New Software Scam

Do you have antivirus/malware software on your PC/Mac/Server? If so, pay close attention to that software’s renewal terms. Watch out for any future phishing emails that contain an attached invoice. The scam asks you to either click a link to renew your subscription or call the phone number listed on the fake invoice to cancel. 

Tips to Avoid Antivirus / Malware Software Scams

  • Visit the software company’s verified URL and pay through the software company’s portal
  • Calendar renewal dates
  • Keep your antivirus/malware software up to date
  • Know the general terms of all software on your PC/Mac
  • Avoid paying invoices through email
  • When in doubt, look in the software settings to find Support info. Don’t always trust contact information on search engines because sometimes the business information can be claimed by scammers.
  • Sometimes scammers pry on your browsing habits or purchases. Be sure to limit browser data collection by checking your browser’s security and browser settings
  • Keep all other software on your PC or Mac up to date
  • Educate your staff on technology scams so they know what to watch out for too
  • Check with your IT professional to make sure the software you use is up to date with today’s cybersecurity market, malware, scams

Visit www.scbar.org/tech for great links or email pmap@scbar.org for more advice.

Be a Gallant, Not a Goofus: Best Practices for Online Video Proceedings

As a kid, a visit to the doctor or dentist also meant reading Highlights for Children in the waiting room. My favorite part of Highlights was the Goofus and Gallant comic strip, which compared the actions of Gallant, who didn’t interrupt his parents, shared toys with his friends, and didn’t pull girl’s hair, to those of Goofus, who did the opposite.  Gallant wasn’t perfect, but his actions were to be emulated. Being like Goofus was to be avoided. 

    To be a Gallant, and not a Goofus, here are tips: 

  • Dress for success. A video court proceeding is still a court proceeding. Please don’t be the person who appears at a proceeding in a swimsuit by a pool, or, under their covers with bedhead. Wear something that you would wear to a live proceeding. 
  • Practice makes perfect. Most of the common platforms allow you to test your video and audio setup before a proceeding. How do you look? How do you sound? Consider investing in a new camera rather than using the setup that came with your laptop. Connect to the internet via a network cable if you can. It will be more reliable than wireless. 
  • Know your surroundings. If you are on Twitter, check out @ratemyskyperoom to see what a difference lighting and background make. What is your background like? Is anything confidential in view? Do you look like you are an organized professional, or do you look like you are being held hostage? If there is too much noise, try to move your setup. Do the best you can. At some point or another, everyone reading this is going to find their setup interrupted by dogs barking, children in need, vacuuming, or the appearance of an army of landscapers with leaf blowers blowing. 
  • Speaking of backgrounds, steer away from virtual backgrounds in court proceedings. Your children may think it is cool if you are on the bridge of the Death Star, but typically judges are not impressed. 
  • Try to look in the camera when talking. My colleague Jack Pringle puts a post-it note next to his camera to remind him where to look.  
  • Coordinate and lay some ground rules. Does everyone have a set of exhibits? Have they been shared with each other and with the court? Do your witnesses have access? Consider requesting a brief meeting with the judge a day ahead of time to make sure that everyone understands the sequence of witnesses and exhibits.  
  • Make sure everyone has contact information in case someone gets disconnected, and generally talk through what to do if someone unexpectedly loses internet connectivity. Instruct everyone how to log back in if a connection is lost temporarily – some courts lock hearings after they start.  
  • If you will have witnesses, google “witness checklist” for something that you can send to them so they know what is expected. There are plenty of examples out there so you should not have to reinvent the wheel. 
  • Speaking of witnesses, witness coaching is becoming a concern. You need a setup that allows the lawyer and the witness to appear on screen  simultaneously. Consider placing the witness in a different room. The added bonus to being separated is that neither of you must wear a mask. At the end, after talking for an hour or two, you won’t feel like you have just climbed Mount Everest. Make sure that the witnesses don’t have easy access to electronic devices – ask what they have within view. Ask whether they are alone. 
  • Make sure everyone has waived their right to a live hearing.  
  • Make sure no one is recording the proceeding.  
  • Mute your microphone when you aren’t speaking. (My mother’s advice to be seen and not heard has served me well.) Even if you can’t see or hear the judge and other parties, assume that they can see you, and act accordingly. 
  • Close your email and turn off your reminders. Don’t have any distractions. You may think that you can set your fantasy football lineup or answer emails and no one will notice, but trust me, everyone knows you are not engaged. If you don’t take your phone out to check Twitter at a live hearing, don’t do it during a proceeding. 
  • Be vigilant about talking over people. If it even looks like the judge is opening her mouth, make sure you are not speaking over her. 
  • Confirm whether you need a court reporter. If you do, make sure the court reporter has adequate equipment and bandwidth. If the court reporter needs to, consider allowing the court reporter to use an extra office in your office. 
  • If you lose the contact information for a proceeding, go to sccourts.org, and then go to the Calendar option on the upper right hand of the screen, put your cursor over it, and click on Monthly View. When you get there, go to the date of your proceeding and then click on the court you need. That will lead you to a page that lists the judges with proceedings that day. Find your judge and click on the link for the virtual courtroom. If you are prompted for a password, it is usually sccourts. Each judge’s page also contains call in numbers and helpful instructions.  

