Category Archives: Security

New Software Scam

Do you have antivirus/malware software on your PC/Mac/Server? If so, pay close attention to that software’s renewal terms. Watch out for any future phishing emails that contain an attached invoice. The scam asks you to either click a link to renew your subscription or call the phone number listed on the fake invoice to cancel. 

Tips to Avoid Antivirus / Malware Software Scams

  • Visit the software company’s verified URL and pay through the software company’s portal
  • Calendar renewal dates
  • Keep your antivirus/malware software up to date
  • Know the general terms of all software on your PC/Mac
  • Avoid paying invoices through email
  • When in doubt, look in the software settings to find Support info. Don’t always trust contact information on search engines because sometimes the business information can be claimed by scammers.
  • Sometimes scammers pry on your browsing habits or purchases. Be sure to limit browser data collection by checking your browser’s security and browser settings
  • Keep all other software on your PC or Mac up to date
  • Educate your staff on technology scams so they know what to watch out for too
  • Check with your IT professional to make sure the software you use is up to date with today’s cybersecurity market, malware, scams

Visit www.scbar.org/tech for great links or email pmap@scbar.org for more advice.

Technology Takeaways from the 2020 Bar Convention

In November, 2019, the South Carolina Supreme Court adopted amendments to Rule 1.0 (r), Rule 1.1 Comment 6, Rule 1.6 Comments 20 and 21, and new Rule 1.6(c) of the Rules of Professional Conduct. The amendments were modified versions of amendments made to the ABA Model Rules of Professional Conduct in 2012 meant to offer guidance to lawyers about technology. The Technology Committee sponsored a CLE at the Bar Convention in January, featuring national experts Sharon Nelson and John Simek who addressed best practices for lawyers to be ethically compliant and competent in the area of technology. They addressed three big areas: ethical competence in the digital area, disasters and data breaches, and the future of law practice. Here are some takeaways, but you can find this information and much more in the articles listed on their website https://senseient.com

Most, if not all, law firms have experienced a technology security event – from malware infections to total breaches. In light of that, firms should conduct security assessments and have incident response plans. Many cybersecurity insurance policies are requiring these (the cost of cybersecurity insurance is reportedly rising). Firm training is also critical, since the majority of security issues rely on human error and gullibility. Firms should have a security policy for employees to follow, covering everything from backups, BYOD (bring your own device), acceptable use and more. Firms should also have an incident response plan to avoid running around like a chicken with … you know the rest. The plan should include contact information, immediate steps to take, and steps to resume operation. Most states have data breach notification laws, including South Carolina. Consult the law for your duties. 

Ransomware attacks are evolving (think it’s some guy in Russia? These days it could be a bot or artificial intelligence). Ransoms being demanded are higher than most firms can pay. A new twist in ransomware: firms who ignore the ransom request because they have a good backup may be subject to having their data used or leaked to the dark web in retaliation for not paying the ransom. Some good news: success rates in thwarting ransomware are increasing if the FBI is notified within the first 24 hours. So, even if you have a backup, notify the authorities asap. Also good news: more banks are recognizing wire fraud attempts and stopping fraudulent transfers before they conclude. 

Basic backup advice that applies to most law firm sizes: have a local (physical) backup and two cloud backups. Make sure your cloud provider allows you to control the encryption key. The speakers named Carbonite and Backblaze as good options. Make sure backups work by doing a test restore. One solo used a cloud backup and lost five years of law firm data because he’d never tried to verify if the data was restorable or not corrupted. Don’t take the word of the software that says “Backup successful!” – be certain. If you use a USB backup drive, disconnect it from the server once the backup is completed (more than one physical backup drive is recommended so you can swap them out). If you experience a ransomware attack and your backup is connected to your computer – well, there goes your backup.  

Zombie data, also known as “dark data” is data you don’t realize you have. It can come up in data breaches or in cases during e-discovery. The speakers’ advice about old data: if you don’t need it, and are not legally required to preserve it, get rid of it! Don’t forget old email accounts – nearly everyone has old free email accounts they’ve ceased using. They’re ripe targets. 

The speakers next turned to the Future of Law Practice. Consumers, accustomed to smart TV sets , doorbell security cameras, and Alexa, have rising expectations for lawyers. Consumers expect same day delivery of products, automated contract delivery, client portals and video chat. Trends that will grow include non-lawyer ownership of law firms, traditional legal work being done by non-lawyers and alternative legal services providers, and of course, Artificial Intelligence (AI). As an example of the rapid rate of change in AI, the speakers reported that the IBM Watson computer that defeated Ken Jennings at Jeopardy! in 2011 was the size of a master bedroom and weighed thousands of pounds. One year later, it was 18 x36 inches and weighed just 100 pounds. 

Although the term AI is often incorrectly used to hype products and sound cool, in reality, AI is already in widespread use in the world’s largest law firms (but the speakers were quick to say that it is also being used by solos). Lawyers use AI for contract review, due diligence, e-discovery, legal research, predictive analytics, and more. AI represents a direct threat to some legal job sectors, including lawyers performing document review, paralegals, and even first year associates. JPMorgan Chase uses COIN (Contract Intelligence) which in seconds can do the work formerly requiring 360,000 hours a year by lawyers and loan officers. 

