Canadian Law Blog Hall of Fame

2015 Canadian Law Blog Finalist

2014 Canadian Law Blog Finalist

2013 Canadian Law Blog Awards Winner

2011 Canadian Law Blog Finalist

2010 Canadian Law Blog Finalist

2009 Canadian Law Blog Awards Winner

2008 Canadian Law Blog Awards Winner

2007 Canadian Law Blog Awards Winner

2008 InnovAction Awards



  • Categories
  • Archives
    Archive for June, 2022
    Getting Serious about Cybersecurity
    Monday, June 20th, 2022

     

    ♫ Listen
    Do you want to know a secret
    Do you promise not to tell, whoa oh, oh…

    – Music and Lyrics by Lennon-McCartney, recorded by The Beatles

    Back in December 2017, I wrote the following cybersecurity article as my regular column “PracticeTalk” for  The Canadian Bar Association’s BarTalk.

    I thought it was opportune to update it and republish it and here in light of current developments at Microsoft and elsewhere that take a positive step forward for security on the web.  While businesses take proactive steps to harden their online security, the same may not be true of families and individuals. With so many individuals working from home or in hybrid environments, I thought it was a positive step for Microsoft to announce that they have made the Microsoft Defender app, a new online security application for Microsoft 365 to Personal and Family subscribers beginning June 16, 2002.

    What does Microsoft Defender App do? For one, it reaches across multiple operating systems and devices, since most families have a mix of Windows, macOS, iOS, and Android devices in their households. I believe this is a major step forward in viewing security from an overall ownership perspective rather than on an operating system or device-centric perspective.

    Secondly, what does it do? Microsoft states:

    Microsoft Defender App includes continuous antivirus and anti-phishing protection for your data and devices,  and will enable you to:

    • Manage your security protections and view security protections for everyone in your family, from a single easy-to-use, centralized dashboard.
    • View your existing antivirus protection (such as Norton or McAfee). Defender recognizes these protections within the dashboard.
    • Extend Windows device protections to iOS, Android, and macOS devices for cross-platform malware protection on the devices you and your family use the most.
    • Receive instant security alerts, resolution strategies, and expert tips to help keep your data and devices secure.

    You can get the link to download Microsoft Defender for all your devices here: https://www.microsoft.com/en-ca/microsoft-365/microsoft-defender-for-individuals?rtc=1 

    Here is the original column:

    We don’t have to worry about being hacked. We are one of the biggest law firms and have a whole department concerned with IT Security.” However, Bloomberg Law reported that Mandiant, a cybersecurity firm has stated that 80 of the 100 biggest US law firms have been hacked since 2011.

    We don’t have to worry about being hacked. Hackers only go after the big fish, not us.” But, parachute.cloud reported that: 28% of all data breaches involve small businesses in 2022.

    The fact is that while large law firms can throw considerable resources at cybersecurity, hackers are also throwing large resources back at them seeking valuable confidential information for resale on the black market. After all, information is money. Smaller law firms are also targeted on the basis that they are easier to attack and criminals can demand quick cash by holding a law firm’s data hostage. Such ransomware attacks are high in volume and don’t require any middlemen.

    In Law Firm Data Hack, Part 1 in lawpracticetoday.org, Sharon Nelson and John Simek stated that: “Nearly 50 law firms were targeted by a Russian cybercriminal who posted on a cybercriminal forum seeking a hacker to collaborate with him. He hoped to hire a black-hat hacker to handle the technical part of breaking into the law firms, offering to pay $100,000, plus another 45,000 rubles (about $564). He offered to split the proceeds of any insider trading 50-50 after the first $1 million.”

    Cynet.com reported that a Providence law firm was held hostage for a $25,000 ransom. However, the decryption key initially failed to work and the firm had to pay more. It lost $700,000 in billings alone.

    Large or small, a law firm’s secrets, reputations and finances are placed at risk in a hack. As a result, managing partners of all sizes of law firms have yet another thing to worry about.

    There are two major components to law firm security. One concern is the vulnerability of the system’s hardware and software. The other concern is the vulnerability of the “carbonware” – or in other words, the humans using the system.

    According to LexisNexis, there are six key security steps for law firms to take.

    • The first is to put all your IT security policies in writing and hold training sessions around them to maximize security awareness for all employees.
    • The second is to inventory all your data and detail who has what permissions or control over the various parts of the system.
    • The third is to only grant access on a “need to know” basis. That way, even if someone’s credentials are hacked, the hackers don’t get access to your entire system.
    • Fourthly, keep all your systems updated and patched. I am amazed at the number of lawyers who are still using outdated browsers, operating systems and anti-virus suites.
    • Fifthly, ensure that you have adequate insurance that will cover you depending on your loss (see Insurance Issues: Risk Management, 2017: No. 2 Summer – a Guide to Insurance for Private Practitioners by the Law Society of BC).
    • Lastly but not least, have a “breach ready” response plan so you have pre-planned how to respond if you experience a cyber breach. The boy scouts’ advice on “Being Prepared” applies here!