We all have some Gallant and Goofus in all of us. Be patient and kind to yourself and others when things don’t go according to plan. We’re doing the best we can under the circumstances. Video proceedings are not going away, so the time you put into learning and thinking about this is time well spent. 

Written by:
Michael J. Polk, Chair, Technology Committee
Belser & Belser, PA
Columbia, South Carolina

Password Tip

Have you ever saved a password in your browser, while logging into a website? If yes, it is a good idea to turn off that feature, which allows you to save that information, in your browser and choose a password manager!

Here are the steps to turn off the “save password” feature by browser:

Chrome

In Chrome, look for hamburger menu (icon looks like three horizontal lines stacked on top of each other) on far right hand side of browser, click Settings, click Autofill, click Passwords, toggle “offer to save passwords” off.

Firefox

In Firefox, look for hamburger menu (icon looks like three horizontal lines stacked on top of each other) on far right hand side of browser, click preferences, click Privacy & Security, look for Logins and Passwords section, uncheck “Ask to save logins and passwords for websites.”

Microsoft Edge

In Microsoft Edge, – click the three dot menu button (look for an icon that looks like …) on the far right hand side of the browser, Click Settings, Click the Passwords button, Toggle “Offer to Save Passwords” option to off.

Follow @SCBar_PMAP on Twitter for additional tips and contact pmap@scbar.org for assistance.

Seven Simple Suggestions

I know what you are thinking: don’t I have enough on my plate right now without making New Year’s resolutions? I agree. That’s why I have chosen a few very simple suggestions that might actually make your life a little simpler. Some of these resolutions, I mean, suggestions, also help you stay out of ethics trouble (win-win!). They are in no particular order of importance – start with the easiest for you to do. 

Get a password manager. We already know that passwords need to be complicated in order to be strong and we shouldn’t use the same one more than once (or write them on sticky notes or store them in Word file). The solution is a password manager. There are lots of good free and cheap password managers. Need to create a new password? Tell the password manager how long your want it and if you want to use letters, numbers, special characters, or all three. The password manager will create a password and save it for you. Later, when you visit that website and have to login, the password manager can fill in the information for you. All you need to remember is your login and password for the password manager! Popular password managers include Dashlane, LastPass, 1Password, and Roboform. You can also see if your internet security software offers a password manager – many do. 

Start using two factor or multi-factor authentication (MFA). I know that sounds techie, but stay with me. The easiest way to explain 2FA or MFA is to tell you that you’ve probably already used it. Log in to most financial institutions and you have to enter your password and then perform a second step, such as entering a code you receive on your phone by text. Voila! That’s MFA! Start adding this extra security layer now with all your email accounts. If you have a Google account, set up “2-Step Verification.” Not sure how? Google it. For the rest of the year, when you login to any of your online accounts or websites, look for instructions on how to set up MFA (and don’t forget that new password manager can store those logins and passwords). Trust me on this one, it may be the best and easiest way to protect yourself from hackers and safeguard client confidentiality. 

Check Google My Business. Yes, that’s actually what Google named their free marketing service. Do this: Google your law firm. Alongside the usual results list, you’ll see a block with photos, a map view, your firm address, phone, and other information. This is a free business listing and you need to “claim” it if you haven’t already. Click “Own this business?” or “Claim this business.” Do it, because if you don’t, someone else may and you may not like what they do next. But that’s not the only reason to claim it. You’ll be able to correct and add information and take other steps to help clients find you better. 

Try not to email clients anything confidential. Email fraud can occur when a lawyer emails details about a case to clients and other parties. If one of the people has had their email breached, the hacker may be watching email exchanges waiting for an opportune moment to intervene. This usually happens once they learn about money changing hands. They’ll spoof one of the parties’ email address and send their own settlement offer or bank routing instructions. If you need to discuss a case, use a client portal in a practice management program. If you’re using a cloud practice management program such as Clio, MyCase, Cosmolex, Rocket Matter (etc.) talk to the provider about how to set up secure portals for clients. Besides being more secure, clients appreciate being able to see how their case is progressing. 

