by Felicien | Jun 20, 2019 | Education
If you are a lawyer or if you are hiring a lawyer, technology competence, often shortened to tech competence, is a term that you should be aware of. Recently, changes have been recommended in regards to tech competence and attorneys. Here is everything that you need to know about this topic.
What is Tech Competence?
Lawyers have always had a duty to be competent in the areas of law they practice. However, in 2012, the American Bar Association made a change to the Model Rules of Professional Conduct. The change being made was to make it clear that attorneys need to take steps to be competent in regards to technology. This change stated the lawyers need to stay competent in regards to the benefits and risks associated with technology that is relevant to their firm and line of work. Each state was free to adopt or reject this change, and to date, 36 states have adopted this change.
What New Changes Have Been Recommended in Regards to Tech Competence?
A committee met and issued a report in February of 2019 that recommended revisions be made to the current Rules of Professional Conduct in regards to technology. The changes that the committee recommended making were designed to make it clear that it is an attorney’s job and legal responsibility to ensure that they are competently representing their client. The changes that are being recommended to ensure that law firms and lawyers understand that this duty reaches into the technology that they use. The committee wanted to make it clear that it is a lawyer’s duty to ensure that client information is confidential, and as such, they are responsible for protecting against unauthorized access. Unauthorized access can occur if a database gets hacked or emails are intercepted.
The committee designed with making changes issued its report in February of 2019. The public was given the opportunity to comment and provide feedback through April 19, 2019. Currently, the recommendation is being reviewed by the D.C. Bar Board of Governors. Ultimately, they will decide if the recommendations should be passed on to the District of Columbia Court of Appeals, who ultimately sets the rules of practice within the District of Columbia.
How Can Your Law Firm Ensure You Are Meeting the New Guidelines?
While the changes in regards to tech competence and lawyers have not yet been approved, it is expected that it will be. It is also expected that many of the 36 states who adopted the tech competence changes will follow the District of Columbia’s lead and adopted these rules. As such, you may find yourself wondering what this means for you as a law firm, lawyer or individual or business looking to hire a law firm. If you are a lawyer or law firm, you need to ensure that you are taking steps to protect any personal client information. You need to ensure your website is secure, that you are sending all confidential emails in an encrypted manner, and take steps to ensure your cloud is secure. As a client, you want to ask law firms what steps they have taken to ensure the technology they use is secure.
As technology advances, new changes will likely be made to tech competence and the way it impacts attorneys and law firms. Being proactive and ensuring the technology you use is secure is the best way to meet your requirements under the new guidelines.
by Felicien | Jun 20, 2019 | Education
There are many types of risk in business: the risk that a new competitor will come on the market and steal market share, the risk that top staff members will jump ship for a better offer . . . but are you considering the significant risk that is associated with a cyber attack? A recent report by IBM shows that more than 77 percent of companies don’t have a cybersecurity response plan in place, a dangerous proposition when you consider that 60% of businesses that suffer a cyber attack fail within 6 months. These are pretty terrifying statistics for small to mid-size business owners, especially in specific verticals that require the capture and storage of sensitive customer data such as health and financial information.
See why unsecured data is the #1 security threat to local small businesses.
(Response) Time is Money
When your business is able to react quickly to a malware or ransomware attack, you significantly raise the likelihood that you will be able to bounce back to full operations before your business is devastated by the impact. The response time that your technology team and business leaders are able to command could easily be a make-or-break moment, as cyber attacks can cost organizations thousands of dollars a minute in reduced productivity, losses of sales, compliance charges and more. Knowing that you have a comprehensive cybersecurity response strategy in place can help your business make the best of a bad situation and achieve the proper resilience that you need.
