Category: Law Practice Management

CybersecurityFraud & EmbezzlementLaw Practice ManagementTechnology

Ransomware Alert: 7 Prevention Considerations

image   by Sheila  Blackford   ©2016   It is time to be scared about Ransomware, but not paralyzed by fear. The bad news is that there are more cases of ransomware – malware that seizes control of your data, encrypts the data, then demands a ransom to turn over the key to decrypt the data, though many are finding the ransom payment is no guarantee of the data. The good news is that there are things you can do proactively to protect your data, and that is empowering.

The FBI requested that the ABA share Private Industry Notification cybersecurity alerts with the legal community.  I want you to read this Ransomware alert then do at least one of its recommendations but I honestly hope you will be scared enough to do them all. To sign up for receiving future alerts, use this link to the ABA. https://shop.americanbar.org/eBus/MyABA/MyLists.aspx  

‘While the FBI normally recommends organizations invest in measures to prevent, detect, and remediate cyber exploitation, the key areas to focus on with ransomware are prevention, business continuity, and remediation. “

7 Prevention Considerations from the FBI:

1.  Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.

2.  Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.

3.  Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.

4.  Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; and they should operate with standard user accounts at all other times.

5.  Implement least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. Configure access controls with least privilege in mind.

6.  Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.

7.  Implement software restriction policies (SRP) or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

 

 

Business PlanningEthicsLaw Practice ManagementLawyer AssistanceProfessionalism

The Gift of Time

 

image    by Sheila Blackford   ©2015   The 2015 holiday season is in full swing. This time of year, many lawyers question if they should leave their law firm and go solo or start up their own multi-attorney firm or just hang it up and retire or switch careers. These are all things that are best to think about. I just question whether this might not be the best time to be making such life changing decisions. It’s a bit like deciding whether to get a divorce. Good to consider but with the stress of the holidays and busy pace of visiting family and friends, this may not be the time when you can do your best thinking. Can you give yourself the gift of time?  Why, you ask? To give yourself time to consult with a good lawyer: yourself.

Take the time to think things through.

  • Can you see where this decision leads?
  • Do you need to sit down with a financial advisor to crunch numbers?
  • What about covering health insurance for you and any family members?
  • What practical considerations are needed in place to help you in the first six-month transition period?
  • Do you have the stomach for flying solo or weathering difficult relationship issues involving sharing control and maintaining trust?
  • If employees will be involved, do you have all the human resources areas taken care of before you create a BOLI complaint or lawsuit?
  • Do you need to sit down with a CPA and your tax returns and financial projections to determine your right choice of entity?
  • Should you and your prospective law partners do Myers Briggs, Strengthfinders, or some other psychological testing to determine if you really will bring compatibility and balance to the planning table?

Know your resources.

Oregon State Bar Economic Survey.

Oregon Attorney Assistance Program Attorney Counselors. For assistance with career planning and counseling.  503-226-1057  or 1-800-321-6227

  1. Shari Gregory, LCSW, JD on Ext. 14.
  2. Kyra Hazilla, JD, MSW on Ext. 13.
  3. Mike Long, JD, MSW, CEAP on Ext. 11.
  4. Douglas Querin, JD,LPC, CADCI on Ext.  12.
  5. Bryan Welch, JD counseling intern on Ext. 19.

Oregon State Bar General Counsel’s Office for assistance with ethics questions arising in the practice of  law. 503-620-0222 or 1-800-452-8260

  1. Helen Hierschbiel, General Counsel on Ext. 361. Will become Executive Director of OSB January 2016.
  2. Amber Hollister, Deputy General Counsel on Ext. 312. Will become General Counsel of OSB January 2016.

