Friendly Gifts or Kickbacks?

I saw a full page ad on the back of a law-related magazine a few months back that bothered me. It was placed by a multi-state court reporting firm and offered a $25 gift card in return for the next deposition scheduled with the firm. I imagine that they got a lot of responses. But the offer bothered in several ways. Would the assistant tell the lawyers he/she is getting this premium? Should it rightfully belong to the staff person making the call, the lawyer, the law firm or maybe even arguably the client? What if this reporting service charges more than the competition? Are we really talking gift or a possibly illegal kickback?

Risk of Rewards By James DeCrescenzo on Depo.com covers these issues and many more, including what the Internal Revenue Service position might be.

Does your office have a written policy about staff members accepting gifts related to their duties? One would think that, at a minimum, disclosure to the firm would be required and an outright prohibition might be advised. I'll let you read the article and make your own decisions. But here's one more example of something that law firm managers have to think about that might not have been an issue in earlier times.

Cedar Rapids Lawyers Face Flood Recovery

Flooding is still impacting a good bit of the midsection of the U.S. Last week I spoke (via videoconference) to a group of lawyers from the Linn County Bar Association (Cedar Rapids, IA) about disaster recovery. The seminar was put together rather quickly, but they had no lack of offers of assistance. For those who are curious, here is the final agenda.

The short version of what I told them is that if you have Internet access, there are lots of ways to get up and running quickly from paying $50 per employee for Google Apps to downloading the 30 day free trials of various applications. The challenge is restoring your data and business operations. Several vendors offered help and, depending upon the need, there may be follow-up programs.

But as I looked out over that crowd of displaced lawyers, I thought of something that each of you should ponder today. Within that group, there were probably several who lost their entire computer system. Among those, there were probably some who had a complete off-site data backup, done very recently. There were some who had off-site backups that were several days or weeks old. And, sadly, there were probably some who had little or no data backed up outside of their office.

Which category are you in today?

Security Issues of Carrying Digital Documents

UPDATE: Since my original post, David Bilinsky has "responded" and alerted us to that fact that more secure laptops are now in the pipeline and we should expect to be seeing them soon.

How secure is your laptop? David Bilinsky made a blog post that alerted me to his article "Electronic devices – encryption and client confidentiality issues" that was recently published in the Law Society of British Columbia Bencher's Bulletin. The article is worth your time to read. With more and more information being carried on laptops and other portable electronic devices, we are hearing increasing reports of devices being lost or stolen containing confidential client information. Of course, USB flash drives, PDA's and mobile phones are even easier than laptops to lose.

David believes that it is time to consider encrypting the entire hard drive of a portable computer rather than just a number of confidential folders or files. The reasoning is that selective encryption does not protect swap files, deleted files, temp files, cookies and other sources of information. In fact no less an authority than the Executive Office of the President has instructed agencies to do this. See long boring gov't memo here. I just wonder how many lawyer aren't encrypting any files on their laptops.

One thing that surprises me is that we haven't seen more "secure" computers advertised for sale. While there are many ways to secure your data, it seems like purchasing your computer with the encryption package or packages already preloaded would be popular.

Recently I was making a purchase at Office Depot and noticed a container full of USB Flash Drives for under $10 each. But I have been telling lawyers that it is probably a better value to spend eight or ten times that amount to buy a secure flash drive like the Ironkey. A device that is marketed based on strong encryption gives me a feeling of security (as did seeing an expert like John Simek pull one out of his pocket a few weeks ago.) There are certainly several options in password protected or encrypted USB drives.

I won't disagree with David's analysis. But I will note that if you haven't made any moves in this area, you can order a secure USB flash drive today and and start using it instead of your laptop to carry around client documents within the next few days.

Ross Kodner's Great Truths About Data Backup

Regular readers of this blog will need no introduction to Ross Kodner, tech consultant extraordinaire. He does some really nice blog posts on his blog, Ross Ipsa Loquitor, and participates in many legal technology-related lists (to pick two of many things i could say about Ross.)