Ditch That False Sense of Security
You might think that your business is too small to be of interest to cybercriminals. Those hackers are going after the big haul, right?!? Turns out, the majority of cyber attacks are being committed against smaller organizations, because there is a perception that infiltration will be easier and criminals will be able to easily make off with your valuable customer data. Brokers on the dark web are willing to pay a significant fee for each stolen record, complete with a tiered pricing scale for financial data that is based on the size of the bank account. It’s crucial that businesses do not have a false sense of security, but proactively put plans in place that will help reduce the risk associated with a cyber attack.
Put Staff Members on Lockdown
Increase the security requirements for passwords, and require them to be reset on a regular basis. Invest in ongoing training for staff members that will help them understand everything from the potential of phishing attacks to why it’s important to stay away from specific activities online. Create security policies and put strategies in place to ensure that they are followed — and regularly reviewed and updated by cybersecurity experts. Actively engage white-hat hackers to look for holes in your current data security and then quickly put a remediation plan in place. While staff members may feel as though they are being placed on a type of lockdown, it’s imperative that information technology professionals effectively communicate the severity of the issue that is facing businesses today. When employees understand the damage that can be accidentally done to the organization, they are much more likely to be an active member of the solution instead of a part of the problem.
Creating a secure environment for your business data requires the proactive involvement of business and technology professionals alike. Just as you wouldn’t leave customer credit card information lying around the office or on a printer, you can also educate staff members that using an easily-guessed password is the digital equivalent of those poor security practices.
by Felicien | Jun 20, 2019 | Education
Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.
Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.
Hacking vs Spoofing—What You Need to Know
What does it mean when your email account has been hacked?
A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:
Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
Answering your security questions correctly
You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
You used the same password on a different site and the site used it to access your email
You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password
If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.
Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:
Check your recent email activity to see if anything was sent that you were not aware of
Change your password
Use different passwords for every account
Start using a password manager to generate random, complex passwords
Update your system to the latest OS and update your security software
Run your antivirus and malware detection programs
What does it mean when your email account has been spoofed?
Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.
Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:
Do not share your email address with anyone who does not need it for business purposes
Do not allow employees to share your email address
Improving Business Email Security
For more information about improving email security for your business, please contact our IT services team.
by Felicien | Jun 20, 2019 | Education
According to the LawSites blog, as of this writing, there are 36 states that have adopted the ABA’s updated Model Rule 1.1, which states that lawyers should maintain technology competence. The rule is purposefully vague to allow for the constant changes in technology that the legal industry is encountering. Unfortunately, the vagueness can create some anxiety for lawyers who want to meet the requirements of the rule. What does the ABA mean by “technology competence”, and how can lawyers achieve competence?
To better understand the expectations of the ABA and the states embracing its rules, it is necessary to take a closer look at how technology has impacted legal representation and ways that it can improve a lawyer’s practice.
Your main goal as a lawyer has always been to represent your client to the best of your ability. It was once enough to be knowledgeable in your legal area to ensure competent representation, but skilled representation today also means being able to use technology to improve efficiency, security and ideally the results you get for clients.
Technology Competence—The Basics
Update to ABA Model Rule 1.1
To get a grasp on what technology competence means for you and your practice, it is helpful to read the updated ABA rules:
Maintaining Competence
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
As you can see, the rule is not terribly specific about what it means to be competent in technology for a lawyer. It states that you should, “…keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” However, if you consider what the relevant technologies are in law—and their benefits and risks—you can get a clearer idea of how to approach tech in your own practice.
Relevant Technology in Law
There are some technologies that are quite relevant to the practice of law and are being used by lawyers across the country and the globe. These include:
Electronic Discovery
Discovery has always been the backbone of case building, but electronic tools have increased the power and efficiency of the discovery process in numerous ways. These tools allow for more comprehensive preservation of information, more thorough review of information and faster production of information. Failing to leverage electronic tools in the discovery process is doing clients a disservice.
Internet Investigations
You do not have to be a professional internet investigator to get a lot of benefit out of internet searches. Just being able to do simple internet searches for information can make the investigation process faster and more thorough than it otherwise would be. There are also numerous tools available online for conducting investigations.
