♫ Get back, get back.
Get back to where you once belonged…♫
Tuesday March 31, 2015 is World Backup Day. I think it is important to focus on this often neglected task as it is often lost in the hustle and bustle of getting the work out. But with the recent attacks of ransomware on all types of businesses, law firms included, having a proper back up that is not infected has assumed increasing, if not vital, importance.
Furthermore, having a proper backup is not just for your business. Consider all your digital photographs and personal files..how would you feel if they were lost?
So the focus of this article is to motivate you to implement backup solutions at your office and at your home.
Why back up?
- Protection against malware, viruses and trojans including Cryptowall and other ransomware (1 in 10 computers infected with a virus each month, according to ICSA Labs/TruSecure, 2002)
- Protection against disasters, either man-made (pipes bursting and the like) to natural disasters such as storms, lightening and such.
- Preservation of precious memories that once gone, are gone.
What are the best practices when it comes to back ups? Here is a list of some things to consider.
- Have a data retention plan
- Without a plan, you are left to haphazard backups. The worst time to realize that you don’t have a current backup is precisely when you need it most.
- Plan for increasing amounts of data
- Your storage should be scalable since you will be generating increasing amounts of data in the future.
- Ensure that your current system can be scaled up to handle greater and greater amounts of data without any disruption in your office.
- Have a redundancy plan – backup your backup
- What if the same disaster hits your backup as well as your systems?
- Consider having both a physical backup in your office and a cloud based backup that is unaffected if your office is hit with a disaster.
- Have your data readily available
- Cloud backups are wonderful as a ‘last resort’ but they do take time to download.
- Consider having a local NAS or other device in the office just in case your servers fry and you need a fast locally accessible copy of your data.
- Data security and integrity are priorities
- Always consider physical security and data security.
- Follow best practices in data security.
- Consider backups and archival copies
- Backups are snapshots at any point in time
- Archives are historical records – unalterable and therefore important if you need to go back and show what happened when.
The important thing to consider is your risk management position. Have you considered the cost of restoring your data and the potential of losing vital data and having to explain that to your clients? You may perceive the incidence of loss to be low, but the cost of recovery can be very high indeed. In fact not having a proper backup may result in a significant disruption of your business or even its failure.
If you suffer such a loss, you certainly want to be able to go back to where you once belonged.
(posted concurrently on tips.slaw.ca)
♫ Twisting and turning
Your face to the wall
Your future was soaring
The landing was hard..♫
Lyrics and Music by Tom Mallicoat, recorded by Lethal.
The American Bar Association Journal reported today:
A Texas lawyer accused of double-billing Bexar County for indigent defense work and forging judges’ signatures on payment vouchers has been sentenced to 10 years after pleading guilty in March to forgery and securing execution of a document by deception.
..[O]n 46 felony counts related to allegations she forged judges’ signatures and double-billed the county for her services.
My SA further reported that the deception charge Hilda plead guilty to is a second-degree felony, punishable by up to 20 years in prison. She may be able to apply for probation.
A hard landing indeed. One can only speculate on what led this lawyer to such behaviour.
♫ Let’s tell the future
Let’s see how it’s been done
By numbers, by mirrors, by water
By dots made at random on paper…♫
Lyrics, Music and recorded by Susan Vega.
(images: http://en.wikipedia.org/wiki/File:Fire_craker.jpg and http://en.wikipedia.org/wiki/File:San_Diego_Fireworks.jpg – creative commons licence)
“The Best Way to Predict the Future is to Create it” has been variously attributed to many authors, particularly Dennis Gabor.
Accordingly this is a call for all gentle readers to contribute their tips and predictions for 2014! Last year we heard from Stephanie Kimbro, Nate Russell, Tom Spraggs, Richard Granat, Jean Francois De Rico, Mitch Kowalski, John Zeleznikow, Andrew Clark, Colin Rule, Robert Denney, Ross Fishman, Noric Dilanchian, Steve Matthews and of course, Jordan Furlong.
I think that this is the most interested series of posts in the year and so I invite everyone to submit a post and we all can see what everyone thinks the future of law and legal practice will be like!
Let’s tell the future!
♫ Digital, criminals you’ll make meals in cyber-crime
Let’s all plan ahead, 2 times, I keep the chimes to a great mind… ♫
Lyrics and music by GZA, Inspectah Deck, Killah Priest.
LawPro, the Lawyers’ Professional Indemnity Company (LAWPRO) has announced that they will be providing a $250,000 submit coverage for eligible cybercrime losses in the 2014 policy year.
LawPro is a wholly Canadian owned insurance company that provides professional liability insurance to lawyers in Ontario and TitlePLUS title insurance coast-to-coast. LAWPRO is headquartered in Toronto, Ontario, Canada.
