Month: April 2019

Attorneys have unique needs for the storage of information while needing to access data on clients and cases from remote locations. That’s why cloud computing has become such a popular option for lawyers. However, the value of cloud computing needs to be tempered with concerns about security and privacy.

Below is your 2019 introductory guide to cloud computing for lawyers.

What Is Cloud Computing?

Cloud computing is web-based, off-site storage of software and data, and is often referred to as software as a service (SaaS). It allows for access to files and software applications from most mobile devices if there’s an available internet connection.

Among some of the most popular commercial cloud-based storage solutions are Dropbox, Google Drive, OneDrive and iCloud. Some of these services are provided for free and others charge a nominal monthly or annual fee, usually based on the amount of storage required. Housing applications in the cloud usually is best done via a managed IT services provider that can configure and monitor the solution on your behalf.

What Are the Advantages to Cloud Computing?

Cloud computing helps busy attorneys stay connected to information critical to their work. Here’s a closer look at some of the core benefits of cloud computing for lawyers:

• Access. Attorneys are often working out of the office meeting with clients or appearing in court. When they need access to information, it’s usually an urgent situation. With cloud-based access, attorneys can access necessary information in the moment of need. Wherever there’s an internet connection, lawyers can immediately connect, without needing to email files to one’s self or using hard-to-use remote software to log in.
• Cost. Cloud computing is predictable and inexpensive, with a flat monthly or annual fee that allows for better collaboration, networking and storage.
• Backup. Cloud computing provides you with a reliable and protected digital backup of your files and applications, ensuring they are recoverable and usable in the event of software corruption, server failure, human error, natural disaster or cyber attack.
• Multi-Device Functionality. Cloud computing allows you to access information from any device (smartphones, laptops, desktops or tablets) or operating system. If you use a PC at the office and a Mac at home, there’s no issue.
• Less Internal IT Costs. When you use cloud solutions, you won’t have to buy, install and maintain servers and other equipment if you were hosting these applications and information yourself. Software licensing is often included in monthly managed IT services, which can monitor your software warranty and renewal terms and timing. Also, cloud solutions provide for automated updating and patching, meaning you’ll have access to new features and updated security measures. The cloud option means less burden on internal IT staffers or the need for expensive one-time service requests by third parties.
• E-Filing. When your firm needs to file materials with courts or government agencies, digital files — and remote access to them — makes e-filing simpler. There’s no need to convert paper to PDFs or hand-deliver information when required documents can be sent digitally.
• Scalability. Cloud computing allows for flexible expansion or contraction as your firm’s needs evolve. You quickly can add more storage or reduce your capacity. With the cloud, you will not have to scramble to buy, install and configure a new server or overbuy server space you do not need.
• Intuitive Use. Setting up a workstation for a new employee takes a lot of time, especially to install software and train them on applications. A cloud-based infrastructure means new users can be added or removed quickly. You can also reduce your PC purchase costs by using simpler devices that cost hundreds less.

How Is Information Secured in Cloud Computing?

Keeping information protected is a moral and legal obligation for attorneys. With cloud computing, you have added security functions and peace of mind.

Lawyers are obligated to provide “reasonable care” to prevent unauthorized disclosures or access to information. However, states have different definitions of “reasonable care” but generally include the following:

• Data encryption
• Use of current, best-practice technology
• Review of service providers’ requirements regarding data ownership and access

Cloud security features can ensure that data is encrypted while in transit or at rest, access is limited and suspicious activity is detected, quarantined and addressed before any serious damage occurs. Some law firms need to meet mandated guidelines for work with government agencies like the Department of Defense or the Central Intelligence Agency. In such cases, cloud security solutions are available that address those mandates through threat detection, machine learning and automated monitoring of data and applications.

What Are the Ethical Concerns Regarding Cloud Computing for Lawyers?

