secure Location,” November 2013], the focus has only become more intense—and more time- and budget-consuming.”
  • “‘Five years ago, we didn’t have client security audits,’ says Gary Becker, the chief information officer at Reed Smith. ‘We’ve had over 15 of them this year.'”
  • “For law firm CIOs, the result is often a to-do list of remedial measures—new security hardware and software that must be deployed to satisfy the client, whose hypervigilance, several chiefs said in follow-up interviews, stems from multiple sources, including headlines hammering companies that suffered data breaches and beefed-up regulations, particularly in the finance and health care sectors.”
  • “But it is also time- and resource-consuming. Reed Smith now has three full-time staffers ‘dedicated to meeting the security requirements of clients,’ says Becker. ‘That’s three people I didn’t have five years ago.'”
  • Other firms have similarly bulked up on security experts. Vinson & Elkins, for instance, now has a full-time security director it didn’t have a few years ago. ‘There are a lot of steps we need to do now to meet client expectations on security,’ says the firm’s CIO, Dennis Van Metre. It’s not just a matter of installing the systems the client asks for, he says, but also ‘asking the questions our clients will ask us’ whenever a new tool, service or product is evaluated, from cloud computing to tablets to online deal rooms.

How to Transition from Spreadsheets to Accounting Software

From: Intuit QuickBooks, by Michael Ansaldo on October 27, 2014

Thanks to its presence on just about every business-class computer, Microsoft Excel has become the de facto tool for handling basic small-business accounting tasks. But while spreadsheets can be useful for a startup, they inevitably become cumbersome — and potentially harmful — when managing financial data for a growing business. When you have more than a handful of clients and transactions, it’s time to move on to accounting software. Here’s how to make the transition.

Why You Should Switch to Accounting Software

As your customers, vendors, and transactions increase, managing them in Excel becomes exponentially more complicated. Reporting — which requires you to manually enter specific formulas to get the information you want — becomes particularly time-consuming when working with large amounts of data. Also, spreadsheets are only as accurate as the person entering the information, and studies show the error rate increases with the complexity of the spreadsheet. Just ask JPMorgan about the devastating effect an Excel blunder can have on the integrity of your data.           <READ MORE>

Hackers swipe data of 60K in vendor HIPAA breach

From:Healthcare IT News, by Erin McCann, Associate Editor, 11/12/14

A state insurance plan subcontractor is at the center of a serious security incident after hackers gained three months of unfettered access to its computer system, compromising thousands of members’ health records. What’s more, despite discovering the HIPAA breach in April, it took officials some four months to notify those affected.

The Dallas-based Onsite Health Diagnostics – a medical testing and screening company, which contracts with the state of Tennessee’s wellness plan – notified 60,582 people that their protected health information was accessed and stored by an “unknown source.” The breach affected members from the Tennessee’s State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

[See also: Vendor sacked for HIPAA breach blunder.]

The system accessed, as OHD officials pointed out in an August notification letter, was not in official use since fall 2013. Health benefit member names, dates of birth, addresses, emails, phone numbers and gender were compromised in the incident. <READ MORE>