Make sure that you have cyber insurance. According to a 2019 survey by the American Bar Association, one in four law firms have experienced a security breach. General liability and professional liability insurance policies may not cover all the costs of a cyber incident. Talk to your carrier and find out what your policies cover. Most lawyers discover that they need to add a cyber liability policy. Whether you are shopping for cyber insurance or reviewing your current policy, there are numerous articles on the internet outlining the claims that are frequently denied or not covered by cyber insurance, so read policies carefully.  

Hire a virtual receptionist. Clients hire law firms that have a live human answering the phone. For many small firms, a virtual receptionist/answering service can be a lifesaver. Banish the idea of the impersonal answering service your doctor uses after hours. Today’s virtual receptionists can help you all day by handling tasks a real receptionist would do. There are many companies to choose from, including Call Experts, Smith.AI, Ruby, and LexReception.  

Call the Bar for free help. The South Carolina Bar has lawyers on staff to answer questions about practice management (including technology), ethics, fee disputes, pro bono opportunities, and more. Bonus resolution: join a Bar section or committee for your practice area and take advantage of the free listserv!  

By Courtney Troutman
Director
Practice Management Assistance Program
South Carolina Bar

Getting Better All the Time

In 1981 or 82, because of my first job as a waiter at Chi Chi’s Mexican Restaurant, I needed transportation. My first car was a 1969 Chevy Imperial that my Uncle Eddie’s vocational rehab class rebuilt as a school project (including installing a sweet 327 engine).  My Uncle Billy bought me a timing light, and other assorted tools, and he spent some time showing me the finer points of tuning up an engine.  I am pretty sure that he gave me a Chilton’s manual, but that may be something I have added with the passage of time.  

Nowadays If I open the hood of my Honda Accord, I can barely find the windshield washing fluid, and if I was inclined to work on the engine (which I am not) I am sure that I would need a lift and this or that special tool. 

Similarly, years ago, when I reached a point where I had a home computer and an office computer, working remotely consisted of calling the receptionist to get the rundown of what was happening the office, checking my voice mail, and shuttling a 3.5 inch floppy disk between work and home.  

Times have changed. Many attorneys and their staffs are learning how to work remotely on the fly. It remains to be seen what changes will be permanent. Now is a good time to pause and consider how things are going, keeping in mind the attorney’s ethical duties of confidentiality and competence, and how to improve. Some commentators, including David Ries of Clark Hill in Pittsburgh, suggest you focus on three main areas: technology, policies and procedures, and people.   

If you are having trouble with your internet speed or reliability at home, it might be time to invest in a new router, your gateway to the internet. I recently bought a new entry level TP-Link router for under $100, and I can already tell a difference in speed and reliability. I was able to set up the router in about 10 minutes. If you have dead spots in your house, or if your work computer is far away from the router, consider purchasing a Wi-Fi extender, Powerline over Ethernet adapters, or possibly even a mesh Wi-Fi network. The latter is the costliest but may be the best long-term solution. Make sure that WPA2 encryption is enabled. This helps keeping your connection secure.  

If you use public Wi-Fi, it is worth subscribing to a Virtual Private Network (VPN) to ensure that your connection to the internet is private. A VPN essentially provides an encrypted tunnel to the internet. Avoid a free VPN. There are many good ones out there, but I use Surf Shark. It is easy to install, covers my family’s devices, received good reviews, is secure enough for my purposes, and was on sale for a couple of dollars a month for a couple of years. Also, don’t leave your computer or other devices unattended in a public place even if you are only going to be gone for a second. 

There is no such thing as perfect security. The good news is that you don’t need to outwit the NSA or any of the alphabet agencies or foreign actors. Just don’t be an easy target. 

Do you know where your backups are? If you used to back up to your server or NAS device where are you backing up to in your home office? What about your staff? I use BackBlaze because it is a cost effective solution for me, but some colleagues use Carbonite. I also use Microsoft 365, which is configured to provide another backup of my documents.  

If you travel with your equipment, what happens if it gets lost or stolen? Make sure that you have passwords enabled for your devices. If encryption is an option, make sure it is enabled. If your hard drive is encrypted, and it gets stolen, an encrypted hard drive will be useless to the thieves.   