But you really, really, really need to read his post on Great Truths About Data Backup. Afterwards, you probably want to e-mail the link to anyone in your office with any responsibility for back up and tell them to read it! Given today's law office environment, a catastrophic data loss where there is no current data backup can quite literally destroy your law practice. Don't risk it.

Top 10 Legal Ethics Traps (and how to avoid them.)

The ABA Journal has just published the Top 10 Ethics Traps with a good cross-section of legal ethics experts contributing. They even tell you how to avoid many of the traps. It is always good to read some "war stories" about mistakes you (hopefully) haven't made. Nice graphics on the layout, too.

Ethics in the Electronic Era: Staying Out of the Briar Patch

Our latest edition of our podcast series, The Digital Edge: Lawyers and Technology, was posted a couple of weeks ago. It is called "Ethics in the Electronic Era: Staying Out of the Briar Patch." In it Sharon Nelson and I cover many ways that the use of technology increases your risk of ethical missteps. If you've never listened to a podcast before, perhaps this is the one for you.

Identity Theft Dangers

Identity theft is a major problem. If you do any sort of client newsletter, you should think about giving your clients some information on this important topic.

Privacy Rights Clearinghouse has a lengthy set of Identity Theft Resources, including numerous Fact Sheets.

The Federal Trade Commission's Identity Theft site has good consumer information and a couple of good downloadable documents.

The U.S. Postal Inspection Office also has a collection of resources.

Educating your clients about this subject is a good client service and a good public service,

Preventing Mobile Security Disasters

Think of all of the information contained on all of the mobile phones, flash drives, MP3 players, portable hard drives, backup tapes and other information storage devices that can be carried in a pocket or hand bag. Then think of the number of news items you have read in the last year or so about lost or stolen laptop computers. Last year I hatched a plan to write the ultimate mobile security article. But honestly, that's not really possible to do in a short article and, as technology advances, parts of the work become dated. Still, it was an area where lawyers could use more information and I asked some talented people to pitch in for the project.

The ultimate result was "A Lawyer’s Guide to Mobile Computer Security" by Ellen Freedman, Reid Trautz and Jim Calloway. It was published in the Oklahoma Bar Journal, the Pennsylvania Lawyer and Immigration Law Today, the official publications of the bar associations that have the authors on staff for practice management advisors. But interestingly, that wasn't the end of the story. Some reprint requests starting trickling in and then the trickle became a flood. We've asked bloggers and e-newsletter publishers just to link to the online version of the article noted above from the OBA.

But Technolawyer asked to reprint it as a Technofeature and it will be available in the July/August issue of Legal Management, published by the Association of Legal Administrators, with a circulation of around 20,000. Certainly that is gratifying for the three of us. But the main point is that there is a need for this information. So, if you missed this article the first time around, you can read it on the OBA site as noted above or check out the nifty PDF version that Technolawyer makes available to its authors linked below.  After all, there is no doubt that we will be carrying more and more information on our mobile devices in the future.

Download Calloway-Trautz-Freedman-MobileSecurity-TF05-29-07.pdf (182.4K)

How to Survive the Worst PC Disasters

PC World recently published a feature entitled "How to Survive the Worst PC Disasters."

Lots of good advice is contained there.

It is Disaster Week on Jim Calloway's Law Practice Tips

Yes, now that so many of you are thinking of summer vacations and fun in the sun, my normally cheery blog will turn to the dark side as we explore common law firm disasters and, more importantly, how to avoid them or recover from them. It is Disaster Week on Jim Calloway's Law Practice Tips!

Our first disaster is losing your important client data. So much information is located on the computers in your law office that it would be almost impossible and prohibitively expensive to replace it if you suddenly lost it all. That is why we do data backups. So when is the last time you did yours?

In just the last few weeks, I have talked with a tech smart Oklahoma lawyer working on decent hardware who through a really unusual and unique set of circumstances lost all digital copies of brief after the lawyer had invested dozens of hours preparing it. Sadly, it had never been printed. I also got an e-mail from a lawyer-friend from another state who knows all about backup. But he just got very busy and hadn't backed up his laptop for 3 or 4 weeks when it died completely.

