Tag: legalbytes

We can’t function without passwords. So much of the internet is built on the concept of a username plus a password that the concept is core to users’ internet experience. It’s a clever but imperfect system that could certainly be improved upon, but until a game-changing replacement comes along, we have to play the game.

There’s a lot that doesn’t work very well about this system, and many people have questions about what password management best practices are. To that end, here’s a Q&A about passwords and password management.

What’s the biggest problem with how people use passwords?

The biggest problem with internet passwords is password management. Users have dozens if not hundreds of username/password combinations that they need for personal and business use. The problem with this is that nearly no one can reliably remember one hundred unique passwords. Many users, then, select overly simple (and easy to guess) passwords, or they reuse passwords across many sites.

What’s wrong with reusing passwords?

We live in a world of data breaches. When (not if) someone hacks favorite retailer or hotel chain, it’s embarrassing for those companies, but probably doesn’t affect your life too much. If the culprits gain access to your username and password for those sites, it’s a nuisance, but the amount of damage they can do is limited.

But when your hotel rewards password is the same as your credit card password and your banking password, you could have a mess on your hands. Scammers know that at least 51% of people reuse passwords, and you can bet they’ll try those stolen passwords on other, more valuable sites.

What makes a strong password?

A strong password is one that neither human nor machine can guess easily. Forbes compiles an annual list of the worst passwords being widely used, and it’s topped with gems like password, 123456, and qwerty. These are terrible because they’re just about the first things a human might guess. Other bad choices on the human front are the names of people, pets, or places that everyone knows are meaningful to you.

On the machine side, the shorter and simpler the password, the easier to hack. Make your password harder to brute-force by adding length, capital letters, numbers, and symbols. A password of 12 to 16 characters that mixes all these character types is generally considered a strong password.

I just keep my passwords on a sticky note. What’s wrong with that?

In short, everything. A sticky note hidden under your keyboard isn’t exactly a state secret. Think about who might have momentary access to see that sticky note. Clients? The cleaning crew? Maintenance personnel? Who else? This is especially disconcerting In the legal world, where those passwords could give a bad actor access to confidential materials that are under attorney/client privilege.

How can I remember passwords like j#%3M82*mRz!+?

Truthfully, you probably can’t. While that’s a tough password to crack, it’s not very useful for you. A better approach is to take a phrase that you can remember (perhaps one that relates in some tangential way to the site you’re on), and then make the phrase longer and more complex.

For example, iloveturtles is an easy phrase to remember, but it’s not that challenging to guess or to crack. Mix up the phrase by adding replacement characters, like <3iL0v3TurtleS<3, and neither your office mate nor a computer will easily guess or break your password.

Admittedly, this method has limits. Your own memory can be an obstacle, and sites vary with which characters they’ll allow in passwords.

I can’t remember 100 unique, complex passwords. What are my options?

Passwords need to be complex, and you shouldn’t reuse them from site to site. This creates a problem: Who can remember them all? One option that’s gaining a lot of traction in both the personal and enterprise markets, including in the law and legal tech fields, is using a password management tool. You’ve likely seen these advertised as “the last password you’ll ever need” or “one password to rule them all”; stuff like that. Password management tools are a reliable, secure way to generate and remember unique, complex passwords for all the sites and accounts you have.

How does a password management tool work?

Password management tools vary a little bit in terms of functionality, but at the core the services are similar.

1. First, you input or import all your existing credentials to the password management tool.
2. Next, you turn all your current weak passwords into strong ones. Some password management tools can do this automatically for you on many websites.
3. Last, you create one strong, secure password for your password management tool account.

After you’ve completed these steps, you’ll have just one password to remember—the password to your password management tool. It will store the rest of your credentials in a secure, encrypted vault and use them to log you into whatever account you need.

Are password management tools secure?

Yes. The companies offering these tools would be sued out of existence if not. Don’t believe us? Check out what a panel of experts has to say on the topic.

Conclusion

If you have additional questions about implementing a password management tool in your law office, contact us today. We’re here to help.

Attorneys have unique needs for the storage of information while needing to access data on clients and cases from remote locations. That’s why cloud computing has become such a popular option for lawyers. However, the value of cloud computing needs to be tempered with concerns about security and privacy.

Below is your 2019 introductory guide to cloud computing for lawyers.

What Is Cloud Computing?

Cloud computing is web-based, off-site storage of software and data, and is often referred to as software as a service (SaaS). It allows for access to files and software applications from most mobile devices if there’s an available internet connection.

Among some of the most popular commercial cloud-based storage solutions are Dropbox, Google Drive, OneDrive and iCloud. Some of these services are provided for free and others charge a nominal monthly or annual fee, usually based on the amount of storage required. Housing applications in the cloud usually is best done via a managed IT services provider that can configure and monitor the solution on your behalf.