For reviews of tech equipment, I usually start with the Wirecutter on the NY Times website and go from there. If an item is pricey, and I can wait, I will check camelcamelcamel.com for the best time to buy tech items from Amazon.com

Personally, if I had a smart assistant like Google home, Amazon Echo, or an Apple iHome device, I would turn it off while I was working, or, at a minimum, when I was discussing confidential information. 

Do you know how you sound on WebEx or Zoom? Some people sound like they are calling from the underwater city of Atlantis. All the services allow you to test your setup. If you do not like the way you sound, consider ordering a USB microphone. Play around with you lighting, and pay attention to your background when you are on camera. Test everything out before you need to do something, and, if your client needs to appear, check with them to make sure they can make the technology work. 

Do you use a password manager? Now is the time to try one out. I use LastPass, but Dashlane and 1Password are alternatives. Hand in hand with this is to enable two factor authentication of your accounts.  

The best practice is to use work equipment for work, and personal equipment for personal items. A remote worker should not share equipment with family members given the risk of inadvertent disclosure of confidential information. Make sure that your laptop shuts off after a reasonable period so that those around you are not tempted to check just one thing or play just one game when you aren’t around. Ensure that remote workers are not installing unauthorized programs on their work equipment and that their work-related apps and programs are updated – particularly security software. You may want to check to make sure that the remote worker’s access to the internet isn’t via hooking onto their neighbor’s Wi-Fi. Using a pair of earbuds or AirPods can keep people in your house from overhearing confidential conversations, particularly if you are prone to using a speakerphone. You may not think people in your house can hear what you are doing, but they can. (Those of us with children know how much they can absorb.)  

Everyone needs to stay vigilant against hackers. It is a sad fact that cyberattacks have increased this year and there is no end in sight. Learn how to spot scam emails. There are great videos on YouTube. Start with the ones produced by Sophos, which are short and to the point. 

What are you doing about paper? Make sure that the same safeguards you have at work are in place at home.  

Lastly, it is easier than ever to keep up with tech and best practices for working remotely. For a start, I would recommend subscribing to John Simek’s Your IT Consultant Newsletter and the TechnoLawyer newsletter. The SC Bar website also contains a treasure trove of information. Check it out if you have not done so lately.  

We’re one day closer to things getting better. That is something!  

Michael J. Polk, Esquire
Chair
SC Bar Technology Committee
Belser & Belser, PA
Columbia, South Carolina

Four Tip Friday

Hi everyone!

            1.         If you need an easy way to keep up with legal technology, subscribe to John Simek’s email newsletter, Your IT Consultant. (You can also subscribe via your favorite RSS reader, like Feedly.) Here is a link:  https://youritconsultant.senseient.com/    Recent newsletters have addressed password managers and home routers. And, of course, unless you are in Spaceballs, don’t use 123456 as a password.  https://www.youtube.com/watch?v=a6iW-8xPw3k   

2.        If you are looking for serviceable to decent noise cancelling headphones, check out either the ones by TaoTronics here  https://amzn.to/2BSW4OA  or the ones from Anker  https://amzn.to/38GVoaZ  I don’t use the noise cancelling that much, because it does not cancel out my bad dog’s barking, but the sound quality will satisfy the non-audiophile and battery life has come a long way. Plus, as someone on the Clockwise podcast pointed out, if you are wearing earbuds people will bother you, but if you are wearing a big set of cans, they won’t. 

3.        Some of you are saying, OMG I simply cannot put cheap headphones on my delicate ears. In that case, if money is no object, skip to 4, but if it is, check out  https://camelcamelcamel.com/   It will help you figure out when the best time to buy something is.

4.        If you are wondering how to get short links, check out  https://bitly.com/   It will make your life (and blog posts) easier!

We are one day closer to things settling down. That counts for something, right?

Let’s be careful out there!

Michael J. Polk, Esquire
Chair
SC Bar Technology Committee
Belser & Belser, PA
Columbia, South Carolina

Fastcase as a Supplement to Westlaw

In these strange new times, lawyers in firms of all sizes are seeking ways to reduce costs while remaining effective advocates. While many small firm lawyers in South Carolina rely heavily on Fastcase free legal research through the South Carolina Bar, larger firms with Westlaw subscriptions can also benefit. As a librarian, I am privileged to use Fastcase, Westlaw, Lexis, Casetext, ROSS Intelligence, Bloomberg Law, and other research platforms. Part of my job is to assess strengths and weaknesses of each platform, so I can better help anyone who contacts the law library with their research.  