You need an internal backup procedure where you back up your data to another hard drive, hopefully a portable one you can remove from the office and rotate with a similar drive off-site. I no longer trust backup tapes for the solo and small firm market. If your law firm IT department assures you that they are comfortable with tape backup, I would let them do their job. (Perhaps, I would note to them that it would be a double disaster for them personally if they were wrong.)

But, in my judgment, weekly backups are no longer sufficient. I think you either need concuurent or nightly backup to protect that brief you have been working on for three days. It may be that you do not back up everything this way and depend on your other backup system for data that is a month or a year old. Online backup combines the idea of regular automated backup with the idea of offsite storage. Many lawyers are concerned about the ethics of online backup or wouldn't know how to shop for a provider.

This is why the Oklahoma Bar Association endorsed CoreVault as a member benefit for online data backup and recovery. I wrote about online backup and Corevault in the last issue of the Oklahoma Bar Journal. We invested a lot of time checking out the service. We like their system. Data is encrypted before it leaves the law firm computers and is compressed to save storage costs. Oklahoma Bar members can get more information here from the CoreVault site.

For those of you in other states, CoreVault can be your backup service as well.

Beware of the Dangers of "Drive by" Web Page Infections

The Internet brings great information and access, but it also brings dangers. We've seen viruses, spammers, spyware and computer hijackers. We try to cope with all of these dangers as best we can. Now a report from Google outlines a new form of threat: Web pages that can infect your computer when you merely visit them. You might want to read this online article from MSNBC. NEW NET THREAT: INFECTIOUS WEB PAGES What can one do about this? I have suggested to our bar association members that one method would be to type a web address for an unfamiliar site into Google rather than your Web browser. Then, when it shows up in the Google results you can see if it has the Google warning label discussed in the article before you decide to visit it.

A Few Words About Passwords

It wasn't that long ago that most people had a very few passwords. Now most people have many, many passwords. From your office computer's login to online legal research to all sorts of online sites that require registration, you may have dozens of passwords. And many of you have passwords that are woefully insecure. You may think you are being clever to use the word "password" as your password, but thousands of others have thought the same thing and it would be in anyone's Top Ten list if they were trying to crack your system. Others would include repeating the login name for the password, any variation of your name or a family member or pet's name, or the local sports team nickname. (I can't imagine how many in my state use Sooner or Sooners for their password.)

Let's discuss briefly selecting and securing your passwords. First of all, your password should never appear in the dictionary. You cannot just use a word. You must have at least one number or typographical character in your password, and more than one is preferred. Although it may be unlikely you would be subjected to a brute force cracking attempt where hundreds of common words or passwords are attempted one after another, it is better to have a universe of possible characters that is larger than just 26 letters. Of course, you can still create an insecure password using numbers if you choose something obvious like hal9000 or john316.

It is critically important that you do not use the same password for everything. If your network login password is compormised you don't want to give access to your online banking and brokerage accounts as well. I do slightly disagree with the experts who say every password must be unique. I think if you have several online accounts that never involve money, are primarily a "read only" registration access and could be easily replaced without harm, it is OK to use one "throwaway" password for all of them. So it doesn't bother me if your New York Times, NewsOK.com and Salon passwords are all the same. But if you value your reputation in online communities, you would want to have a more secure password so a password cracker couldn't post slanders in your name.

This post was inspired by a LifeHacker post "Ten Passwords to Avoid." That post links to a British list of the ten most common passwords. But of greater importance is an older LifeHacker Post on how to formulate rules for all passwords. This is really good reading on how to formulate a rule that incorporates some things you remember with some you apply from the website for some pretty good passwords. Of course some sites will have rules that won't allow some of these.

Everyone says do not write down your password. But what they mean is do not write it down and keep it at your desk near your computer. I have to write down my cable modem password because I never use it unless there is trouble. But writing it down and sticking it in a file drawer in a file labeled "old bankruptcy research" on the third page of a four page document is pretty secure as far as I am concerned.

