Layering Security: Two Factor Authentication

“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

Thus starts the story of Mat Honan, a writer for Wired Magazine. Mat’s story should be a cautionary tale for all, especially lawyers whose duties to maintain the confidentiality of client data extend the need for added security beyond just personal inconvenience.  Mat admits that much of what happened could have been avoided by using two factor authentication on his Google account and other security measures.  So, why didn’t he do it? Because adding layers of security means adding a layer of complication, and sometimes inconvenience. However, to unravel from a firm security breach or hack would be even more inconvenient.

Google’s Gmail, Google Chrome, LastPass, Dropbox, WordPress and many other popular services have added an extra layer of security that a user must enable called “two factor authentication”.  The concept of this security is that a person cannot access another user’s account without something she knows and something she has. In the case of these popular services the solution is a strong password plus a secondary code that is sent via text to a smartphone or mobile device.  Both are required to access the account. For two factor access to laptops there are devices like USB tokens and smart cards that must be plugged in for the machine to boot up. Likewise you can buy external biometric security devices, such as a fingerprint reader, which is a substitution for what the user has to what the user is.

The SANS Institute OUCH! newsletter this month provides further information and links on two factor authentication for popular online services. When enabling two factor authentication make sure to read all the instructions carefully. Matt Cuts blogs for Google on how the two factor authentication works with Gmail, and dispels some myths about any perceived difficulties this may add to accessing your email.

Want to learn more about security best practices for your law firm? Sign up for the CBA CLE (1.5 IL PR Credit)  “Lighting the Corners: Security Best Practices”  in person or webcast on November 20 at 12 CT.

Power Down: Business Continuity Planning for Law Firms

The derecho that swept from Chicago to Washington DC on Friday, June 29 left millions in the Midwest and mid-Atlantic without power for days. A post in Forbes highlights our increasing reliability on the power grid, and the need for diversification of risk with cloud services to avoid downtime.

Business continuity plans are designed to help a firm respond to any type of disaster, from a hard drive failure to a hurricane.  They incorporate not only technology backup plans, but also illustrate when the plan should be put into action and to what extent. They identify key players, and what to do if those essential personnel aren’t available.

The ABA Committee on Disaster Response and Preparedness had BDA Global, LLC prepare a planning guide for law firms to use to create a business continuity plan. Freely available, this  guide includes step by step explanations of what should be in the plan, how to create a plan and includes a sample plan in the appendix. In the foreword former ABA President Steve Zack notes:

Disaster planning is especially important for lawyers. Not only is it necessary to protect, preserve, and in extreme cases rebuild one’s practice or firm, lawyers also have special obligations to their clients. Lawyers must represent the client competently and diligently, safeguard client’s property, and maintain client confidentiality and communications. These obligations are neither excused nor waived following a disaster.

The guide is an excellent resource, as well as the other resources at www.americanbar.org/disaster, in helping law firms plan for the inevitable.

Some Technology Backup Best Practices

  • Maintain geo-redundant backups
  • Regularly do test restores and create written instructions for restoring
  • Keep all software license numbers and installation discs
  • Create images for computers and file servers
  • Keep a local copy of cloud data
  • Consider how data created on mobile devices is backed up
  • Have a current and accurate network diagram

More information regarding computer backups, risk management and disaster recovery are available from the ABA Disaster Planning website on the Resources for Lawyers and Law Firms page.