Since Fastcase is provided free to all South Carolina Bar members, there are some good reasons to use it even if you are satisfied with Westlaw. Here are five examples: 

  1. No-Stone-Unturned Searches. Most lawyers who are unsure about a research result will get a second opinion from a colleague or a librarian. After all, two heads are better than one.  

By the same token, two platforms are better than one. We can’t see the proprietary algorithms each platform uses to interpret search terms and generate a list of relevant results. But we know these algorithms differ.  

When you need to doublecheck Westlaw search results, try running the same search on Fastcase to see if anything different pops up. Fastcase also lets you customize your Relevance Algorithm to ensure the results you’re seeking rise to the top. 

  1. Cost-Effectiveness. Lawyers must balance the requirement to perform competent research against the pressure to minimize both the cost of the resource and the cost of their time. Current trends favor flat-rate Westlaw contracts and treating research costs as overhead rather than passing them on to clients. Still, depending on how a firm allocates research costs internally, cost concerns continue to incentivize self-imposed limitations on Westlaw usage. 

Searching. If your preferred Westlaw search strategies are hemmed-in by cost concerns, unlimited Fastcase use can be a boon. For example, you can run as many searches as you want in Fastcase—wide-net searches, highly specific searches, searches within searches—it doesn’t matter. Searches are free, which removes the worry about costs and saves time by letting you focus on resolving the issue you’re researching. After trying out as many search queries as you want in Fastcase, you can always doublecheck a search in Westlaw. 

Analyzing Results. Westlaw lets you read a case excerpt before you decide whether to click the link to read the full text of that case and possibly incur a charge. Each case has to be in a different tab or window than your results list, complicating your workflow and leading to duplicate charges if you click on the same case twice. 

By contrast, Fastcase lets you freely view the full text of as many cases as you want, not just excerpts, and you can open each case side-by-side with your search results—in the same tab. Especially for a lengthy list of possibly-helpful results, the speed of the back-and-forth between your results list and the full text of the cases can save significant research time. 

  1. Cloud Linking. If you’re citing case law for someone who doesn’t have Westlaw, try Fastcase’s cloud linking feature. Drag and drop a blog post or white paper written for a general audience into Fastcase’s cloud linking drop box, and links to the full text of the cited cases will be added automatically. Anyone can click the links and read the cases for free online. 

Suppose your co-counsel uses Lexis or Casemaker, or that users of your firm’s brief bank want to limit their Westlaw usage. Cloud-link your shared research using Fastcase. Then, links to the cited cases will work for all lawyers with whom you share research, without their needing to log in anywhere or incur charges. 

  1. Additional Jurisdictions. It can make financial sense to limit a Westlaw contract to South Carolina law or Fourth Circuit law if that’s where your practice is focused. However, sometimes persuasive authority from other jurisdictions is needed.  
     
    Free resources (like Google Scholar, Findlaw, or Justia) will usually retrieve the full text of a case. However, those resources don’t let you check whether the case is good law, and they don’t make it easy to find other relevant cases from that jurisdiction.  

If you pull up a case in Fastcase instead, Authority Check will alert you to cases that cite it, positively or negatively. If you run a search, the Interactive Timeline points out additional relevant and frequently cited cases from that jurisdiction. You can retrieve those other cases on Fastcase for free, while avoiding charges for going outside your Westlaw contract. 

  1. Beyond the Basics. Upgrades from standard Westlaw packages cost extra, and the same is true of add-ons from Fastcase and its partners. Particularly for lawyers who rarely need premium research products, it is worth evaluating Fastcase partner options to assess resource quality and potential savings for occasional use of secondary sources, public records searching, case tracking alerts, and more. 

My hope is that SC Bar members—whether or not they use Westlaw—will get their dues’ worth from Fastcase. For more help doing so, the Fastcase support number is 866-773-2782, option 2, available Monday-Friday 8 am to 9 pm. 

By the way, the University of South Carolina Law Library can also act as a supplement to Westlaw. For example, we regularly fill email requests for PDFs of law journal articles that do not appear on Westlaw. A lawyer must provide the citation and agree to a $5 handling fee. See https://guides.law.sc.edu/remoteservicesbenchbar.  

By: Eve Ross
Reference Librarian
University of South Carolina School of Law Library
SC Bar Technology Committee

Lessons in “Work from Home”

As I write this column, many lawyers have left their offices to work from home (WFH) and more may follow. If, like me, your experience with working from home was using your work laptop or home PC to check emails and do a little work, the transition was a bit bumpy. As is true for many things in life, with office technology we often don’t appreciate what we have until we no longer have it.   