Cyber Security
Considering that most of the information you obtain for clients and from clients will be digital, it is incredibly important that you take basic cyber security measures to protect that information. From hackers looking to blackmail victims to government agencies reviewing every bit of information they can get their hands on, there is a multitude of actors who can target your data and compromise your practice.
Understanding the Technology Used by Clients
The clients you represent are using technology in a myriad of ways. You need to have a basic understanding—or possibly a much more in-depth understanding—of what tech they are using and how they use it. That means educating yourself not only on legal tech but also on any tech pertinent to your clients and their legal needs.
Courtroom Technology
There are a variety of tech tools that can make you more effective in the courtroom. They can help you better organize, present and explain information to your audience. Every little advantage you can get can make a difference when presenting your case.
Legal Technologies that Make Business Easier and More Efficient
Many legal technology tools are fairly mundane, but that does not make them any less useful. You can leverage them to provide your legal services with less work on your end. File sharing, automated document assembly and electronic court scheduling are all useful.
Using Technology to Better Serve Your Clients
Your ability to serve your clients is improved in many different ways through technology competence. While it may take time and effort to improve your competency, the benefits of doing so can be significant for both your clients and your practice.
To learn more about legal technologies that might benefit your firm, please contact our managed IT services team.
by Felicien | Jun 19, 2019 | Education
Creating a secure, usable network of systems is top-of-mind for Australia’s Digital Transformation Agency (DTA). The recent growth of security challenges for organisations of all sizes has caused this government agency to closely examine how businesses are interacting through the cloud. The Australian government’s new Secure Cloud Strategy provides a framework for service providers to follow that is targeted to “improve resilience, life productivity and deliver better services” — lofty goals for any organisation. While the Secure Cloud Strategy is ostensibly to help the government take full advantage of the benefits of cloud computing, IT services providers will also need to adopt the more robust security measures if their systems interact with secure public information.
Ongoing Challenges with Healthcare Data Security
Moving towards compliance requires managed service providers and cloud support partners to fully embrace the enhanced security requirements of the Secure Cloud Strategy. Healthcare data breaches are at an all-time high according to the Office of the Australian Information Commissioner (OAIC), where 812 notifiable breaches occurred in 2018. Australia’s “My Health Record system” has come under attack lately, as cybercriminals seem to have discovered that this is a rich well of information simply waiting to be tapped. Healthcare leads the top sector for data breaches in Australia with 20%, while finance, professional services and education lag significantly behind. While some of these data breaches are determined to be a human error due to a variety of issues such as loss of storage devices and sending information to the incorrect individual, nearly half were caused by a malicious attack.
Key Points of the Secure Cloud Strategy
Protecting the security of your data and that of your clients is of the utmost importance to service providers, and DTA’s new Secure Cloud Strategy is targeted to do exactly that. These key points are considered crucial to protecting the security of data in the nation’s healthcare infrastructure:
Organisations will appreciate a shared understanding of requirements, including a common assessment framework
The Digital Transformation Agency will lead the way by developing a platform to share knowledge and expertise
A focus on reducing the duplication of effort by providing shared services that can be leveraged by multiple organisations
The responsibilities and accountability of cloud service providers will be clarified by a new contract model
Renewed energy towards creating sustainable change in the data security infrastructure of the government and interconnected entities
While these common-sense measures are aimed at revising the way the healthcare industry approaches data and security, industry analysts are concerned that the efforts may prove too expensive for IT service providers that are already struggling with detailed compliance requirements, increased complexity of requirements and rising costs. The talent shortfall is also a factor in the updates that the Australian government is requiring of their IT service providers, as local experts are struggling to maintain certifications and compliance requirements.
As Australia circles the same issues that are tormenting healthcare organisations throughout the world, it may be the cloud software providers that have the most work to do to maintain adequate levels of security. IT managed services providers are often able to step in and help understand how to implement broader security requirements and automate ongoing tasks to free up time with valuable technology professionals.