There are password managers like Roboform and KeePass. Just make sure you don't forget those passwords or you will be locked out of everything. I learned from a comment posted to one of the above sources that some uber-geeks use leet for their password language.

What should be your most secure and longest passwords? Obviously those to online banking and brokerage accounts or those that you have allowed to remember your credit card information. (Call me old-fashioned. I still type in credit card info each time.)  But one of the most important is any e-mail account, especially web-based e-mail. Why? Because if one cracks that, they can use the "forgot your password" feature to send many of your other passwords there!

Dennis Kennedy noted the Lifehacker post as well and linked to one of his earlier articles on password security that is well worth reading.

Do you get tired of registering with sites you will likely not visit again just to read one article? Norman attorney Kurt B. Pfenning deserves the credit (or the blame) for directing me to BugMeNot, a site for "bypassing compulsory registration." This site is a database of usernames and passwords from those who have already registered and will let you use their info to save yourself the trouble. Needless to say, the sites that want you to register will sometimes disable these accounts. Then new ones will be posted. It is a little online exercise in civil disobedience.

A surprising number of people use vulgarities for their passwords, but that can be embarrassing when you have to call tech support or the guy at the Bar Center for assistance.

Well, that's enough for today. I hope you have decided to go improve some of your weak passwords.

A Backup Proposal for Those Who Know That They Aren’t Doing Backup Well

I wanted to point out a recent article that was inspired by periodic postings on Solosez and other tech related lists. Certain topics (e.g. Word vs. WordPerfect superiority) seem to crop up again and again. One of these is the full backup vs. data backup only debate. You can't post to a tech list using the phrase "full backup" without someone immediately following with "you don't have to do full backup, I just burn my documents/data files to CD's periodically." It's probably true that a true solo with no staff and only one computer can handle backup this way if they are so inclined. For one thing the odds are you won't need your backup anyway. (Of course that misses the point.)

So I decided to outline how the process would work to really do a "complete" data-only back up, especially if you have more than one computer and staff. It is more complex that it appears at first. You can invest some time in setting it up, but it has to work fairly quickly or people won't do it. (I also decided to try to do the outline without even using backup software.) The result is A Backup Proposal for Those Who Know That They Aren't Doing Backup Well. Of course I couldn't resist pointing out the shortcomings of this plan even after I had outlined this one way of doing it.

I was guest editor of the Technology and Practice Management-themed Issue of the Oklahoma Bar Journal in which this appeared. Some of you may have an interest in the other articles as well.

• Management Tips from a Solo Practitioner
  By Marilyn D. Barringer-Thomson

• The Trials and Tribulations of Internet Research
  By Lee F. Peoples

• Ten Essential Technologies for Solo and Small Firms
  By Jeffrey S. Lisson (originally appeared on Technolawyer)

• Making the Case for Macs
  By Jack Haggard

    And, although this service is not available to non-Oklahoma lawyers:

• OBA-Net: Boring Name, Great Site
  By Jim Drummond

Site of the Week: Managing Clients’ Funds and Avoiding Ethical Problems

"Managing Clients’ Funds and Avoiding Ethical Problems" by Jayne B. Tyrrell and Stephen M. Casey is our Website of the Week this week. Admittedly this is a little different type of Website. It's really just a hypertext-linked CLE paper on trust accounting. But, considering that a number of lawyers get into trouble with trust accounting each year, it is a good primer for every lawyer opening a practice to read. This is a part of the Massachusetts Interest on Lawyers' Trust Accounts Program Website and some of the information is specific to Massachusetts. There are simple, but very useful, forms attached to the paper. If you follow the procedures outlined and use those forms, you should always have a properly balanced and documented trust account.

Scary Computer Trick with Internet Explorer

OK, here's your scary discovery in online technology of the month. Well, at least it was a discovery for me.

Go to http://www.friendlycanadian.com/applications/clipboard.htm

(I'm assuming you will have already used copy and paste or cut and paste today. If not, copy something to your clipboard and then refresh the page.)