The cybercrime coverage appears to have been prompted by cyber attacks in 2012. According to LawPro’s newsletter:
In late 2012, LAWPRO learned of a high-value cyber attack on an Ontario firm. The attack was highly sophisticated and complex, and was designed to permit the fraudster to gain direct access to a firm’s trust account using online banking privileges. For details about this attack and how to avoid being the victim of a similar fraud, see our December 21, 2012, post on the AvoidAClaim blog:
avoidaclaim.com/2012/ontario-law-firm-victim-of-large-frauddue- to-infection-by-trojan-banker-virus/. This is in addition to instances reported in the media involving cyber attacks against several law firms to access confidential client information.
According to LawPro:
At LAW PRO, we believe that preventing breaches in confidentiality and financial losses due to these cyber attacks is a responsibility we all share. Law firms and individual staff members and lawyers who work in them must educate themselves about cyber risks and take all reasonable steps to ensure that data and funds are securely protected. Insurance against resulting losses should be viewed as a worst-case remedy, and not a replacement for preventive and protective steps.
The particulars of the coverage are to be found in the 2014 policy. LawPro states:
Lawyers should also understand that the sublimit provided, like all areas of the policy, applies to losses arising from lawyers providing professional services as lawyers. Losses that a firm might experience that go beyond this type of insurance coverage include reputational loss, physical damage or business interruption.
While this coverage is innovative in Canada, it does not alleviate the necessity for law firms to be vigilant and take every precaution to avoid being taken in by digital criminals.
♫ Password, please use the password
It opens the door to my heart…♫
Password, recorded by Kitty Wells.
The writer spoke yesterday at the Privacy and Access 20/20: A New Vision for Information Rights‘ workshop on Legal Ethics dealing with issues of privacy, security and technology for lawyers and their clients. The writer spoke along with Dr. Benjamin Goold, Associate Professor of Law and Associate Dean Academic Affairs, University of British Columbia and Tamara Hunter, Associate Counsel and Head of the Davis LLP Privacy Law Compliance Group.
This workshop was part of the pre-conference sessions and was a two-hour practice management and ethics seminar from a privacy law perspective. We addressed such issues as the use of technologies such as cloud computing by lawyers, and information security considerations including encryption, adequate passwords and mobile devices.
We dealt with a whole range of matters including the Law Society of British Columbia’s Cloud Computing Checklist and other other issues such as maintaining strong passwords.
I thought I would post on how lawyers can maintain strong passwords and not cause themselves grief in trying to remember complex series of upper, lowercase and symbols to craft strong passwords.
First, how do you create strong passwords? I use the Perfect Password generator on Steve Gibson’s website www.grc.com. Steve states that “Every time this page is displayed, our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use.” You can read the techy details of how the passwords are generated and why Steve states that they are safe on his password web page. Suffice it to say that Steve has a long history of protecting client information and system security.
OK so you have a 63 character random password that is highly secure. How can you possibly remember this? For one, *don’t* put it into an Excel spreadsheet or Word document on your computer. Malware will scan for these and then you will have lost all your passwords if your computer is compromised.
Much better to use a proper password manager such as LastPass. It works on practically every platform:
It is easy to use and has received praise from C|Net, PCMagazine, LifeHacker and many others. Best of all you only need to remember one password – the one to open LastPass. You can then enter your long secure passwords into web forms with just one click.
There is a free version or a premium version for $12/year.
With so many lawyers entering data on the cloud (not to mention using banking and e-commerce sites and such) it is comforting to know that you are secure by using complex passwords and protecting them in a proper way.
So to ensure maximum privacy and security, please use strong passwords and a good password manager – and use them to open all sorts of electronic doors…
Cross-posted to slawtips.ca
♫ Be prepared for indecision
It might make me disappear
But then again, my addiction
To indecision keeps me here…♫
This is another guest post from Beth Flynn of the Ohio State University Leadership Center.
To be a successful leader-manager, you have to be decisive. Probably the most frustrating thing to employees is working for a leader who can’t make a decision. The phrase “don’t be a definite maybe” is well known. The problem is that no one believes he or she is a definite maybe. The term itself is demeaning by what it implies. We all think we make decisions in a prompt or decisive manner, but I wonder if that is true and if it is what our employees think. I found that most leaders could make decisions about things quite easily. It’s making decisions about people that is difficult. In many cases, middle managers can’t make people decisions, or they will vacillate over them. When it becomes apparent to people in the organization that they are working for a definite maybe, they begin to lose confidence in that person’s leadership completely (Monastero, 2010, p. 75).
From: Monastero, S. (2010). Winning at leadership: how to become an effective leader. Bloomington, IN: IUNIVERSE, Inc. Winning at Leadership is available from the OSU Leadership Center. Click here to borrow this resource.
Learn how the Ohio State University Leadership Center is inspiring others to take a leadership role that empowers the world at http://leadershipcenter.osu.edu
To begin receiving Leadership Moments, or to update your information, please click on Join Our Mailing List.
Thanks Beth for another great leadership post on how all of us can move towards being a better leader by leaving our addiction to indecision behind!
♬ Everything is not what it seems
When you can get what you want by the simplest of means
Be careful not to mess with the balance of things
Because everything is not what it seems…♬
Lyrics and music by: John R. Adair, Ryan David Elder, Bradley Jay Hamilton, Stephen R. Hampton, recorded by: Selena Gomez.
