CybersecurityEmailHackingPhishing

Yahoo! Latest Dangerous Place to Be

 

 

 

I read Oregon’s Attorney General Ellen Rosenblum’s fraud alert on the Yahoo data breach. Makes me unhappy to read because 500 million users includes lawyers and many friends and family members. Why anyone would use yahoo for email if they are a lawyer is a question for another day. Or not. Please beware that the old adage: there’s no such thing as a free lunch has important lessons. Encrypt, encrypt, encrypt. Or plain avoid using free email platforms for your business. Google has business mail that is different from their free gmail. Your business is your business. But so is your clients’ business so you have an ethical duty to protect your clients’ business.

Ok, I am off my soapbox. Here below is AG Rosenblum’s post. Sign up for her alerts here. 

 

ag-fraud-alert

Was your information exposed in the Yahoo data breach?

Yahoo has confirmed data “associated with at least 500 million user accounts” has been stolen in what may be one of the largest cybersecurity breaches ever.

The stolen data may include names, email addresses, telephone numbers, dates of birth, passwords, as well as security questions and answers.

“This latest hacking “bombshell” — and the huge number of people affected by it — is a real reminder of something we often don’t take the time to do: We must be vigilant about changing our email passwords regularly! If you use any Yahoo product, you should make sure you change your password immediately, and closely monitor any credit cards associated with your account,” Attorney General Rosenblum said.

If you use Yahoo services and have an account with Yahoo, you should do the following as soon as possible:

  • Change your Yahoo password, as well as your Yahoo secret questions and answers; and
  • If you reused any passwords, secret questions and answers from your Yahoo account to any other account (Gmail, Hotmail, etc.), change that information in those accounts as well.

In addition, Oregonians who have shopped and used a debit or credit card on a Yahoo account, or on a Yahoo web service, should:

  • Monitor your credit report. Visit www.annualcreditreport.com or call 1-877-322-8228 to order a free credit report and review it for errors.
  • Avoid clicking on links or downloading attachments from suspicious emails. Yahoo will be contacting affected users about this issue, but these emails will not ask you to click on any links or contain attachments and Yahoo will not ask for your personal information.
  • Beware of “phishing” (the activity of posing as a legitimate company to gain access to financial accounts) attempts and unsolicited calls or emails offering credit monitoring or identity theft services. These offers are attempts to steal your personal information.

If you find unexplained activity on your credit report or if you believe you are a victim of a “phishing” scam, there are important steps you can take to protect yourself. Contact the Attorney General’s consumer hotline at 1-877-877-9392, review the Attorney General’s website – www.oregonconsumer.gov – for information on identity theft, or view the Federal Trade Commission’s identity theft resource, available at www.consumer.gov/idtheft/.
Thank you, Attorney General, Rosenblum!

ag-rosenbloom

copyright September 23, 2016 Sheila Blackford

BillingClient relationsCommunicationEthicsLaw Practice Management

Practice Area(s) plus 1

image   by Sheila Blackford   ©2016

All lawyers must practice in two areas, their substantive area and ethics.

I remember the chit chat before the first day my ethics course in law school. The consensus was that it was an unnecessary class but would be a welcome break from the substantive law classes. I kept my opinions to myself as I had already found the ABA Model Rules on the Internet and devoured them. I liked Ethics and found the hypos a breath of fresh air, real life dilemmas sure to arise. Looking back almost twenty years later, I think it was the most helpful class as no matter what practice area lawyers get or transition into, ethics is always a plus 1 that stays consistent.

In Oregon, bar complaints are directed to the Client Assistance Office for evaluation of whether there has been a breach of ethical duties that need to be referred to the bar’s disciplinary counsel. Triage. They deal with a lot of complaints from clients and third parties. As long as the CAO has issued their reports, the main complaint areas revolve around communication, neglect, and fees. How easy to fix these problems!

ORPC 1.4 Communication. (a) A lawyer shall keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information. 

