Now is the time to prepare your law firm for the growing Corona virus epidemic.
In response to the current public health emergency, state and local governments across the country are requiring employees to work remotely to reduce the spread of the Corona Virus. Soon, this will be the case in South Florida too.

Legal Computer Consultants can help your law firm develop an emergency plan that includes technology solutions for remote access and communication strategies to ensure your employees, partners and clients have the essential information and tools they need.

How to prepare your law firm:

    1. COMMUNICATE an emergency plan: All businesses should have a written emergency plan that outlines how employees should communicate with managers, where they can receive updated information about business hours and employee expectations, how to secure corporate assets and respond to customer requirements, and more. The plan should be distributed, giving staff the opportunity to address any specific concerns.

    2. TEST remote work options: Consider off-premise collaboration tools for employees. Employ telephone solutions that include voice, video conferencing and messaging to keep employees working effectively. In addition, provide managers the training they need to manage their teams remotely and clear guidance on what they should expect from remote workers. Confirm your entire staff can concurrently access information they need to respond to customer demands remotely, including encrypted data.

    3. SECURE your network and backup data: Responding to an emergency highlights the importance of implementing strong cybersecurity solutions and training your staff on ways to protect company data and assets.

    4. DEPLOY collaboration and communication tools: Improving remote work abilities is possible with the help of cloud-based collaboration tools. Whether team members use a tablet, mobile devices or desktop computers, employees can continue to stay connected and remain productive even when they’re not in the office.

    The time to act is now!
    Contact Legal Computer Consultants today to discuss how we can support your emergency planning efforts.

    Stay safe and let us know if LCC can help prepare your law firm.

    Peter Rabbino
    Mobile: (954) 937-4528
    Dade: (305) 371-4522
    Broward: (954) 680-3760
    WPB: (561) 296-4522
    peterr@legalcomputer.com

    www.legalcomputer.com
    Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.

CNN reports that Microsoft sends another warning: Update Windows now to fix critical security issues

Microsoft issued two emergency Windows updates Monday to protect against “critical” and “important” vulnerabilities impacting Internet Explorer and Windows Defender, the anti-virus software.

The Internet Explorer flaw, which affects versions 9, 10 and 11, could enable attackers to gain the same user rights as the current user and infect a computer. Although Microsoft replaced Internet Explorer with the Edge browser in Windows 10, the software is still pre-installed on all versions of Windows.

The Windows Defender bug makes it possible for a remote attacker to take over a target system and prevent legitimate users from using the software.

Users must install the security update for Internet Explorer manually as Microsoft (MSFT) will not release an updated scan file until the next security release in October 2020, but the update for Windows Defender will be installed automatically.

Recently there have been complaints from users about Windows updates breaking and slowing computers, which could deter users from installing the updates. However, Gartner analyst Peter Firstbrook told CNN Business that users should go ahead with the updates because a blue screen is much easier to cleanup than an attack.

“From a security perspective, you’re much better off to stay current and stay with the latest updates,” Firstbrook said.

Although it might seem like bad updates are a common occurrence, Firstbrook said attacks are actually more frequent. Bad updates typically receive more user reaction compared to attacks that occur when users don’t install updates.

The latest security threats come just a little over a month after the company warned Windows 10 users to update their operating systems due to two potentially “wormable” vulnerabilities.

 

Properly implemented, Office 365 Advanced Threat Protection (ATP) helps protect against sophisticated threats hidden in email attachments and links, and it provides cutting-edge defenses against zero-day threats, ransomware, and other advanced malware attempts.

 

Call Legal Computer Consultants today to learn how Advanced Threat Protection can help your firm protect itself from advanced threats.

(800) 646-9199

If your firm needs to comply with regulatory standards for retaining your data, the Office 365 Security & Compliance Center provides features to manage the lifecycle of your data in Exchange Online. This includes the ability to retain, audit, search, and export your data. These capabilities are sufficient to meet the needs of most firms.

However, some firms in highly regulated industries are subject to more stringent regulatory requirements. For example, firms that deal with financial institutions such as banks or broker dealers may be subject to Rule 17a-4 issued by the Securities and Exchange Commission (SEC). Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of records retention.

To help these firms better understand how the Security & Compliance Center can be leveraged to meet their regulatory obligations for Exchange Online, specifically in relation to Rule 17a-4 requirements, Microsoft has released an assessment in partnership with Cohasset Associates.

Cohasset validated that when Exchange Online and the Security & Compliance Center are configured as recommended, they meet the relevant storage requirements of CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4.

Click below to download the report by Cohasset.

Office 365 Exchange Online Cohasset SEC 17a-4(f) Assessment

Highly regulated industries are often required to store electronic communications to meet the WORM (write once, read many) requirement. The WORM requirement dictates a storage solution in which a record must be:

  • Retained for a required retention period that cannot be shortened, only increased.
  • Immutable, meaning that the record cannot be overwritten, erased, or altered during the required retention period.

In Exchange Online, when a retention policy is applied to a user’s mailbox, all of the user’s content will be retained based on the criteria of the policy. In fact, if a user attempts to delete or modify an email, a copy of the email before the change is made will be preserved in a secure, hidden location in the user’s mailbox. Retention polices can ensure that an organization retains electronic communications, but those policies can be modified.

By placing a Preservation Lock on a retention policy, an organization ensures that the policy cannot be modified. In fact, after a Preservation Lock is applied to a retention policy, the following actions are restricted:

  • The retention period of the policy can only be increased, not shortened.
  • Users can be added to the policy, but no user can be removed.
  • The retention policy cannot be deleted by an administrator.