CBC News on May 4, 2010 in an on-line article entitled: “Bank of Montreal alleges huge mortgage fraud” reported on a potential $30 million mortage/real estate fraud in Alberta.
The article is disturbing, as the size of the fraud and the number of people involved is not small: there are apparently 14 inter-connected groups involved:
Toronto forensic accountant Al Rosen said he has never seen anything like it.
“This is massive in the sense that it is so broad and so deep,” Rosen said Tuesday. “This is [allegedly] a huge fraud. I can’t think of any situation that has so many people involved and over a period of time like this one.”
The people involved ranged from ‘straw buyers’ who fronted the purchase of the properties for inflated prices based on fake, inflated wage and net income documents, to lawyers, to bank employees and ‘masterminds’.
♫ The time is right to do it now
The greatest rock’n’roll swindle
The time is right to do it now…♫
Music and Lyrics by Steve Jones, paul Cook, Julien Temple, recorded by the Sex Pistols.
The ABA Journal reported on Feb. 22, 2010 that an email scam was targeted at 6 law firms in Honolulu and two of them fell for the scam, losing a total of $500,000.00.
In this case the clients, who only contacted the firm via electronic communications, “overpaid” the retainer by way of a cashier’s cheque. When informed about the ‘overpayment’, the clients requested a wire-transfer refund.
By the time the law firm realized the cashier’s cheque was counterfeit, the wire transfers were long gone…
The ABA Journal states:
“Law firms and other professional service providers are cautioned to be on high alert when dealing with clients who come forth via the Internet,” the FBI warns. Also, when dealing with wire transfers, firms should be sure the initial payment has fully cleared before issuing refunds.
Law firms should be instituting policies regarding ‘know your client’ as well as policies regarding ensuring that funds deposited to their trust accounts have fully cleared before forwarding these funds along. The swindlers are counting on the fact that there are lawyers out there who have not yet taken steps to follow these precautions; in which case the swindlers are saying….the time is right to do it now…
♫ Well, who are you?
Who are you? Who, who, who, who?
I really wanna know…♫
A new service has sprung up. It is entitled “Career Excuse.com” Its purpose is to allow you to create false career references for your resume. They state:
Lets say you are applying for a Retail position and have a 3 year gap in your resume you want to fill. CareerExcuse.com has a retail company already established with a 800 number, a real address, a real website, and a real contact person.
Not only do they allow you to ‘fill’ that 3 year gap, they can act as new former job references, complete with: ‘company name, address, “800” number, company website/Email address , contact name, contact phone number, contact email address’.
You can create your own virtual company answered by a live receptionist, or direct any inquiries into voice mail limbo.
What if someone should happen to call the listed job reference?
When we receive a call inquiring about your references, they will be directed to our human resources dept. where they are instructed to fax, or e-mail, a Authorized Release Form and their Employment Verification Form to a contact person that we provided to you as your new job reference.
It seems their creativity knows no bottom:
Bankrupt companies make a great previous employer
We have created a management company with dozens of bankrupt companies that are ready to provide any inquirer your desired reference information.
Advising on ethics is just another part of their services:
Is misinformation on a resume illegal?
No, Since a resume is not a legal document, it is not illegal to misrepresent on a resume.
Course if the employer should happen to find out about this, ah, deception:
Can I get caught and fired?
We can’t guarantee that you wont and not liable if you do. If you get the job in the first place..we did our part. It’s up to you to act responsible after you get the job
After you get the job?
It would seem that an employer must do their own due diligence by checking #800’s and email addresses against valid sources to ensure that they are receiving valid reference checks.
It does seem that they are careful about privacy:
What about my privacy?
For your protection we do not collect or share any personal information about you, such as your name, mailing address or credit card number. All of your financial transactions are conducted through Paypal, our secure payment processor.
When it comes to hiring people these days, it seems that one needs to carefully ask: “Who are You…who who????” because we would like to know…
Hat tip to Pete Roberts for passing this site along!
♫ Go on take the money and run
Go on take the money and run..♫
A lawyer in BC has reported that the fraudsters have a new tactic in their attempts against lawyers and their trust accounts.
Past fraud attempts have aimed at trying to have a lawyer immediately forward funds to a client resulting from a ‘collection’ against a debtor that is paid by a forged certified financial instrument that is deposited into the lawyer’s trust account. Now the fraudsters have changed tactics.
Rather than try to convince the lawyer that he or she has just collected a large debt and he or she should send over large amounts of money forthwith, the fraudsters are now simply forging cheques that appear to be trust cheques drawn on the lawyer’s trust account. This way they bypass the lawyer and their firm controls entirely.
This is a straight cheque forgery. In one case that I am aware, a bank cashed one of these forged cheques, only to reverse the withdrawal shortly afterwards and restore the funds back into the lawyer’s trust account.
This behooves lawyers to go online and check their trust account activity on a daily basis…just to ensure that someone hasn’t taken the money and run….