Email Encryption For Everyone

The recent confirmation that the US government, through the NSA’s PRISM surveillance, collects massive amounts of electronic data is really only the tip of the iceburg when viewed in light of all of the potential exposure email has to unauthorized access. From hackers to governments to law enforcement to targeted espionage to identity thieves, there are many who may want to access and view your email and its attachments.

Depending on the type of client you represent and the work you do unencrypted email exchange may not provide enough protection for confidential communication. The ABA’s formal opinion from 1999 on email encryption (99-413) generally allows for use of email to communicate with clients, but also provides the caveat that “when the lawyer reasonably believes that confidential client information being transmitted is so highly sensitive that extraordinary measures to protect the transmission are warranted, the lawyer should consult the client as to whether another mode of transmission is, such as special messenger delivery, is warranted..”

Much has changed since 1999. Commentary in the opinion states: “[t]he Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. ” Read in light of the known, legal interception of email transmission by the government and the increased use of webmail services that offer free service in exchange for access to the text of the email is it still reasonable to rely on an expectation of privacy and legal protection of email transmissions?

There are a variety of ways to encrypt email communications. For large firms working with corporate clients, firms representing governments, lawyers representing political prisoners and other circumstances may require an end to end encryption solution such as PGP to be set up and used by both parties. Once in place the process is relatively seamless. Lifehacker provides a great guide on end to end encryption for email clients and webmail..

However, lawyers who work with consumer clients including estate planning, family law, bankruptcy, criminal, real estate, civil rights etc. may not have a long term relationship with their clients or have the level of sensitivity in the communication that warrants a long term encryption key exchange. For those situations attorneys can still encrypt email on a short term or case by case basis by using some of the “on demand” email encryption options available. These tools are often free for limited use and while they do not provide the level of protection afforded by traditional email encryption they do provide some peace of mind. The article Easy Encryption for Email is Not an Oxymoron provides information on three such services that employ different models for protection. To see these easy encryption options in action check out the How To… video from the Chicago Bar Association’s LPMT.

Managing LinkedIn Endorsements and Optimizing Your Profile

During Membership Appreciation Week here at the Chicago Bar Association I put on a program on how to optimize your LinkedIn profile. One question that came up was about the new endorsements of your skills and expertise listings. If you are interested in managing that area of your profile take a look at this short video. If you would like to see the entire program it is now online, free for Chicago Bar Association Members.

You may also want to take a look at a recent article from Attorney at Work titled “Should Lawyers Connect with Competitors?” and note the links to other pertinent articles on lawyers’ use of LinkedIn at the end of the article.

Layering Security: Two Factor Authentication

“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

Thus starts the story of Mat Honan, a writer for Wired Magazine. Mat’s story should be a cautionary tale for all, especially lawyers whose duties to maintain the confidentiality of client data extend the need for added security beyond just personal inconvenience.  Mat admits that much of what happened could have been avoided by using two factor authentication on his Google account and other security measures.  So, why didn’t he do it? Because adding layers of security means adding a layer of complication, and sometimes inconvenience. However, to unravel from a firm security breach or hack would be even more inconvenient.

Google’s Gmail, Google Chrome, LastPass, Dropbox, WordPress and many other popular services have added an extra layer of security that a user must enable called “two factor authentication”.  The concept of this security is that a person cannot access another user’s account without something she knows and something she has. In the case of these popular services the solution is a strong password plus a secondary code that is sent via text to a smartphone or mobile device.  Both are required to access the account. For two factor access to laptops there are devices like USB tokens and smart cards that must be plugged in for the machine to boot up. Likewise you can buy external biometric security devices, such as a fingerprint reader, which is a substitution for what the user has to what the user is.

The SANS Institute OUCH! newsletter this month provides further information and links on two factor authentication for popular online services. When enabling two factor authentication make sure to read all the instructions carefully. Matt Cuts blogs for Google on how the two factor authentication works with Gmail, and dispels some myths about any perceived difficulties this may add to accessing your email.

Want to learn more about security best practices for your law firm? Sign up for the CBA CLE (1.5 IL PR Credit)  “Lighting the Corners: Security Best Practices”  in person or webcast on November 20 at 12 CT.

CBA’s Law Firm Start-up Boot Camp is one week away – register today!

Whether you are going solo, opening a small firm, or just need a refresher, the CBA’s new “Law Firm Start Up Boot Camp” is a day long event that will provide essential information on getting a successful law practice up and running.

The program will be held on Thursday, October 4, 2012, from 8:45 a.m. to 5:00 p.m. at the CBA Building, 321 S. Plymouth Ct., Chicago. The program has been approved for 4.25 IL Professional Responsibility Credit and 1.75 IL MCLE Credit.