U.S. state ethics commissions have ruled that cloud computing is ethical, as long as the “reasonable steps” and conditions are met. According to a recent article by the American Bar Association, the Iowa Committee on Practice Ethics and Guidelines issued suggested questions attorneys should ask themselves and service providers:

• Will I have unrestricted access to the stored data?
• Have I stored the data elsewhere so that if access to my data is denied I can acquire the data via another source?
• Have I performed due diligence regarding the company that will be storing my data?
• Is it a solid company with an excellent operating record, and is its service recommended by others in the field?
• In which country and state is it located, and where does it do business?
• Does its end user’s licensing agreement (EULA) contain legal restrictions regarding its responsibility or liability, choice of law or forum, or limitation on damages?
• Likewise, does its EULA grant it proprietary or user rights over my data?
• What is the cost of the service, how is it paid, and what happens in the event of nonpayment?
• In the event of a financial default, will I lose access to the data, does it become the property of the SaaS company, or is the data destroyed?
• How do I terminate the relationship with the SaaS company?
• What type of notice does the EULA require?
• How do I retrieve my data, and does the SaaS company retain copies?
• Are passwords required to access the program that contains my data?
• Who has access to the passwords?
• Will the public have access to my data?
• If I allow nonclients access to a portion of the data, will they have access to other data that I want to be protected?
• Recognizing that some data will require a higher degree of protection than other data, will I have the ability to encrypt certain data using higher-level encryption tools of my choosing?

Attorneys can gain considerable benefits with a cloud computing solution. Knowing the benefits, security provisions and due diligence to be done will help attorneys make an informed decision that keeps information accessible and safe.

We can’t function without passwords. So much of the internet is built on the concept of a username plus a password that the concept is core to users’ internet experience. It’s a clever but imperfect system that could certainly be improved upon, but until a game-changing replacement comes along, we have to play the game.

There’s a lot that doesn’t work very well about this system, and many people have questions about what password management best practices are. To that end, here’s a Q&A about passwords and password management.

What’s the biggest problem with how people use passwords?

The biggest problem with internet passwords is password management. Users have dozens if not hundreds of username/password combinations that they need for personal and business use. The problem with this is that nearly no one can reliably remember one hundred unique passwords. Many users, then, select overly simple (and easy to guess) passwords, or they reuse passwords across many sites.

What’s wrong with reusing passwords?

We live in a world of data breaches. When (not if) someone hacks favorite retailer or hotel chain, it’s embarrassing for those companies, but probably doesn’t affect your life too much. If the culprits gain access to your username and password for those sites, it’s a nuisance, but the amount of damage they can do is limited.

But when your hotel rewards password is the same as your credit card password and your banking password, you could have a mess on your hands. Scammers know that at least 51% of people reuse passwords, and you can bet they’ll try those stolen passwords on other, more valuable sites.

What makes a strong password?

A strong password is one that neither human nor machine can guess easily. Forbes compiles an annual list of the worst passwords being widely used, and it’s topped with gems like password, 123456, and qwerty. These are terrible because they’re just about the first things a human might guess. Other bad choices on the human front are the names of people, pets, or places that everyone knows are meaningful to you.

On the machine side, the shorter and simpler the password, the easier to hack. Make your password harder to brute-force by adding length, capital letters, numbers, and symbols. A password of 12 to 16 characters that mixes all these character types is generally considered a strong password.

I just keep my passwords on a sticky note. What’s wrong with that?

In short, everything. A sticky note hidden under your keyboard isn’t exactly a state secret. Think about who might have momentary access to see that sticky note. Clients? The cleaning crew? Maintenance personnel? Who else? This is especially disconcerting In the legal world, where those passwords could give a bad actor access to confidential materials that are under attorney/client privilege.

How can I remember passwords like j#%3M82*mRz!+?

Truthfully, you probably can’t. While that’s a tough password to crack, it’s not very useful for you. A better approach is to take a phrase that you can remember (perhaps one that relates in some tangential way to the site you’re on), and then make the phrase longer and more complex.

For example, iloveturtles is an easy phrase to remember, but it’s not that challenging to guess or to crack. Mix up the phrase by adding replacement characters, like <3iL0v3TurtleS<3, and neither your office mate nor a computer will easily guess or break your password.

Admittedly, this method has limits. Your own memory can be an obstacle, and sites vary with which characters they’ll allow in passwords.

I can’t remember 100 unique, complex passwords. What are my options?

Passwords need to be complex, and you shouldn’t reuse them from site to site. This creates a problem: Who can remember them all? One option that’s gaining a lot of traction in both the personal and enterprise markets, including in the law and legal tech fields, is using a password management tool. You’ve likely seen these advertised as “the last password you’ll ever need” or “one password to rule them all”; stuff like that. Password management tools are a reliable, secure way to generate and remember unique, complex passwords for all the sites and accounts you have.

How does a password management tool work?

Password management tools vary a little bit in terms of functionality, but at the core the services are similar.