Reasonably Informed.  Some lawyers bristle at this. Clients want to know what’s going on with their case.  It is a pretty easy standard to meet, though beware the subjectiveness of what is reasonable. In the lawyer’s world there are many client matters to be concerned with, some with more pressing urgency than others. In the client’s world, there is only one case: the client’s. Communicate ahead of time how you will communicate, how often you communicate, and when you will communicate. Provide a roadmap of the client matter so that the client understands the real life process of a lawsuit. On t.v. They are in court before the second commercial and the case is settled before the closing credits run. What a shock to find out how long it really takes.

Be clear with the message communicated, I will call you back later, meaning what?? Doubt this is a big deal? Those of you who are parents should think back to your call to the pediatrician when your baby was sick. I was told the doctor would call back and I was frozen for hours next to the phone. Fear clutched at me and I wouldn’t have wanted to eat even if I had walked away from my post into the kitchen. “Teething, just teething could bring on a fever and wailing?” Teething and colic were frightening events to a new parent. The tone of voice delivering the telephone diagnosis just made me feel more distressed and angry to have waited so long for a return call. The doctor was busy with urgent matters and mine concerns were insignificant. Your client feels the same often. If I’d only known that the doctor returned calls from 11:30 to noon and 4:30 to 5:00 or the next morning from 7:30 to 8:00.

Care of your client is easier when you explain timelines ahead of time even though all divorces don’t proceed in the same timeline. Do yourself and your clients a favor by setting forth what happens in a typical divorce proceeding, what can cause delays, when the client should call to report what just happened. Otherwise you may get called when the future ex spouse has taken the bathroom rug. Seriously, one family law attorney shared this very annoyance. I helped her to compose a Call Me Do’s and Don’ts list with a few funny examples thrown in to lighten things up. A divorce is traumatic and emotional and people going through a divorce aren’t going through their best times. And especially for personal injury suits, there long periods when nothing is happening. Because your client is not perched on a chair day after day seeing that nothing is going on, really, you should explain this ahead of time and use simple Status Update forms to quickly check in with your client and reassure you haven’t forgotten your client exists. Think about it: your client is in pain physically, mentally, emotionally thinking about this pain 24/7. A Status Update sent out monthly or bi-weekly is welcome reassurance that you haven’t forgotten. It’s even better than calling your client’s home at noon on a work day to leave a voicemail that all is well, you’re just waiting to receive medical records requested last week from the doctor. Scan that Status Update or bcc yourself or your legal assistant to preserve a record of your client communication.

Reasonable requests for information are handled the same way. If your client is too demanding, you have failed to properly set client expectations. I told my elder law clients in my written fee agreement that I would provide them copies of everything,  which comprised their client file. I gave them a sturdy client file with a copy of their signed fee agreement and with papers write down all their questions so they didn’t forget something they wanted to ask me. I told them to bring this file to every client meeting and to put their copies into it. Documents were hole-punched and stamped “For Your Client File, No Action Needed.” It cut down on multiple phone calls to tell me something or ask me a question they had forgotten earlier.  I adapted this information management tool from teaching sixth graders how to stay on top of their assignments. See if you can adapt it for your own clients.

ORPC 1.3 Diligence. A lawyer shall not neglect a legal matter entrusted to the lawyer.

First thing to consider about client complaints about neglect: communicate don’t ignore your client or your client’s matter. Keep track of deadlines, even those imposed by your client, and use reminders, at least one reminder but this is frequently increased to three because the deadline requires adequate preparation time. Don’t wait until the last minute to do something because technology gremlins love causing printer malfunctions or crashing software programs when either are guaranteed to raise your stress level. Allow the time it takes to avoid poor performance. Notice the word entrusted. A client matter — no matter how small –has been entrusted to you by the client. It is always a big deal to your client. One of the biggest dangers of taking a case out of a desperate need for cash flow is that you may not like that client or the client matter. And what does that encourage? Putting off dealing with the client or client matter. You know that client file languishing on your credenza, office chair, or floor? Tackle it! Sooner than later. Get it done or fire the client before it is too late and you are stuck or have a bar complaint for neglect or a malpractice claim for missing a deadline that causes harm to your client. It is interesting to note that many follow up inquiries after a malpractice claim reveal that the lawyer would not have taken on the case in retrospect. Save yourself and your client needless stress: though shall not procrastinate or neglect a client matter. See the PLF practice aids for calendaring and docketing along with checklists for the substantive areas of law. you need checklists so you don’t overlook anything which is neglecting to do what you are supposed to do and when you are supposed to do it!