Our panelists include some of the most experienced practice management advisors in the country: Jim Calloway, J.D., Director, Management Assistance Program at the Oklahoma Bar Association; Natalie Kelly, Director, Law Practice Management Program, State Bar of Georgia; Catherine Sanders Reach, Director, CBA Law Practice Management & Technology Division; and Reid Trautz, J.D., Director, Practice and Professionalism Center, American Immigration Lawyers Association.

The presentation will provide practical and proven guidance to lawyers in various settings to create effective, ethical and efficient solo and small firm practices. In this economy you have to give yourself the best chance for success. Invest in yourself. Invest a day to learn the best practices for your law practice. Invest in your future. Whether you are just starting out or looking to inject new ideas and energy into your existing firm, this is an event you won’t want to miss.

Topics include:

  • Becoming a Law Practice Entrepreneur
  • Budgeting and Financing
  • Building a Client Base
  • Using the Web/Social Media for Practice Development
  • Money Talks
  • All About Clients
  • Managing the Matter
  • Risk Management
  • The Life of the Lawyer

PLUS a networking lunch with the speakers, sponsored by CBA Administrators

Register to attend in person, or online (am and pm sessions are separate registrations) or call 312-554-2056

Upcoming LPMT Programs and Training

Don’t miss upcoming CLE programs and free training sessions:

Coming up in August:

  • How to… Take Control of Social Media with Hootsuite
  • How Lawyers Can Use Collaboration Tools

Coming up in September:

  • How to… Use MS OneNote for Project Management
  • How to… Automate Functions in MS Word
  • Smarter, Better, Faster: Document Assembly

Coming up in October:

  • How to…  Get the Most Out of LinkedIn
  • How to…  Manage Complex Tasks in Basecamp
  • How to…  Use MS Outlook Add-ons
  • Intersection of Ethics and Technology

PLUS Law Firm Startup Bootcamp on Oct. 4 – everything you need to know to start (or update) your law firm!

Register online at the Chicago Bar Association – CLE - CLE Seminars  and check the LPMT “Upcoming Programs” calendar for program descriptions, dates and times.

New How to… and CLE Archives Available

New archives available:

Did you know that if you registered for a CBA LPMT CLE program or training class you can go back and watch the recording any time?  Simply log in to the Chicago Bar Association website and look under “Webcasts” and then select “My Seminars” from the drop down menu.  If you missed a session, the links to the recordings will be available on the LPMT site listed in the Program Archives link under “Upcoming Programs”. Just register to watch.

Also, all Chicago Bar Association members have access to previous progam materials, as well as white papers and other information.  Click on the “Articles (CBA Members Only)”  tab in the site header.

Power Down: Business Continuity Planning for Law Firms

The derecho that swept from Chicago to Washington DC on Friday, June 29 left millions in the Midwest and mid-Atlantic without power for days. A post in Forbes highlights our increasing reliability on the power grid, and the need for diversification of risk with cloud services to avoid downtime.

Business continuity plans are designed to help a firm respond to any type of disaster, from a hard drive failure to a hurricane.  They incorporate not only technology backup plans, but also illustrate when the plan should be put into action and to what extent. They identify key players, and what to do if those essential personnel aren’t available.

The ABA Committee on Disaster Response and Preparedness had BDA Global, LLC prepare a planning guide for law firms to use to create a business continuity plan. Freely available, this  guide includes step by step explanations of what should be in the plan, how to create a plan and includes a sample plan in the appendix. In the foreword former ABA President Steve Zack notes:

Disaster planning is especially important for lawyers. Not only is it necessary to protect, preserve, and in extreme cases rebuild one’s practice or firm, lawyers also have special obligations to their clients. Lawyers must represent the client competently and diligently, safeguard client’s property, and maintain client confidentiality and communications. These obligations are neither excused nor waived following a disaster.

The guide is an excellent resource, as well as the other resources at www.americanbar.org/disaster, in helping law firms plan for the inevitable.

Some Technology Backup Best Practices

  • Maintain geo-redundant backups
  • Regularly do test restores and create written instructions for restoring
  • Keep all software license numbers and installation discs
  • Create images for computers and file servers
  • Keep a local copy of cloud data
  • Consider how data created on mobile devices is backed up
  • Have a current and accurate network diagram

More information regarding computer backups, risk management and disaster recovery are available from the ABA Disaster Planning website on the Resources for Lawyers and Law Firms page.

Ethics and Technology: The Rules are Changing (podcast)

Listen to this month’s Digital Edge podcast on ethics and technology:

This month Sharon Nelson and Jim Calloway interview Catherine Sanders Reach, Director of Law Practice Management & Technology for the Chicago Bar Association. The topic is Ethics and Technology: The Rules are Changing. This month’s discussion covers a wide range of topics including the ABA Ethics 20/20 Commission’s recommendations as well as state opinions about lawyers offering coupon deals and other electronic marketing efforts, cloud computing, SaaS and outsourcing.

Directory powered by Business Directory Plugin