60 Sites in 60 Minutes (ABA TECHSHOW 2012)

Did you miss ABA TECHSHOW this year? Come to the LPM Committee meeting next Friday (4/13) from 12:15 PM – 1:30 to hear a few attendees favorite tips picked up at the show. Until then…

ABA TECHSHOW 2012 – 60 Sites in 60 Minutes (The whole list)

Again this year, the always exciting 60 Sites in 60 Minutes plenary session concluded ABA TECHSHOW 2012. Presenters Natalie Kelly, Dan Pinnington, Catherine Sanders Reach and TECHSHOW Chair Reid Trautz shared variety of serious and funs sites with the packed room. For those that couldn’t make it, here is a full list of the sites they presented:

Sites to help you do your job

  • ABA Preview of Supreme Court Cases: Everything you want or need to know about what is happening at the Supreme Court, past, present and future. americanbar.org/publications/preview_home.html
  • Fastcase and Mobile Sync: Legal research on your desktop, iPhone or iPad. Bar Association users can use the Mobile Sync feature to keep one research session going across all platforms. www.fastcase.com
  • CellularAbroad is a helpful site to find the best mobile phone and coverage option specific to your phone and carrier when traveling overseas. www.cellularabroad.com
  • Google Scholar adds treatment to citing cases scholar.google.com/
  • Jureeka: Turn legal citations in web pages into hyperlinks that point to online legal source material in Chrome or Firefox jureeka.blogspot.ca
  • TinyEye: Reverse image search: find out source of an image, other uses of it, higher resolution versions, etc. www.tineye.com
  • Google Images lets you search by dragging and dropping an image www.google.com/imghp
  • Meevsu: Have a live confrontation or debate via webcam, with the audience voting for the winner meevsu.com

Helpful information

  • Law Practice Today e-zine archives is full of terrific articles on all aspects of law practice management www.americanbar.org/publications/law_practice_magazine
  • Room77: See what your hotel view is like, before you book the room www.room77.com
  • Priceblink: Find lower prices while you shop and set notifications for desired price points. www.priceblink.com
  • The Holotypic Occlupanid Research Group exists for one purpose. You’ll have to see for yourself because you won’t believe it until you see it. www.horg.com/horg/intro.html
  • PMA Pipe: Keep up with all the law practice management blogs feeds.feedburner.com/PmaPipe
  • MarineTraffic: Watch the movement of ships around the world, tracked by GPS in real time MarineTraffic.com/ais/
  • AllTop: See the top headlines on the most popular news sites and blogs alltop.com
  • The World at 7 Billion: With seven billion people in the world, where do you fit in? Just enter your birthdate and find out! www.bbc.co.uk/news/world-15391515
  • Handsfreeinfo: See what your state’s cell phone and texting laws for drivers prohibit – or are about to prohibit. Handsfreeinfo.com
  • WhoIsTheMostFamous:With just a first name, try to guess the most famous surname. WhoIsTheMostFamous.com
  • Scoopertino is the parody blog of all things Apple (based in Coopertino, CA) that recently claimed Apple would replace the complete iTunes library with songs sung by Siri, starting with Stairway to Heaven! scoopertino.com
  • US Department of State provides important travel information for every country in the world www.state.gov/misc/list/index.htm
  • An American’s Guide to Canada tells you everything you want to know about life in the Great White North, including “Canadianisms” and how to immigrate. AmericansGuide.ca

Technology tools and sites

  • Adobe provides great online tools for collaboration and converting and editing PDF documents acrobat.com
  • Alternativeto: If you’ve decided to replace a software application, this site will recommend alternatives based on user feedback. alternativeto.net
  • FollowUpThen: Schedule followups to emails you don’t need to deal with now, by simply forwarding them to this site. followupthen.com
  • Snipreel: Clip YouTube videos so you can share just the best parts. Snipreel.com
  • GreatApps: Helps you weed through the 1,000s of apps out there by featuring the best 25 at a time. greatapps.com
  • “If This Then That” write “recipes” and tasks to automate actions between “channels” like Facebook, Twitter, Email, Dropbox, Evernote and more ifttt.com
  • Thsrs Find shorter synonyms for longer words ironicsans.com/thsrs/
  • Zamzar is an oldie but a goodie site that coverts computer files you upload into other formats; great for old WordPerfect docs you now need to access via MS Word zamzar.com
  • Down for everyone or just me? Find out if a website is down www.downforeveryoneorjustme.com
  • Ninite: Pick all the popular software you want to install right from one page www.ninite.com
  • FacebookCheating: Read and share stories of cheating that happened via Facebook. Also access spying and therapeutic resources for online activity. facebookcheating.com
  • Factory Reset Wiki: Find factory reset codes and procedures for all kinds of products. Factory-Reset.com
  • Join.me is a free, yet robust screen sharing and conference call system that is extremely easy to set up and/or join. join.me/
  • TextMechanic allows you to manipulate and play with text in all sorts of different ways (for example, pick a random line of text) TextMechanic.com/Random-Line-Picker.html