Oregon State Bar Client Assistance Office for assistance with initial screening of ethics complaints about lawyer conduct. 503-620-0222 or 1-800-452-8260

PLF Attorney Practice Management Advisors for assistance with the business of practicing law, including closing a law practice, departing from a  law firm, retiring or selling a law practice, or opening a new law practice.  503-639-6911 or 1-800-452-1639

  1. Sheila Blackford, JD on Ext. 421.
  2. Hong Dao,  JD on Ext. 412.
  3. Jennifer Meisberger, JD on Ext. 411.
  4. Beverly Michaelis, JD on Ext. 415.

PLF Claims Attorneys for assistance with handling situations where there is a concern of a potential malpractice claim. The receptionist will connect you to an available claims attorney.  503-639-6911 or 1-800-452-1639

PLF Practice Aids and Forms

 

EthicsLaw Practice ManagementTechnology

Guarding against Inadvertent Disclosure: Properly Remove Metadata and Redact Before Transmitting Digital Docs.

image   by Sheila Blackford    ©2015

Guard against inadvertent disclosures by properly removing metadata and redact confidential information before transmitting those digital documents.

Some lessons are so important, they bear repeating. For years the Practice Management Advisors at the PLF and through out the USA and Canada have cautioned lawyers about scrubbing metadata from documents.

Here is a brief snippet from my May 2006 Oregon State Bar Bulletin Managing Your Practice article, Metadata: danger or delight?

“…Much hype has surrounded metadata ever since the March 4, 2004, CNET News.com disclosure that SCO Group’s lawsuit against defendant DaimlerChrysler for alleged violation of their Unix software agreement was initially prepped as a lawsuit against Bank of America for copyright infringement. You may have enjoyed the benefit of using a suite of programs like Microsoft Office, especially because it is easy to pull data from one program into another, such as copying part of an Excel worksheet into a Word document. However, if you do this from the Edit menu using the “Paste Special” feature and selecting “Microsoft Excel Worksheet Object,” you may be in for a surprise. Double-click on the Excel worksheet object in your Word document and you’ll discover that the entire worksheet document is visible, including other worksheet tabs that may contain sensitive information. The entire Excel worksheet is known as an embedded object and is metadata that travels with the Word document. Thus, the full Excel worksheet can be viewed by the receiver of the Word document, even though you didn’t intend that result. The detriment of exposing more that a select portion of an Excel spreadsheet may be exponential if the additional figures pertain to your negotiation strategy on settlement offers or disclose profit projections for complex financing plans.

In complying with discovery requests, you are required to provide only the documents and data set out in the discovery demand. Beware — if supplying electronic versions of your documents — that you are not providing more information than required by inadvertent disclosures in document metadata.”

And a year later, then OSB General Counsel now Executive Director Sylvia Stevens warned lawyers about the perils of being unaware of metadata and referenced the August 2006 ABA Formal Opinion 06-442 Review and Use of Metadata in her April 2007 OSB Bulletin Bar Counsel article, Metadata: Guarding Against the Disclosure of Embedded Information.

“The ABA opinion stands as an important reminder that it behooves lawyers to learn and understand technological advances that are integral to their practice so that they do not inadvertently send information that they might later wish they had not.”
 

And a few years ago, OSB General Counsel Helen Hierschbiel cautioned lawyers about the perils of inadvertent disclosures when sending documents electronically in the June 2012 OSB Bulletin Bar Counsel article, Revealing Bits & Bytes:
Guarding (and Exploiting) Metadata
.

“Two rules inform a lawyer’s duties when sending documents electronically. Oregon RPC 1.1 requires a lawyer to provide competent representation to a client, meaning the lawyer must possess the “legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.” In addition, RPC 1.6(a) requires a lawyer to “not reveal information relating to the representation of a client.” “Information relating to the representation” is a defined phrase under RPC 1.0(f) and includes both information that is subject to the attorney-client privilege and other information gained during the course of the representation that the client has asked be kept secret or the disclosure of which would be embarrassing or likely to be detrimental to the client. With these two rules as a backdrop, the OSB Legal Ethics Committee concludes that competency in relation to metadata requires a lawyer who uses electronic communications to maintain at least a basic understanding of the technology and the risks of revealing metadata or to use adequate technology support. OSB Formal Op. No. 2011-187.”