What Are the Advantages to Cloud Computing?

Cloud computing helps busy attorneys stay connected to information critical to their work. Here’s a closer look at some of the core benefits of cloud computing for lawyers:

• Access. Attorneys are often working out of the office meeting with clients or appearing in court. When they need access to information, it’s usually an urgent situation. With cloud-based access, attorneys can access necessary information in the moment of need. Wherever there’s an internet connection, lawyers can immediately connect, without needing to email files to one’s self or using hard-to-use remote software to log in.
• Cost. Cloud computing is predictable and inexpensive, with a flat monthly or annual fee that allows for better collaboration, networking and storage.
• Backup. Cloud computing provides you with a reliable and protected digital backup of your files and applications, ensuring they are recoverable and usable in the event of software corruption, server failure, human error, natural disaster or cyber attack.
• Multi-Device Functionality. Cloud computing allows you to access information from any device (smartphones, laptops, desktops or tablets) or operating system. If you use a PC at the office and a Mac at home, there’s no issue.
• Less Internal IT Costs. When you use cloud solutions, you won’t have to buy, install and maintain servers and other equipment if you were hosting these applications and information yourself. Software licensing is often included in monthly managed IT services, which can monitor your software warranty and renewal terms and timing. Also, cloud solutions provide for automated updating and patching, meaning you’ll have access to new features and updated security measures. The cloud option means less burden on internal IT staffers or the need for expensive one-time service requests by third parties.
• E-Filing. When your firm needs to file materials with courts or government agencies, digital files — and remote access to them — makes e-filing simpler. There’s no need to convert paper to PDFs or hand-deliver information when required documents can be sent digitally.
• Scalability. Cloud computing allows for flexible expansion or contraction as your firm’s needs evolve. You quickly can add more storage or reduce your capacity. With the cloud, you will not have to scramble to buy, install and configure a new server or overbuy server space you do not need.
• Intuitive Use. Setting up a workstation for a new employee takes a lot of time, especially to install software and train them on applications. A cloud-based infrastructure means new users can be added or removed quickly. You can also reduce your PC purchase costs by using simpler devices that cost hundreds less.

How Is Information Secured in Cloud Computing?

Keeping information protected is a moral and legal obligation for attorneys. With cloud computing, you have added security functions and peace of mind.

Lawyers are obligated to provide “reasonable care” to prevent unauthorized disclosures or access to information. However, states have different definitions of “reasonable care” but generally include the following:

• Data encryption
• Use of current, best-practice technology
• Review of service providers’ requirements regarding data ownership and access

Cloud security features can ensure that data is encrypted while in transit or at rest, access is limited and suspicious activity is detected, quarantined and addressed before any serious damage occurs. Some law firms need to meet mandated guidelines for work with government agencies like the Department of Defense or the Central Intelligence Agency. In such cases, cloud security solutions are available that address those mandates through threat detection, machine learning and automated monitoring of data and applications.

What Are the Ethical Concerns Regarding Cloud Computing for Lawyers?

U.S. state ethics commissions have ruled that cloud computing is ethical, as long as the “reasonable steps” and conditions are met. According to a recent article by the American Bar Association, the Iowa Committee on Practice Ethics and Guidelines issued suggested questions attorneys should ask themselves and service providers:

• Will I have unrestricted access to the stored data?
• Have I stored the data elsewhere so that if access to my data is denied I can acquire the data via another source?
• Have I performed due diligence regarding the company that will be storing my data?
• Is it a solid company with an excellent operating record, and is its service recommended by others in the field?
• In which country and state is it located, and where does it do business?
• Does its end user’s licensing agreement (EULA) contain legal restrictions regarding its responsibility or liability, choice of law or forum, or limitation on damages?
• Likewise, does its EULA grant it proprietary or user rights over my data?
• What is the cost of the service, how is it paid, and what happens in the event of nonpayment?
• In the event of a financial default, will I lose access to the data, does it become the property of the SaaS company, or is the data destroyed?
• How do I terminate the relationship with the SaaS company?
• What type of notice does the EULA require?
• How do I retrieve my data, and does the SaaS company retain copies?
• Are passwords required to access the program that contains my data?
• Who has access to the passwords?
• Will the public have access to my data?
• If I allow nonclients access to a portion of the data, will they have access to other data that I want to be protected?
• Recognizing that some data will require a higher degree of protection than other data, will I have the ability to encrypt certain data using higher-level encryption tools of my choosing?

Attorneys can gain considerable benefits with a cloud computing solution. Knowing the benefits, security provisions and due diligence to be done will help attorneys make an informed decision that keeps information accessible and safe.