ORPC 1.5 Fees (a) A lawyer shall not enter into an agreement for, charge or collect an illegal or clearly excess fee or a clearly excessive amount for expenses. 

Notice that a fee is evaluated for being in compliance at three distinct times.

1. Enter into an agreement is when you form your contract, verbal (foolish) or in writing, at execution of your written fee agreement (wise).

2. Charge for fees or expenses. Sending out your monthly billing statement.

3. Collecting for fees or expenses. When client pays you.

All three times must be reasonable. What is reasonable? See Rule 1.5(b). Review the Economic Surveys on the OSB website which provide details about what is customarily charged, where, and by whom. http://www.osbar.org

Enjoy your practice of XYZ law and ethics!

 

 

 

 

 

 

 

 

 

Client relationsCybersecurityEthicsTechnology

Acting Competently: Complying with data security laws

image    by Sheila Blackford   ©2016      Lawyers have a fiduciary duty to preserve client confidentiality that has long been codified in Oregon under ORPC 1.6 Confidentiality of Information. For more than a quarter of a century, paper-based client files have become electronic files. The need to protect electronic client records has only become more imperative as lawyer have transmitted and stored their client files on the Internet.

ORPC 1.6 (7) (c):

A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

 ABA Model Rule 1.6 Comments 18 and 19:

 Acting Competently to Preserve Confidentiality

[18]   Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1 and 5.3.  The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure.  Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule.  Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules.  For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].     

[19]   When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.  Whether a lawyer may be required to take additional steps in order to comply with other law, such as state and federal laws that govern data privacy, is beyond the scope of these Rules.

DATA BREACH.

The words should fill you with dread. Then you will have the proper mindset to address the necessary protections so that you can prevent a data breach or at least insure that if data is breached, the data has been rendered unreadable because it is encrypted.

Be concerned about a breach of security and personal information. Both are defined terms in the Oregon Identity Theft Protection Act.  ORS §§646A.600-646A.628.

 What is a breach of security?

ORS §646A.602 (1)(a) “Breach of security” means unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of personal information maintained by the person. 

 What is encryption?

ORS §646A.602 (6) “Encryption” means the use of an algorithmic process to transform data into a form in which the data is rendered unreadable or unusable without the use of a confidential process or key.

What is personal information?

 ORS §646A.602 (11) “Personal information”:

(a) Means a consumer’s first name or first initial and last name in combination with any one or more of the following data elements, when the data elements are not rendered unusable through encryption, redaction or other methods, or when the data elements are encrypted and the encryption key has also been acquired:

(A) Social Security number;

(B) Driver license number or state identification card number issued by the Department of Transportation;

(C) Passport number or other United States issued identification number; or

(D) Financial account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to a consumer’s financial account.

(b) Means any of the data elements or any combination of the data elements described in paragraph (a) of this subsection when not combined with the consumer’s first name or first initial and last name and when the data elements are not rendered unusable through encryption, redaction or other methods, if the information obtained would be sufficient to permit a person to commit identity theft against the consumer whose information was compromised.

(c) Does not include information, other than a Social Security number, in a federal, state or local government record that is lawfully made available to the public.

How do we develop safeguards for this personal information?

 Requirement to Develop Safeguards for Personal Information ORS §646A.622

646A.622 Requirement to develop safeguards for personal information; conduct deemed to comply with requirement. (1) Any person that owns, maintains or otherwise possesses data that includes a consumer’s personal information that is used in the course of the person’s business, vocation, occupation or volunteer activities must develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the personal information, including disposal of the data.

(2) The following shall be deemed in compliance with subsection (1) of this section:

(a) A person that complies with a state or federal law providing greater protection to personal information than that provided by this section.