Yes, by the default settings, Internet Explorer can be made to paste the the contents of your clipboard into a web page. That's really special if you ever copy credit card numbers or passwords to your clipboard.

I would recommend changing your default settings in Internet Explorer:

Tools -> Internet Options -> Security -> Internet -> Custom Level -> Scripting -> Allow paste operations via script:   set to Prompt or to Disable

Thanks to Dan Pinnington for passing along this tip from Rocky Stefano.

UPDATE: You probably want to choose Prompt rather than Disable above, if for no other reason than I have now discovered that the TinyURL application (that I love and use frequently) uses this as a part of its process. So better to be prompted for this, or something else, than to have it suddenly stop working.

Disasters Past, Present and Future

Disasters come in all shapes and sizes. A parent dying and leaving small children is an unmitigated disaster to the family. As far as they are concerned, it is of more significance to them than the Gulf Coast hurricanes. The family disaster is worse if the deceased was the family breadwinner without adequate life insurance, but all of the life insurance one could buy doesn't repair the damage.

After spending time with many lawyers impacted by disaster in Mississippi and Louisiana, I'm still trying to collect my thoughts. Losing your business completely to wind or floodwaters is bad enough, but it is just the first part of the equation. Then you have clients scattered across the country with no way to contact them. Your cash flow dries up. You have to deal with a court system that is not fully functional. If you are really unlucky, you might have to deal with a lawyer from another state who thinks that you should have been able to return to business as usual by this time. The Mississippi casinos employed 17,000 and there were many more industry-related jobs. All these people can no longer pay their lawyers--and many other things.

We know there are more disasters ahead, whether they are small or huge, heart attacks or floods.

There is no time like the present to prepare yourself and your law practice to better survive the worst. Here's an article I wrote several years ago: The LawyerThinks About Disasters. This month's Law Practice Today is a special disaster preparation and recovery issue with lots of great articles by experts. (The link is to the current issue. Later, you'll have to look for October, 2005 articles in the archives.)

Site of the Week: Risky Biz

Suzanne Rose of Tennessee (and Suzanne Rose Consulting) started her blog recently, but swore me to silence for a while. Time's up, Suzanne.

Risky Biz dervives its name from the idea that running a law firm can be risky. It is certainly true that law firms have risks, including the basic business risks of profitability and viability and some of the unique law firm risks of ethics violations or legal malpractice. Suzanne says, "I see a need for a change in thinking about how to build and maintain a successful, effective, viable law practice - whether it be a solo practitioner or a mega-firm. I have been a small voice for the "practicing law is a business" philosophy. I am now wondering if lawyers and legal consultants have taken that too much to heart and find that the sensitive balance between law as an 'art form' and as a business has tipped too far to the business side, leaving in its wake unhappy lawyers, fragile law firms and dis-satisfied clients."

Suzanne is the former practice management advisor for the Tennessee Bar. Read her recent posts on what clients not to take and then add Risky Biz to your RSS Newsfeeds. I did.

Wireless NetWork Security

We've all heard about the Zotob worm shutting many businesses as it swept across the world recently. The Law Tech Guru Jeff Beard reminds us that he posted a primer called "Wireless Networking Best Practices: Version 2.0" some time ago which is still valid. He notes that he mentioned in that primer to disable the Universal Plug 'n play (UPnP) unless you need it. UPnP was the primary exploit used by Zotob. I think I'll be adjusting my home wireless router tonight with Jeff's article in hand.

Malpractice Prevention is the Focus of April Law Practice Today

The April issue of Law Practice Today has been posted online. The featured topic this month is malpractice prevention and risk management. It contains 8 to 10 feature risk management articles and a set of ethics links from Tom Mighell. I haven't finished them all tonight, but they are all worth your attention. Print off a few articles and put then in your briefcase, purse or vehicle to read when you have a few minutes. Give some attention to these risk management ideas and you may sleep better. There are other articles related to management, finance, marketing and technology; the ABA Law Practice Management Section's four core areas.