Social media tools & resources

 

Law practice management

  • HBS Elevator Pitch Builder The good folks at the Harvard Business School have created the on-line pitch builder to help you hone your, well, elevator pitch. Try it! www.alumni.hbs.edu/careers/pitch
  • Thinkstock: A huge supply of the best stock images thinkstock.com
  • 99Designs is a new on-line graphics marketplace to have law firm logos and website graphics designed at extremely low rates, thanks to the winner-take-all nature of the marketplace. 99designs.com

Online privacy and dangers

  • Google Privacy Tools: All the ways Google gives you control over the information you share and store with them: google.com/policies/privacy/tools/
  • ScamTrends: Keep track of all the constant attemps to scam you by email, social media, phone, etc www.scamtrends.com
  • AvoidAClaim This blog about law practice management and claims prevention also features warnings about the latest fraud attempts against lawyers www.avoidaclaim.com
  • FCC Small Biz Cyber Planner: Information on how smaller companies can secure themselves against cyber crime www.fcc.gov/cyberplanner
  • SecretSync is a great way to easily share proprietary, sensitive information using online synchronization utilities getsecretsync.com
  • StartPage: A search engine that doesn’t collect your personal data startpage.com

Non-billable Time

  • MapCrunch lets you randomly teleport anywhere in the world via Google Streetview Mapcrunch.com
  • MyExWife’s Wedding Dress: Family lawyers will especially get a kick out of this site started by a man whose wife purposely left behind her wedding dress when they separated, and what he did with it to get even. myexwifesweddingdress.com
  • VeryFunnyAds: Pretty self explanatory! VeryFunnyAds.com
  • AbsolutelyMadness: collects the funniest pictures on the internet absolutelymadness.tumblr.com/
  • PhotoShop Disasters: A collection of the worst examples of bad Photoshop efforts PSDisasters.com
  • Monk-e-Mail: In just a few minutes you can customize an animated message complete with your own voice to send a birthday greeting or other fun greeting. Hosted by CareerBuilder.com of all things, but why not? www.careerbuilder.com/monk-e-mail/default.aspx
  • PoopSenders For friend or foe, res ipsa loquitor. www.poopsenders.com
  • Craftastrophe:A collection of the tackiest examples of homemade crafts Craftastrophe.net
  • WhySiriWhy? Amusing Siri quotes and awkward voice-text failures whysiriwhy.com
  • AwkwardWorkplacePhotos.com. Go. Laugh. Get back to work! workplacephotos.com
  • Devolve Me: Upload a photo of yourself (or someone else) and devolve it to see what you would look like 1.8 million years ago.www.open.ac.uk/darwin/devolve-me.php
  • MultiPlayerPiano: Play the piano online with whoever else is on the site at the same time multiplayerpiano.com

If you liked these sites, you can see the sites that were featured in previous ABA TECSHOW 60 Sites in 60 Minutes presentations as well as the ABA TECSHOW 60 Sites in 60 Minutes Hall of Fame

Make Your Hard Drive Picture Perfect

See one of my past posts to the AttorneyatWork blog “Make Your Hard Drive Picture Perfect“:

You have your computer backup strategy carefully planned. Your files are backed up in three locations, your servers are in a RAID array, you have all your installation disks and license numbers handy, and you have a test restore for your files scheduled on a regular basis. You are ready for the day that your hard drive fails. Or are you?

Directory powered by Business Directory Plugin