    By taking steps now, you can diminish the possibility that your reputation and financial well-being will be damaged by a hack. After all, you don’t want someone asking if someone wants to know one of your secrets….

    What steps can you take to protect yourself and reduce the possibility that you will be hacked aside from installing Microsoft Defender?

    A selection of the top tips (this article, which originally appeared in 2017 has been updated to 2022):

    • Use strong passwords and a password manager. CyberNews.com  has a great article on creating a strong password and recommended password managers. Most password managers will generate strong passwords for you. GRC.com and other sites will generate a new, unique strong password for you every time you visit (that you can then copy and paste into a password manager, such as Keychain for the Mac). WireCutter in the New York Times reviews the best password managers for 2012. Don’t use the same password everywhere and don’t keep passwords in a document on your PC!
    • Use two-factor authentication. This inserts an extra step before you can sign into websites to access email, Facebook and others. The site sends a code to your phone by text that you have to enter after entering your name and password. Without this code, the website won’t let you in. Even if hackers gain your password, without access to your phone they are locked out. Cloudflare.com has a useful article on two-factor authentication and how to use it. TechRepublic.com has a PDF, written for non-techies, along with links on how to set up two-factor authentication on many services. You have to sign up to TechRepublic but it is free. (PDF: How to set up two-factor authentication for your favorite platforms and services.)
    • Be careful with emails! Email phishing scams come in many forms. MalwareBytes.com has a great article: What is Phishing  and How You Can Protect Yourself.
    • Protect your mobile devices. Cellphones are tantalizing devices for hackers seeking ways to break into business networks. The PreyProject.com has a great article on the 20 ways to secure your mobile phone with tips for both iPhones and Android. Rogers.com reported that nearly 1 in 4 people will experience loss, theft or damage to their wireless device in 2017. Unfortunately, I could not find an equivalent statistic for 2022.
    • Take steps to protect your business from ransomware. Cbia.com published Fourteen Tips to Protect your Business from Ransomware attacks. I would add one more tip: Back your data up in a secure, encrypted online storage service such as sync.com. Cloudwards.net has a review of sync.com and lists it as the best cloud storage in Canada. Sync.com is the overall winner as it is a zero-knowledge storage service (meaning that they have end-to-end encryption and you and only you have access to the decryption keys).

    When it comes to IT, one can think that you have adequate protection, that is, until you get hacked. I looked for Canadian data, but Cloudwards.net reports that:

    • Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.8,
    • In 2021, 37 percent of all businesses and organizations were hit by ransomware.
    • Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.
    • Out of all ransomware victims, 32 percent pay the ransom, but they only get 65 percent of their data back.
    • Only 57 percent of businesses are successful in recovering their data using a backup.

    Spending money on security and prevention is always money well spent.

    (originally published in PracticeTalk and Tech Tips in the Canadian Bar Association’s BarTalk magazine:

    https://www.cbabc.org/BarTalk/Articles/2017/December/Columns/Guarding-Your-Confidences

    https://www.cbabc.org/BarTalk/Articles/2017/December/Columns/What-steps-can-you-take-to-protect-yourself-and-re)

     

    © 2022 David J. Bilinsky

    Posted in Issues facing Law Firms | Permalink | No Comments »
    Family Law: Does the Status Quo need Fixing?
    Monday, June 13th, 2022

    divorcing couple

    (Image by Mohamed Hassan – Pixabay)

    ♫ Now it’s time for change
    I feel the the future
    In the hands of our youth… ♫

    — Music and Lyrics by D. McDaniel & N. Sixx, recorded by Mötley Crüe

    Does family law need deep structural changes in how it resolves disputes? John-Paul Boyd, QC, an accredited family law arbitrator, family law mediator, and parenting co-ordinator, in an article in The National (Feb. 2019) entitled: “Family Justice in Canada is at a Breaking Point”, wrote the following:

    “[W]e should consider removing family law matters from the courts altogether. These are disputes that could be moved into a specialized administrative system offering both adversarial and non-adversarial dispute resolution alongside: education on parenting after separation, child development and conflict management; social services providing parenting, housing and employment support; and financial and mental health counselling, parenting assessments and similar services.”

    John-Paul notes that the current system sees up to 80% of family law litigants as self-represented. High fees simply place lawyers out of reach for the vast majority of people undergoing family disputes. One can ask the question as to how long this can be sustained before the public views the social contract given to courts and lawyers to resolve such disputes as being broken and needing replacement.