In March 2020, Bar members began a major exodus from the law office. If you already used a laptop as your primary work computer, you were one step ahead of the game. I used a desktop PC at the office, so I ordered a 14” Lenovo Thinkpad X1 Carbon from Lenovo (go to www.lenovo.com/statebar for the same price Lenovo employees get). It’s a thin, lightweight business laptop. My advice has always been to purchase business or professional grade laptops direct from the manufacturer. I was fortunate to order when I did. Lenovo has a shipping facility near Charlotte and I received the laptop the next day. Lenovo, Dell, and HP are reliable brands. (I am not anti-Mac – if that’s what you want, get one – but if you’ve always used PCs, maybe a pandemic isn’t the time to try something new.) With shortages on computers, one can’t be too choosy, but be aware of significant disadvantages when buying from a retailer versus a manufacturer, including changes in the warranty.  

Don’t obsess over RAM, disk space and other specs (most business machines are more than adequate for most lawyers) but make sure it has Windows 10 Pro 64-bit. I recommend purchasing an on-site warranty for the first 2-3 years – someone will come to you if you have a problem instead of having to ship the computer off. Whether you get accident insurance is your call. 

Many lawyers now use multiple wide-screen monitors in the office, so it won’t take long before you feel frustrated doing everything on a laptop. I lasted one day before going to Office Depot to purchase a docking station. It was a J5Create Boomerang and it would not have been my first choice. Lesson learned: when Lenovo suggested adding a docking station to my online basket, I should have bought it instead of fretting about the extra money. Once I added the Boomerang to my laptop with the included micro USB cable, I was able to add peripherals from the office and home: an external monitor, keyboard, mouse, speakers and headset with mic. When I need to, I can connect a Fujitsu ScanSnap scanner or small HP printer. 

Accessing your work computer or server remotely requires a VPN (virtual private network), remote control solutions, or Remote Desktop Protocol. You can find more information about these at www.scbar.org/pmap or look at reviews on PCmag.com. Remote control products include LogMeIn and Splashtop. I don’t recommend using Remote Desktop Protocol, which is disabled by default on Windows computers as it is vulnerable to breaches.   

If you only need to access your files, not software programs, there are alternatives if you plan ahead. Before we decamped our office, the PMAP Assistant and I moved files we thought we would need to Microsoft SharePoint. SharePoint comes with Microsoft 365 Business. (In case you missed it, Microsoft 365 is how you get Word, Outlook, Excel and the rest. There are 3 different plans, but as of April 21 most lawyers can choose Microsoft 365 Business Standard.) Working from home, we could go to Office.com, login and access files in SharePoint much as we would on our office’s server. In SharePoint, we work on the same files without worrying about different versions. If the files had all been in OneDrive, this step might not have been necessary, but SharePoint makes it easy to share files and collaborate. 

For phone calls, we signed up for free Google Voice numbers so we wouldn’t have to give out our personal numbers. Google Voice calls are forwarded to personal phones or you can make and receive calls from voice.google.com on your computer with a headset/mic or Bluetooth earbuds. It also works with texts – clients can text you and you’ll receive it in your Gmail. WhatsApp is another alternative for calls. These are temporary options during an emergency, not something I recommend lawyers using instead of regular phone service. Please conduct your own research before signing up with one. Lawyers with VOIP phone service at the office can take their physical IP phone home with them and receive their calls as they normally would.  

If inner office emails are crowding your inbox, ask coworkers to use Microsoft Teams (included in 365) to send chat messages, share files and links, schedule meetings, and even video chat. Video calls on Teams tends to be clunky compared to Zoom, but it’s as easy as clicking on the phone icon in Chat to call a coworker’s computer. There are options for guest access for people outside your organization, but it needs to be configured properly, so at this time I don’t recommend it. Client portals, included in many practice management software products, remain a more secure means of collaborating and communicating with clients. For non-confidential collaboration with non-clients, try Slack https://slack.com/.    

If there’s a “Tech Word of the Year” 2020’s might be “videoconferencing.” At this writing, Signal and WhatsApp are popular options to use for one on one calls, which are easier to secure. Videoconferencing with larger groups, such as mediations, require more sophisticated software, such as Zoom and GoToMeeting. Educate yourself on how to properly use all products (not just videoconferencing) for better security. There is no such thing as perfect security and privacy on the Internet.  