(b) A person that is subject to and complies with regulations promulgated pursuant to Title V of the Gramm-Leach-Bliley Act of 1999 (15 U.S.C. 6801 to 6809) as that Act existed on October 1, 2007.

(c) A person that is subject to and complies with regulations implementing the Health Insurance Portability and Accountability Act of 1996 (45 C.F.R. parts 160 and 164) as that Act existed on October 1, 2007.

      (d) A person that implements an information security program that includes the following:

(A) Administrative safeguards such as the following, in which the person:

(i) Designates one or more employees to coordinate the security program;

(ii) Identifies reasonably foreseeable internal and external risks;

(iii) Assesses the sufficiency of safeguards in place to control the identified risks;

(iv) Trains and manages employees in the security program practices and procedures;

(v) Selects service providers capable of maintaining appropriate safeguards, and requires those safeguards by contract; and

(vi) Adjusts the security program in light of business changes or new circumstances;

(B) Technical safeguards such as the following, in which the person:

(i) Assesses risks in network and software design;

(ii) Assesses risks in information processing, transmission and storage;

(iii) Detects, prevents and responds to attacks or system failures; and

(iv) Regularly tests and monitors the effectiveness of key controls, systems and procedures; and

(C) Physical safeguards such as the following, in which the person:

(i) Assesses risks of information storage and disposal;

(ii) Detects, prevents and responds to intrusions;

(iii) Protects against unauthorized access to or use of personal information during or after the collection, transportation and destruction or disposal of the information; and

(iv) Disposes of personal information after it is no longer needed for business purposes or as required by local, state or federal law by burning, pulverizing, shredding or modifying a physical record and by destroying or erasing electronic media so that the information cannot be read or reconstructed.

(3) A person complies with subsection (2)(d)(C)(iv) of this section if the person contracts with another person engaged in the business of record destruction to dispose of personal information in a manner consistent with subsection (2)(d)(C)(iv) of this section.

(4) Notwithstanding subsection (2) of this section, a person that is an owner of a small business as defined in ORS 285B.123 (2) complies with subsection (1) of this section if the person’s information security and disposal program contains administrative, technical and physical safeguards and disposal measures appropriate to the size and complexity of the small business, the nature and scope of its activities, and the sensitivity of the personal information collected from or about consumers. [2007 c.759 §12]

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Patients have federal legal rights to their protected health information. We sign forms about our privacy every time we go to the doctor’s office, treatment clinic, or hospital. Doubtful the average lawyer let alone average person has ever read the HIPAA rule which is nearly 700 pages long. Where this impact lawyers is when they are business entity that deals with health care providers, which includes CPAs, doctors, and lawyers.

HIPAA in Oregon. Oregon acknowledges a number of health-care provider/patient privileges that include preventing others from disclosing communications made with the health care provider for the purposes of treatment and diagnosis.  See OR. REV. STAT §§40.230, 430.235. Remember, that federal privacy regulations under HIPAA will preempt state laws unless the pertinent state law is more stringent.  See 65 Fed. Reg. 82,462, 82,464.

Lawyers need to be careful of individually identifiable health information. The best way to protect confidential client data: ENCRYPTION. Encrypting data which is then properly backed up and stored is the easiest way to begin fulfilling your obligations under HIPAA and under ORPC 1.6.

Gramm-Leach-Bliley Act 15 U.S.C. §§ 6801-6809 and §§ 6821-6827, as amended

  Under the Gramm-Leach-Bliley Act, financial institutions must protect the privacy of consumers’ personal financial information. This is why your financial institution provides you with annual notice of their privacy policies and why they must give notice and an opportunity to opt of before disclosing any of the consumer’s personal financial information to an unaffiliated party.

For lawyers, consider that you contain personal financial information in your client files, such as credit card numbers and bank account numbers. There may be a number of reasons that you have copies of your clients’ financial account statements, loan applications, tax returns, financial documents used in bankruptcies and dissolutions of marriages and business partnerships. How are you protecting the confidentiality of this information? Where are you storing it?

The best way to protect confidential client data: ENCRYPTION. Encrypting data which is then properly backed up and stored is the easiest way to begin fulfilling your obligations under Gramm-Leach-Bliley Act and under ORPC 1.6.   