Bar members can read many of Nelson and Simek’s articles on technology, security, ethics, and law practice on their website www.senseient.com, watch Sensei YouTube videos, or listen to Digital Detectives or The Digital Edge podcasts.  

The Bar also has many resources to help lawyers with technology questions, from a lending library of ABA technology books to online resources at www.scbar.org/pmap and the Technology Committee’s page www.scbar.org/tech

By: Courtney Troutman, Director
South Carolina Bar Practice Management Assistance Program

Mike Polk, Technology Committee Chair, South Carolina Bar
Belser & Belser, PA
Columbia, South Carolina

Four Tip Friday

  1. I recently went to a CLE at USC Law School entitled How a Solo can be Han Solo – Using Technology for Courtroom Presentations. It was part of the law school’s Legal Tech series. Bill Booth, a lawyer in Columbia, was the speaker. He recommended checking out Miracast, a dongle that acts like a wireless HDMI cable. It is easy to setup and use. You can pick one up for about $40 on Amazon. Bill uses a Microsoft branded Miracast like this one:  https://www.amazon.com/Microsoft-Wireless-Display-Adapter-P3Q-00001/dp/B01AZC3J3M/ref=sr_1_6?keywords=miracast+2.0+microsoft&qid=1574274547&sr=8-6  but there are other brands as well. If you are having trouble with your current setup, consider picking one up and giving it a try. By the way, if you want to see courtroom presentation demonstration featuring Keynote and TrialPad with Apple TV, check out the Galactic Empire v. Han Solo trial on YouTube here  https://www.youtube.com/watch?v=giI2t4Gj_sg&t=30s It was part of a CLE for the York County Bar Association and is worth a look.
  2. Gary Moore, Assistant Dean for Academic Technology at USC, writes to remind us not to reuse passwords. Gary writes: “In a February 2019 Google/Harris poll of three thousand adults, sixty five percent of the respondents reuse a password for one or all of their online accounts.   As noted earlier in this article, hackers use information from breached web sites to perform “credential stuffing” to access accounts on other online web sites.   You should never reuse a password for any online site.”
  3. Here is a good tip I received from a solo small firm conference here in Columbia a couple of years ago. If you are an Amazon shopper, and you are wondering if you should pounce on a Black Friday deal, check out camelcamelcamel.com It is a free Amazon price tracker that will give you a better idea as to what kind of deal you are actually getting.
  4. Looking for ways to use your iPad in your practice? Thomas McDow, a lawyer in Rock Hill, uses the Duet app. With it, he can use his iPad as a second monitor. Duet is currently $9.99 on the Apple App Store.

By: Mike Polk, Chair, Technology Committee
Belser & Belser, PA
Columbia, South Carolina

National Cybersecurity Awareness Month

It’s the most wonderful time of the year! No, not that one, the other one – Cybersecurity Awareness Month!

It is a great time to review some of the basics yourself and with your staff. If you are looking for some ideas, check out the toolkit here: https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019 (part of the Homeland Security website).

As with any good celebration, it has a theme: OWN IT, SECURE IT, PROTECT IT. The entire toolkit is worth saving for reference (and, at 9 pages, an easier and less stressful read than the comments to any given news story.)

Here are some highlights:

  • Own it. Understand your devices and applications, check your privacy settings on the websites you use, use safe social media practices, and don’t let tech own you.
  • Secure it. Criminals are getting better and better. Five years ago most email scams were laughable – poor formatting, poor appearance, poor grammar, misspellings, and outlandish claims. While those persist, there are many more sophisticated attempts made that can fool those who are unwary or in a hurry. Consider changing your passwords or passphrases if you haven’t in awhile, do not reuse passwords, (bonus points for using a password manager) enable multi-factor authentication where available, and pause before you reply with sensitive information to requests that are out of the ordinary or that create a perceived emergency.
  • Protect it. Stay on top of your digital life. Close unused accounts and practice good cyber hygiene and practices. Make sure to do things like change the default passwords on your internet of things devices (you know, stuff like your smart refrigerator, your smart camera, and your smart socks.)

It has been said that eternal vigilance is the price of liberty. Well, it is now the price of being a part of the digital world. As the sergeant in Hill St. Blues used to say, “Let’s be careful out there.”

Written by:

Michael J. Polk, Chair, South Carolina Bar Technology Committee
Belser & Belser
Columbia, SC

Spot Phishing Attempts

Lawyers can try this tip to see if an email from a prospective client is real: copy and paste any unique language from the sender into Google or another search engine. You only need a sentence, or even part of a sentence, usually. For example, a recent email describing a dog bite claim contained “biting me and causing gaping wounds near my left eye.” When this was pasted into Google, it returned an article about a nearly identical email scam on lawyers in another state. The names and places had been changed in order to be more convincing to the new target/lawyer. Also, remember the usual warning signs, such as misspellings, poor grammar, and unrealistic settlement offers. Phishing attempts are becoming sophisticated, using real company names, real employee names, and other information to make the phish convincing. Some lawyers have even reported that the emails have been followed up with phone calls from the sender. Besides researching on the Internet, contact your malpractice insurer or bar association to see if they can assist or if they have seen similar scams.