Speaking of the ABA LPM Section, the April/May 2005 issue of Law Practice, the section's print magazine, has been placed online in large part here. This issue focuses on space use and planning with several articles. This is another treasure trove of material with Rick Klau's nothing.but.net on advanced online bookmarking, John Simek and Sharon Nelson writing about spyware and Simon Chester with a review of the hot new features of Adobe Acrobat 7. (Eventually this issue will be archived for LPM Section member's use only and these links will point to the next issue, or die.)

You've got a lot of reading ahead, but these are extremely valuable and generally short articles that you can work into your week. I've set the goal of reading them all within a week.

Are you doing your backup?

OK, if you aren't doing your data backups properly, if your staff backs up most of the data but not all, or if you don't back up the laptop because "a lot" of the data is on the network, you are hearby sentenced to go to Engadget's Worst Data Disaster contest and read horror stories until you repent-- for real. Sorry, but the contest is over. But your data is still viable, at least right now.

Engadget is an interesting gadget site with many gadgets reviewed or noted daily.

E-mail Security on the Road

I know lots of people check their e-mail remotely when out of town. They use cybercafes, hotel business centers, convention sponsored Internet access points and a variety of other venues.

If you ever check your e-mail, bank account, airline reservations, OBA-NET or any meaningful password protected site via any computer you do not own, you should be aware that the next user may be able to use the browser's back button or History to get into your e-mail or other service just as if they logged in with your password.

Here's a simple process to use every time. If it is a kiosk or other hotel system used by many, just click Tools, Internet Options, and Clear History. Then close all browser windows. If you used someone else's computer who might not appreciate having their whole history cleared, try this. Click on History, and then look at the Today's History panel to locate the domains you logged into. Right click on each of them and delete the individual domains from the history. Then close all browser windows.

Electronic Data Security and Privacy: Words of Wisdom from Dan Pinnington

It was a lot easier keeping confidential material safe and secret when it only resided in your head and on paper. Now we have Internet connectivity, e-mail, databases, and electronic copies of at least every document that your office prepared. The privacy and security enemies list includes virus writers, hackers, phishers, adware and spyware. My Canadian friend, Dan Pinnington has prepared an extraordinary resource on how to keep your information and your client’s information safe, private and secure. Dan Pinnington is the Director of practicePRO®, which is the Lawyers’ Professional Indemnity Company’s innovative risk management initiative. He’s also on the ABA TECHSHOW Board, a prolific writer, a frequent CLE speaker and involved with the production of Law Practice Today.

His work is contained in an impressive 56 page booklet (in PDF format) is entitled Managing the Security and Privacy of Electronic Data in a Law Office and is available for free download. In it Dan outlines the “lucky thirteen” things you must do to protect yourself. This booklet is designed for lawyers to read, not just information technology professionals. But once you read it, you may want to call your IT pros in to discuss it. For solo lawyers and small firms without full-time IT staff, this is a very timely and valuable resource. If you would rather have the information in more bite-sized servings, you can read “Managing the Security and Privacy of Electronic Data in a Law Office - Part 1”, the first of a three part series of articles Dan has extracted from the booklet.

The Mirra Personal Server 2.0

I was very intrigued when I read Brett Burney's Review of the Mirra Personal Server 2.0 on LLRX.com. I didn't get one of these for Christmas, so I may have to buy one myself for my home system. I think that many lawyers should be investigating external hard drives as a part of their disaster recovery plans. They are much less expensive now. I haven't seen the Mirra in person, but according to Brett it is fairly easy to configure. Then it simply makes a mirror image copy of everything you have designated on your hard drive, or your entire hard drive for that matter. The Mirra is more expensive than some similar products, but it has some exciting features that have sold me. You can invite others to share certain of your folders by logging into the Mirra website. You can give yourself a similar invitation to share all of your folders. So, for one price, it looks like a lawyer can set up a secure extranet to share documents with clients and others online, remote access for the owner to access files remotely and have a back-up solution that functions automatically. Yes, I'm very interested.