BillingBusiness PlanningClient relationsFinancial ManagementLaw Practice Management

Becoming a Cost Center: the Story of Attorney Andrew

image   by Sheila Blackford   ©2016   I get to talk with attorneys who are trying to figure out the best method of increasing business. Should they do a Facebook firm page? Should the try using Google AdWords or try advertising with Yelp! or start a blog, or twitter feed? There are more ways to spend money than to make it. What all lawyers can do is pay attention to what they are spending their money on. A good way to look at expenditures is to view how many hours of work you must spend to pay for this purchase. If you work for a salary, it is easy to calculate your rate of pay. You have your annual salary. You can calculate how your hourly rate of pay from there. If you worked 52 weeks – no time off– then divide your annual salary by 52. If you work 40 hours a week – in your dreams, right?– then divide the weekly salary by 40. What you get is your hourly rate.

This is very different when you work for yourself. You have a billable rate, but you have overhead costs, and you likely do not collect the same amount of money that you bill.  Let me introduce you to Attorney Andrew, admitted to the Oregon State Bar in 2005. Andrew has a billable rate of $200 an hour. He spends six hours working on the Client Carlton matter. He knows he really should have been able to do the work in four hours so he writes the Client Carlton bill down to four hours, $800. Client Carlton is billed $800 and pays $800. There are 10 additional clients billed during the same month totaling $8,400 and is paid only $6,600.

Attorney Andrew’s office rent is $1,200 per month. Allocating 1/12 of the Oregon State Bar annual membership dues equals $46.42; allocating 1/12 of the Professional Liability Fund annual assessment for the basic $300,000 malpractice insurance coverage and additional $50,000 claims expense allowance equals $291.67.

Attorney Andrew’s total gross income is $7,400 for the month. His proportionate expenses are $1,538.09. Attorney Andrew’s net income would be $5,561.91.Will he take the full amount as take home income? Or will he buy more paper and ink for his printer? Or should he save the money as a cushion against any future expenses.

What are Attorney Andrew’s numbers looking like? Attorney Andrew wrote down $200 on the Client Carlton time charges. What amount of time did he write down on the other client matters? If he billed $9,180 but only collected $7,400 then his collection rate for this month was 81%.  $7,400 divided by $9,180 = 81%.  COLLECTION RATE EQUALS THE AMOUNT RECEIVED DIVIDED BY THE AMOUNT BILLED.

But if his time charges entered for the entire month were 60 hours (value = $12,000) and he wrote off 14.10 hours and only billed 45.90 hours (value $9,180), then at his $200 billable rate he was only paid for 37 hours ($7,400). As a result, his realization rate is on 62%. $7,400 divided by $12,000 = 62%. REALIZATION RATE EQUALS THE AMOUNT RECEIVED DIVIDED BY THE VALUE OF TIME RECORDED. 

If you haven’t run screaming from being in front of this blog post, take a look at Attorney Andrew’s net income of $5,561.91. We realize there are other monthly overhead costs besides rent, and 1/12 of the  annual OSB bar membership dues and PLF assessment for malpractice insurance coverage. You can do your own precise calculations with all your numbers. If I told you that Attorney Andrew was somewhat prudent and only paid himself $5,000 gross salary a month, then his gross annual salary is $60,000. Based on 52 week in year, 40 hour work week, Attorney Andrew’s gross hourly rate of pay is $28.85. Considering how proud Attorney Andrew is to have a billable rate of $200 an hour, that gross hourly rate of pay is something else isn’t it?  Well, though painful, it isn’t accurate: don’t forget federal and state taxes and other withholding amounts for social security and medicare that Attorney Andrew must pay. His net pay is not $28.85. It’s less…

For the sake of our sanity, let’s just run with this $28.85 an hour gross hourly rate of pay. Attorney Andrew wants to purchase a new leather sofa long enough to nap on, delivered to his condo from Pottery Barn, he will spend $3,499. Not bad! He better like it because it will take him 121.29 hours to earn the price of that leather sofa based on his $28.85 gross hourly rate. And we won’t talk about the dream car Attorney Andrew is dreaming of buying. It is pretty cool looking for a car.  Okay, I’ll tell you what his dream car is so you can google it and share the dream: the 2016 BMW i8 with a MSRP of $140,700. If Attorney Andrew had a savings account to clean out, it would take 4,876.95 hours based on his $28.85 gross hourly rate to put that baby in his garage. I wonder what his condo cost if it has a garage. Hmm…

So the moral of this story of Attorney Andrew is multi-layered.