    The Canadian Forum on Civil Justice (“CFCJ”) prepared an infographic on the “Cost of Family Law Disputes” from data from the Canadian Research Institute for Law and the Family’s (“CRILF’s”) “An Evaluation of the Cost of Family Law Disputes: Measuring the Cost Implications of Various Dispute Resolution Methods” report. They looked at Collaboration, Mediation, Arbitration, and Litigation and found that while Litigation was viewed at the most useful dispute resolution process for high-conflict disputes (such as: risk to an adult or child, risk to property, allegations of violence or substance use, mental disorder, or alienation), Mediation and Collaboration were most useful for low-conflict disputes (such as hearing the voices and preferences of children, disputes about care and parenting, child or spousal support, and division of property and debt). Almost all lawyers using collaboration and mediation agree that the results achieved are in the interests of the children.

    CFCJ found the average cost to resolve high-conflict disputes as follows: Collaboration was $25,110, Mediation $31,140, Arbitration $40,107, and Litigation $54,390. For low-conflict disputes the average costs were: Collaboration $6,269, Mediation $6,345, Arbitration $12,328, and Litigation $12,395. Clearly the financial costs drop and the social outcomes are higher when alternative methods to litigation are utilized.

    John-Paul Boyd, QC echos these findings: “[T]he public purse would be better spent supporting processes that are child-centred, holistic, cooperative to the extent possible, and promote the capacity of family members living apart to resolve disagreements on their own.”

    The studies show that the current system is not working for the vast majority of people with family law disputes. Now is the time for change.

    What other solutions to fixing Family Law have been proposed?

    Along with J.P. Boyd, QC’s suggestion of removing family cases from the courts and placing them into a special administrative tribunal aimed at promoting the well-being of children, he advocates greater use of unbundled legal services and non-lawyers assisting clients with legal problems.

    Here is a sampling of other solutions proposed to fix Family Law:

    Nick Hilborne wrote an article in legalfutures.co.uk entitled, “Family lawyers need to replace billing targets with new business model” (August 5, 2021) in which he interviewed Gillian Bishop, co-founder of pioneering London firm Family Law in Partnership (“FLiP”). Ms. Bishop stated: “Family lawyers should scrap billing targets and develop a new business model.” To Ms. Bishop, billing targets are a dead weight around the necks of many, many practitioners and lead to many young lawyers working longer and longer hours each day in order to hit them. “I have heard so many times that to record five hours chargeable a day you routinely have to be in the office twice that time. Just crazy.”

    Ms. Bishop stated, “a number of commercial firms now operate without a billing target model, showing that ‘it can be done,’ and the challenge was to create a variation of that model or ‘another model altogether’ that worked for the family law sector.”

    She also stated that she “would like to see greater use of collaborative law.”

    FLiP has taken some steps along a new path. Three years ago, FLiP started the first training scheme in psychologically based supervision to help family lawyers manage work-related stress and Ms. Bishop said, “that supervision should be compulsory for family lawyers.”

    In the UK, there is a major overhaul of family courts to protect domestic abuse victims. The Ministry of Justice published a press release stating:

    “Fundamental reform of how the courts hear cases, through a new investigative approach, will be trialed as part of the Integrated Domestic Abuse Courts pilot — these consider family and criminal matters in parallel in order to provide more consistent support for victims. Emphasis will be placed on getting to the root of an issue and ensuring all parties are safe and able to provide evidence on an equal footing — without the retraumatising effects of being in court with an abusive ex-partner.”

    The Ministry stated, “that this move came after an expert-led review into how the family courts handle domestic abuse and other serious offences had raised concerns that victims and children were being put at unnecessary risk.”

    In an article entitled, “A New Approach To Nesting In Family Law,” Aylward Game Family Law, in Australia, states:

    “Frequently after parents separate, it is the children who switch homes between the parents, with varying degrees of frequency. This means it is the children who are subject to the demands of frequent packing up and moving house in order to spend time with each of their parents. We have in the past reflected that it must feel a little unfair to the children to be subject to this arrangement, which can be very disruptive.

    The idea behind nesting turns this on its head, and the children stay in one house and the parents are the ones who move in and out. This seems to place the best interests of the children at the top of the list of priorities, which is in line with the Family Law Act in Australia.”

    (originally published in PracticeTalk and Tech Tips in the Canadian Bar Association’s BarTalk magazine:

    https://www.cbabc.org/BarTalk/Articles/2021/October/Columns/Examining-the-Facts

    https://www.cbabc.org/BarTalk/Articles/2021/October/Columns/Solutions-Put-Forward-to-Change-Family-Law)

    © 2022 David J. Bilinsky

    Posted in Trends | Permalink | No Comments »