To safely redact confidential and/or protected information when producing discovery or eFiling, be sure to use Adobe Acrobat XI Pro and follow the easy steps I shared in my June 2012 OSB Bulletin On Professionalism article, Easier Acrobatics: New Adobe Features Especially Appreciated by Attorneys.

“How to Remove Visible Data or Do Redaction from PDF Files in Four Easy Steps:

This can be done in Acrobat XI Pro only.

1. In Acrobat XI, choose Tools > Protection.

2. Click Mark for Redaction.

3. Go through your PDF and highlight the text or images you want to redact.

4. Click Apply Redactions. Acrobat permanently deletes the selected information from the file, replacing it with black blocks or other formatting of your choice.”

Why all the concern? Lawyers are continuing to trip when they should be treading carefully, as stressed in this Law360 post: E-Filing Error Can Destroy Trade Secret Status that you can read in its entirety with a free 7-day subscription.

 “First rule of thumb in trade secrets litigation? A trade secret must be kept secret. It is painfully obvious, but modern practitioners must not grow complacent due to the convenience of electronic filing. Although trade secrets law does not command absolute secrecy, a recent e-filing snafu in HMS Holdings Corp. v. Arendt offers a cautionary tale from New York on how one botched upload could jeopardize a client’s most prized possession.”

Make no mistake, ABA Model Rule 1.1 specifically addresses the need to be competent when using technology, see the December 2013 Your ABA article Duty of Competence in the 21st Century

Model Rule 1.1:

Client-Lawyer Relationship
Rule 1.1 Competence

“A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”

Comment 8:

Maintaining Competence

[8] “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”

Be safe out there!

Law Practice ManagementTechnology

Tech When an Upgrade isn’t an Upgrade

image  by Sheila Blackford   ©2014    I recently went through tech trauma that I want to share with you so you don’t need to repeat my experience. I had an iPhone 4S. Yes, I know, old technology replaced by cool technology I wasn’t yet ready to pay for. I knew I wanted to hold out for iPhone 6 and was waiting for Verizon to make me an offer I couldn’t refuse. Meanwhile, I dutifully upgraded iOS until coming up against messages that I lacked sufficient storage size. The lure of promised “security fixes” compelled me to action. Darn! After awhile, I finally sighed and proceeded to dump apps and photos and anything that I could delete so I could download the memory-hogging upgrade. My battery life became shorter. Then my charging cord didn’t seem to work well. Tried other outlets, other charging cords. Puttered on.

Last week I flew down to see my family in California. While watching Breaking Bad on Netflix with my sister who is evidently the only one in her house who didn’t see it, I noticed my iPhone was completely out of juice. So plugged it in. Red skinny bar. Showed charging zag but obviously something wrong. Tried various charging methods. Next morning still no juice. Made trip to Verizon. Verizon let me know that the upgrade messed up my battery. Nice Apple! How about telling us that we can’t upgrade the older 4 iPhone with the newer 8.12 iOS as we take your word that we need to upgrade. But I digress.

The Verizon store could examine my phone but would need new battery to do so. $99 to look at what is wrong with phone or $199 to buy new iPhone 6. Not much of a decision dilemma! Traveling without iPhone, felt like I was near amnesiac in a foreign country! Verizon only had an iPhone 6 Plus which was ridiculous to hold for phone in my hand. Couldn’t switch to any other Droid phones because I am too locked up in Apple. So off to Apple Store.

Meanwhile, I am stressing because this has changed from a “quick errand” before heading to a comedy show with my sister to a major time consuming process as Apple Store filled with post-storm Christmas shoppers wanting to get their Apple goodies or kill time. Big problem. When I get stressed, my memory winks out. What is my password? What is my Apple ID? Everything important was saved in my eWallet app on the dead iPhone 4s. Yes, I have another eWallet on my MacBook Air and iPad which are home in Oregon. Husband at work so no one could help.