  1. Don’t get overly impressed that your billable rate is $200 an hour.
  2. Look at your collectible rate.
  3. Look at your realization rate.
  4. Before falling in love with new furniture and cars, calculate how many hours you will have to work to pay for them.
  5. Before getting more clients, look at how efficiently you are serving the clients you already have.

 

 

 

 

 

CybersecurityEmailLaw Practice ManagementTechnology

Watch and Authenticate Email Sender Before Opening an Attachment

 

image  by Sheila Blackford   ©2016

Senders of malware are tricky, but lawyers and their staff are smart enough to thwart the sender’s efforts.

Recently a colleague here at the PLF was contacted by a concerned Oregon lawyer who received an email eCourt notice that turned out to be fake and trying to deliver an attachment that was a virus.  The facts are instructive.

Lawyer had an upcoming hearing in lawyer’s local county court. Let’s say the date of the court appearance was for May 18, 2016. The reminder purported to be from the local county court providing a court reminder of the upcoming hearing. The date was accurate. The attachment was labelled “Court Notice.” Lawyer’s virus , Oregon’s 4th Judicial District scanner detected this email as being a problem so flagged it as a virus. Although the email ‘said’ it was from the county court, the domain name was completely different. Lawyer did not open that “Court Notice” which would have launched a virus. Lawyer called to share the lesson.

What is the lesson? You can never be too careful with email mail attachment and emailed hyperlinks. Spoofers pretend to be legitimate companies. But if you look close, you can catch the spoof, whether the domain name doesn’t properly match or the email message reads a bit off. It calls for paying closer attention. For example Multnomah County Circuit Court has a very nice website. http://courts.oregon.gov/Multnomah/Pages/index.aspx A specific judge at Multnomah County Circuit court would have their email address looking like this: FirstName.LastName@ojd.state.or.us. Don’t just rely on the name, look for the actual email address coming from the expected domain name.

My email may show up in your email inbox as coming from ‘Sheila M. Blackford’ but pressing on the name, you will see my actual email address domain which will be SheilaBatOSBdotPLFdotORG.  I really don’t like spam or malware in my inbox. That’s why my email address spells out the proper email punctuation in the previous sentence. There are robots that harvest email addresses from the Internet so I wanted to be careful here.

A lesson about attachments, be careful before opening any attachment. It could be malware, not what you are expecting. Hopefully your malware protection software will flag it. But it may not. Unless you are downloading a program from the internet from a verified trusted site– you should never be opening a document that ends with .exe.  CAVEAT: Be certain that you are about to download a safe program from a  legitimate website such as downloading Windows 10 from Microsoft.com.  Microsoft Word 2016 documents end with .docx  You may notice that your malware protect software provides an option to scan a document before opening it.

I will never forget my own malware experience while in law school at University of the Pacific, McGeorge School of Law. I was about 80% done with the law review article to be submitted for making law review. It was good. Past tense. When I  booted up to finish the last 20%, a virus executed and wiped everything out. Everything. Ah! I tried to reconstruct that article which took hours and hours. Sleepless in the Bay Area, my husband volunteered to drive me the 3 hours to get to law school in Sacramento on time to turn it in at the last minute. But it bore a poor resemblance to the article I had lost. I did not make the main law review journal. I did not make the second tier law review journal. I ended up as an editor on the California Initiative Review. Better than nothing but a bummer.Sad story, huh? But a malware virus could have even worse consequences for you lawyers. Seriously, think if your hard work was destroyed. AH! So be careful. You don’t need to learn lessons the hard way.

Be safe.