***Due to the rapid rate of change, please research all products mentioned in this column thoroughly before using  

By: Courtney Troutman, Director
Practice Management Assistance Program
South Carolina Bar

Technology Takeaways from the 2020 Bar Convention

In November, 2019, the South Carolina Supreme Court adopted amendments to Rule 1.0 (r), Rule 1.1 Comment 6, Rule 1.6 Comments 20 and 21, and new Rule 1.6(c) of the Rules of Professional Conduct. The amendments were modified versions of amendments made to the ABA Model Rules of Professional Conduct in 2012 meant to offer guidance to lawyers about technology. The Technology Committee sponsored a CLE at the Bar Convention in January, featuring national experts Sharon Nelson and John Simek who addressed best practices for lawyers to be ethically compliant and competent in the area of technology. They addressed three big areas: ethical competence in the digital area, disasters and data breaches, and the future of law practice. Here are some takeaways, but you can find this information and much more in the articles listed on their website https://senseient.com

Most, if not all, law firms have experienced a technology security event – from malware infections to total breaches. In light of that, firms should conduct security assessments and have incident response plans. Many cybersecurity insurance policies are requiring these (the cost of cybersecurity insurance is reportedly rising). Firm training is also critical, since the majority of security issues rely on human error and gullibility. Firms should have a security policy for employees to follow, covering everything from backups, BYOD (bring your own device), acceptable use and more. Firms should also have an incident response plan to avoid running around like a chicken with … you know the rest. The plan should include contact information, immediate steps to take, and steps to resume operation. Most states have data breach notification laws, including South Carolina. Consult the law for your duties. 

Ransomware attacks are evolving (think it’s some guy in Russia? These days it could be a bot or artificial intelligence). Ransoms being demanded are higher than most firms can pay. A new twist in ransomware: firms who ignore the ransom request because they have a good backup may be subject to having their data used or leaked to the dark web in retaliation for not paying the ransom. Some good news: success rates in thwarting ransomware are increasing if the FBI is notified within the first 24 hours. So, even if you have a backup, notify the authorities asap. Also good news: more banks are recognizing wire fraud attempts and stopping fraudulent transfers before they conclude. 

Basic backup advice that applies to most law firm sizes: have a local (physical) backup and two cloud backups. Make sure your cloud provider allows you to control the encryption key. The speakers named Carbonite and Backblaze as good options. Make sure backups work by doing a test restore. One solo used a cloud backup and lost five years of law firm data because he’d never tried to verify if the data was restorable or not corrupted. Don’t take the word of the software that says “Backup successful!” – be certain. If you use a USB backup drive, disconnect it from the server once the backup is completed (more than one physical backup drive is recommended so you can swap them out). If you experience a ransomware attack and your backup is connected to your computer – well, there goes your backup.  

Zombie data, also known as “dark data” is data you don’t realize you have. It can come up in data breaches or in cases during e-discovery. The speakers’ advice about old data: if you don’t need it, and are not legally required to preserve it, get rid of it! Don’t forget old email accounts – nearly everyone has old free email accounts they’ve ceased using. They’re ripe targets. 

The speakers next turned to the Future of Law Practice. Consumers, accustomed to smart TV sets , doorbell security cameras, and Alexa, have rising expectations for lawyers. Consumers expect same day delivery of products, automated contract delivery, client portals and video chat. Trends that will grow include non-lawyer ownership of law firms, traditional legal work being done by non-lawyers and alternative legal services providers, and of course, Artificial Intelligence (AI). As an example of the rapid rate of change in AI, the speakers reported that the IBM Watson computer that defeated Ken Jennings at Jeopardy! in 2011 was the size of a master bedroom and weighed thousands of pounds. One year later, it was 18 x36 inches and weighed just 100 pounds. 

Although the term AI is often incorrectly used to hype products and sound cool, in reality, AI is already in widespread use in the world’s largest law firms (but the speakers were quick to say that it is also being used by solos). Lawyers use AI for contract review, due diligence, e-discovery, legal research, predictive analytics, and more. AI represents a direct threat to some legal job sectors, including lawyers performing document review, paralegals, and even first year associates. JPMorgan Chase uses COIN (Contract Intelligence) which in seconds can do the work formerly requiring 360,000 hours a year by lawyers and loan officers. 

Bar members can read many of Nelson and Simek’s articles on technology, security, ethics, and law practice on their website www.senseient.com, watch Sensei YouTube videos, or listen to Digital Detectives or The Digital Edge podcasts.  