1. First, you input or import all your existing credentials to the password management tool.
2. Next, you turn all your current weak passwords into strong ones. Some password management tools can do this automatically for you on many websites.
3. Last, you create one strong, secure password for your password management tool account.

After you’ve completed these steps, you’ll have just one password to remember—the password to your password management tool. It will store the rest of your credentials in a secure, encrypted vault and use them to log you into whatever account you need.

Are password management tools secure?

Yes. The companies offering these tools would be sued out of existence if not. Don’t believe us? Check out what a panel of experts has to say on the topic.

Conclusion

If you have additional questions about implementing a password management tool in your law office, contact us today. We’re here to help.

No matter your profession, reusing passwords is a horrible idea. It’s dangerous and insecure. Reusing passwords is especially problematic for those working in fields like law, ones that require confidentiality in one form or another.

Many people already know that reusing passwords is unsafe, but they do it anyway. One recent survey conducted by Lastline revealed that nearly half (around 45%) of information security professionals polled admit to reusing passwords. These people get paid to work in information security, and yet they don’t follow some of the most basic protocols for keeping information safe.

If anyone should understand the dangers here, it would be information security professionals. You’re likely not an information security pro, though, so let’s look in greater detail at why reusing passwords is so bad.

A Broken System

First, cut yourself a little slack. The internet password system is inherently broken. Most people have well over a hundred digital accounts. These range from the seemingly trivial (paying a utility bill, “store insider” loyalty programs, and the like) to the vitally important (banking, proprietary business accounts, and so on). Each one requires a username and a password. To make things worse, many sites require a mix of characters (capital and lowercase letters, at least one number, and at least one symbol). Some sites won’t accept all the special characters, and various sites won’t even agree about which special characters are acceptable!

Cheating Ensues

Most people can’t easily memorize one hundred or so unique sets of site plus username plus password, so they cheat. Either they write all their passwords down in a notebook or they reuse the same password across multiple sites. Even worse, they may do both!

The Frequency of Reusing Passwords

How widespread is reusing passwords, really? A massive study from researchers at Virginia Tech found that the problem is quite severe. They analyzed 61.5 million passwords spread out over 28.8 million users and found that over half (52%) reused passwords wholesale. That doesn’t even account for people reusing the same basic word or phrase and just switching out a few characters or adding a new one to the end.

The Problem with Password Reuse

Here’s the problem with password reuse: credentials have a habit of being stolen. Companies frequently experience hacks where customer data is exposed. You may not consider it such a big deal if hackers got ahold of your username and password for Bargains ’R’ Us. You don’t shop there often and you don’t have any credit card info stored on their website. Is it really a big deal?

On its own, it’s likely not a very big deal. But if you reused the same username and password for, say, your bank or your credit card, it’s suddenly a very big deal!

The same goes for the sticky-note users out there. If you’ve ever written down your “go-to” password on a sticky note or in a notebook, consider who all has had access to that information. Family? Friends? Coworkers? The cleaning crew or service technicians? How easy would it be for someone to snag a quick picture of your password list? If you reuse your passwords, this problem escalates quickly.

One more problem worth noting is messaging or emailing passwords. Many of us have had the experience of texting, emailing, or messaging a password to a spouse or significant other. Those communications aren’t always secure, though, and often they stick around for a while. If someone gained access to your email, would they also gain access to sensitive passwords?

The Ubiquity of Data Breaches

Data breaches are happening all over the place, and some of them are huge. Yahoo had every single one of its 3 billion accounts breached. If you had a Yahoo account at the time of the breach, even an old dead one you never check, hackers may now have your sign-in info. If you used your go-to password on that account, then every other account you’re using that password for is now at risk. This is a big deal.

Solutions to the Password Problem

Passwords are a mess, and not reusing passwords is difficult. Here are some solutions that can help you clean up the mess and reduce frustration.

Enable Two-Factor Authentication Wherever Possible

Many websites offer two-factor authentication (2FA), which is much more secure. With 2FA, a one-time code is sent in a text message or email after logging in with username and password. Enable 2FA wherever possible.

Use a Password Manager

Password managers solve the problem of memorizing hundreds of unique passwords. They store all your passwords in an encrypted vault that you secure with one strong master password. We recommend using a good password manager. Doing so makes strong password security easy.

Conclusion

Understanding the danger behind reusing passwords is an important first step in securing your digital life. For help securing your workplace against digital threats, enlist the help of professionals like us. Contact us today to learn how we can help keep your systems secure.