Got reunited with Apple ID. Went over to another Apple Care Station to download a restore of my old phone’s data from the iCloud. Can’t believe my luck! I will have a better phone and all my old phone stuff including that eWallet app with the keys to my digital life in there. But, the storm affected the iCloud per the Apple munchkins. So after 4 attempts they sent me off with a iPhone 6 with my phone number. The attempted restores from iCloud put older contacts and apps on phone. Good enough until I could get home to Portland to safely wipe new phone and attempt to do a full restore from the iCloud. Happy to report success! It worked and everything back. Thank you, God of Technology!

But some lessons. That eWallet app to store passwords and user names is nice BUT if it is on a phone that becomes inaccessible due to dead battery or damage or being lost or stolen, you are out-of-luck. Yes, I had it on 2 other locations – lap top and iPad–but the problem is what if you don’t have access to those other things? Or there is some urgency? My sister has all her passwords written down. A jumble. Not a good solution either in my opinion but she’s my older sister and I can’t convince her. There are other apps that include access to your passwords via the internet. Might help. But then again, might have lack of internet. So think about your own situation. Gives you a headache doesn’t it?

So the lesson I started with is that upgrade may not be an upgrade for you. Especially if you don’t have the latest device. Maybe check suitability before hitting the “Upgrade Now” button lest it be the last thing you see on your tech tool. Maybe just go have an eggnog and be glad with me that I am home with a new phone with old important stuff on it thanks to backing it up.

Happy holidays!

BillingClient relationsFinancial ManagementLaw Practice ManagementUncategorized

More About Money: “Don’t Just Ignore the Bills!”

image  by Sheila Blackford   ©2014   I hear solos talking about the client who isn’t paying. Now usually this is a client who fell further and further behind on paying legal bills. Sometimes there was an initial retainer but that is usually long exhausted. The client is now ignoring your bills!

Assuming you feel you cannot “fire this client” for not paying you, I want to you if you have talked to your client about his or her client matter. Did you discuss a realistic appraisal of how long their case would be and how much it might cost based upon what your estimated fees and costs would be?

Communication about the likely expense of legal services is essential before setting forth on a client matter. But you may be saying, “it’s a little late now!” Not so. Sit down and review this client’s bills sent and not paid. How much is owing for how long? How much more fees and costs are likely to be be incurred? Does the client wish to pursue? Can you put your client onto a regular payment plan— such as $50 on the first and $50 on the fifteenth of the month. That is only $100 per month spread over the client’s two paychecks. Can you partially forgive the debt if the client can pay 50%-75% of what is owed to bring it current? Is this a client you are willing and able to help on a pro bono or partial pro bono basis? Can the client borrow money from a relative?

You may decide to do something yourself instead of ignoring your bills. Consider whether you can go forward in this representation. On the PLF website (www.osbplf.org) you’ll find an article, “How to Fire a Client.” See the practice aids and forms category on Disengagement Letters for the article and some sample disengagement letters. You will also see a sample agreement for charging a credit card which can be used for setting up a recurring charge to the client’s credit card in the category on fee agreements and engagement letters, “Fee Agreements: Authorization to Charge Credit Card.”

It is always wise to pick up the phone to check in with you client. If you feel uncomfortable, write out this telephone script and use some variation of it to get this situation resolved. At 45 days past the statement date, call your client and say, “Hello [CLIENT]. I just wanted to know if you got my monthly statement for [MONTH]? Is there some problem with the bill that is preventing you from paying it?” Then discuss your withdrawal, or offer a monthly payment plan or negotiate a settlement of whatever amount is past due. Remember the Oregon State Bar offers arbitration services for fee disputes. The important thing is not to ignore this situation.