The Bar also has many resources to help lawyers with technology questions, from a lending library of ABA technology books to online resources at www.scbar.org/pmap and the Technology Committee’s page www.scbar.org/tech

By: Courtney Troutman, Director
South Carolina Bar Practice Management Assistance Program

Mike Polk, Technology Committee Chair, South Carolina Bar
Belser & Belser, PA
Columbia, South Carolina

Four Tips for Better Password Security

Do passwords still matter? Isn’t it true that if an attacker really wants to, they can crack any password? Many lawyers have been asking this in recent years, frustrated by ever-changing advice on what constitutes a “safe” password. Yes, passwords do matter. Now is not the time to throw in the towel and become “low hanging fruit” for hackers.  

Lawyers should take reasonable steps to create and use secure passwords to protect client confidentiality and safekeep client property. (Rule 1.6 Confidentiality of Information, Rule 1.15 Safekeeping Property, SCRPC.) In 2012, ABA Model Rule of Professional Conduct Rule 1.1, Comment 8 was amended to advise that lawyers also maintain competence by keeping “abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Since, then at least 37 states have followed suit with similar amendments. 

It’s true that there are such things as “bad” passwords. There are numerous lists of most hacked or “worst” passwords on the internet, including one by the UK National Cyber Security Centre https://tinyurl.com/rrgycfk. “123456” consistently tops all lists as the most commonly used password, followed closely by “qwerty” and “password.”  

Many online accounts force certain requirements on users – a minimum number of characters, an uppercase, a lowercase, a symbol, a number. This requirement can offer limited protection if you use a password like “trustno1” or “v3r!Fy.” Password crackers know to look for common substitutions for letters. 

Hackers use data from frequent corporate and website data breaches to perform “credential stuffing” – where hackers use stolen username and password credentials and try to login to other websites with those same credentials. Often, they are successful.  

Keeping in mind that what constitutes a strong password changes without warning and can even vary depending on the situation, here are a few tips: 

  1. Use Passphrases as Passwords – We listed some examples of problematic passwords above. A better password solution involves entropy, which is a lack of order or predictability, using passphrases – not a recognizable quote, but a string of words or text you can remember. Gary likes the “Diceware” method, which uses dice to come up with passphrases. A person rolls a set of five dice, each of which produces a random number between 1 and 6, and then matches the dice roll results with a list of predetermined words. The method is described in this Medium.com post: https://tinyurl.com/w4n9y7a. Courtney prefers to make up her own unique passphrases. 
  1. Never Reuse Passwords – In a February, 2019, Google/Harris poll of three thousand adults, sixty-five percent of the respondents reuse a password for one or all of their online accounts. As noted earlier in this article, hackers use information from breached web sites to perform “credential stuffing” to access accounts on other online web sites.   You should never reuse a password for any online site. In late 2019, Google announced “Password Checkup,” a new Chrome extension that warns you if the username and password you’re using were stolen in any data breaches and then prompts you to change them if they were. 
  1. Ideally Use a Password Manager – The best solution as far as organizing your password security is to use a password manager. Password managers are software applications that allow users to generate, store, and retrieve secure passwords for various online sites. Most password managers allow the generation of passphrases as well. Many password managers have smartphone apps and browser plug-ins so that you can easily retrieve a password. You only need to remember your master password to access the password manager. PCMag.com does an annual roundup of password managers. Most have a very reasonable annual fee. There are free versions available, but most limit the number of passwords you can save, and the terms and conditions can vary. As a general rule, Courtney recommends that lawyers not use free software or apps, but buy the pay version. Gary likes 1Password https://1password.com, and Courtney uses LastPass https://www.lastpass.com.  
       
  1. Use TwoFactor Authentication Whenever Possible – Two-factor authentication is the means of using two different types of information to login to an online account, such as a password, a PIN sent by text message or authenticator app, or a fingerprint/biometric. Most people are already familiar with two-factor authentication with online banking or cloud-based storage web sites. Enable two-factor authentication whenever possible with your online and cloud-based providers.  Visit Two Factor Auth https://twofactorauth.org for a list of websites that do and do not support two-factor authentication. 

Ronald Rotunda, in his February 2018 article for Justia “Lawyers, Passwords, and the Obligation to Keep Clients’ Secrets” https://tinyurl.com/vz9mess, summed up password security: “When we take these precautions, the modern-day equivalent of a deadbolt, we will know what to say when the client asks, “What are you doing to keep my information secret?”” 

By: Gary Moore
Assistant Dean for Academic Technology
University of South Carolina School of Law
SC Bar Technology Committee

Courtney Troutman, Director
SC Bar Practice Management Assistance Program
Liaison to the SC Bar Technology Committee.