For more information on how the Security & Compliance Center can be leveraged to meet your regulatory obligations for email with Office 365 Exchange Online, Contact Legal Computer Consultants at (800) 646-9199.

CYBER SECURITY POLICY
KEEP CONFIDENTIAL INFORMATION SECURE
Our employer is implementing cyber-security policies and best practices to improve security of our computer network and confidential work product. Please review carefully, implement each policy immediately, print and sign this policy statement and return to administration immediately.

The employer provides network, communications systems, equipment, devices and access to cloud services (”technology resources”) to carry out legitimate employer business. By using these technology resources, any user consents to disclosing the contents of any data files, information and communications created on, stored on, transmitted, received or exchanged via its network, communications systems, third party hosted applications, cloud services, equipment or devices.

There is no right to privacy in the use of employer’s technology resources. By using the employer’s technology resources any user consents to monitoring, recording, and reviewing the use of that technology resource.

Users are expected to act lawfully, ethically and professionally, and to exercise good judgment.

Users who are granted access to critical data are responsible for its protection.

Use of technology in violation of this policy is subject to disciplinary action up to and including termination.

1) Password policy
a) Do not use the same password for different sites.
b) Passwords must be strong. Strong passwords should:
i) Contain at least 8+ characters, use a passphrase instead of a password.
ii) Include upper and lower case letters, numbers and special characters
iii) Not use dictionary words (brute force attacks)
iv) Be unique to one person
v) Not be reused on multiple account logins
vi) Changed every 60 to 90 days
vii) Be required after a period of inactivity (screen saver with password enabled).
viii) Never be shared with anyone else
c) Appropriate storage of passwords. Do not write down passwords on paper. Do not store passwords on individual laptops, mobile devices or home computers unless they are saved safely in an encrypted application on your mobile device. Example: https://start.1password.com search ‘1password’ in the app store on your device.
d) Never provide security or personal information by email to anyone.
e) Passwords should never be shared.
f) Legal Computer Consultants will never call you to ask for your password over the phone. If you do need to provide other confidential credentials ensure that the employee has authority to receive such credentials from firm administrators or partners.

2) Secure your PC
a) Always lock your computer before leaving your desk: Press the [Windows Key]+[L] to quickly lock your screen.
b) Enable screen savers with a password to be required after a period of inactivity.
c) Do not use USB memory devices on office PCs. Do not save or open files on USB memory media. Do not charge/connect Android devices or ‘Trust’ iPhones in USB ports.

3) Be Careful when you click:
a) Do not click on any link unless you know you can trust the source and you are certain of where the link will send you. If you are unsure about a link, the best thing to do is call the sender prior to clicking on the link. Do not follow links in emails asking to login to existing accounts. Delete the email and go directly to the web site in a web browser to login to an existing account.

4) Do not share confidential information or credentials with anyone by phone or email:
Social engineering is a non-technical approach hackers use to get sensitive information. Social engineering techniques include phishing emails, fake phone calls, and physical impersonation.

5) Never click on links asking you to update your credentials for any web site. If you think the email may be legitimate, you should go directly to the website to update credentials.

6) Appropriate Use:
a) Report any suspicious activity or security concerns immediately.
b) PCs and the computer network are the property of the employer and should only be used for business purposes.
c) Do not install software (like streaming music) or use personal email.
d) Do not use the computer (including browsing the Internet) for personal use.
e) Internet/Intranet Usage:
i) Usage should be focused on business-related tasks.
ii) There is no right to privacy in an employee’s use of the Internet/Intranet.
iii) Use of the Internet, as with use of all technology resources, should conform to all employer policies and work rules.
iv) Visiting or otherwise accessing sites such as the following are prohibited:

(1) Adult Content
(2) Games
(3) Violence
(4) Personals and Dating
(5) Gambling
(6) Hacking

7) Ownership of Data: The employer owns all employer data, files, information, and communications created on, stored on, transmitted, received or exchanged via its network, communications systems, equipment and devices, such as e-mail, voicemail, text messages and Internet usage logs “digital records” even if such communications reside in the cloud. The employer reserves the right to inspect and monitor any and all such communications at any time, including personal data stored on Employer systems, for any lawful purpose and with or without notice to the user. The employer may conduct random and requested audits of employee accounts (including accounts with commercial or other third party providers if used in the course of conducting Employer business) for any lawful purpose including but not limited to ensuring compliance with policies and requirements, to investigate suspicious activities that could be harmful to the organization, to assist the employer in evaluating performance issues and concerns, and to identify productivity or related issues that need additional educational focus within the employer. Digital records may be subject to public disclosure and the rules of discovery in the event of a lawsuit. The employer’s Internet connection and usage is subject to monitoring at any time with or without notice to the employee.

Agreement to follow cyber-security policy:
I understand and agree to abide by these cyber-security policies.

_______________________________ Dated: ____________

Advanced Threat Protection (ATP) is an external extra layer of protection offered by Microsoft Office 365 (before email gets to your office) added above the current virus protection and malware.
• ATP provides “zero-day” protection versus the current automatically scheduled updates
• ATP scrubs attachments before they get to your mailbox.
• Once deployed, you will notice that links in emails are “redirected links” to insure they are safe. ATP tests all links before forwarding them to your inbox.
• Also, ATP can help us diagnose, trace and report intrusion efforts to help us educate specific staff that may be clicking malicious links.

LCC recommends ATP for your firm.
Peter Rabbino
peterr@legalcomputer.com
www.legalcomputer.com
Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.

Law Firms are increasingly being targeted and computer networks are being penetrated, stealing intellectual property, and compromising client-privileged data.

The “Know the Risk, Raise Your Shield” materials are featured on NCSC’s website at https://www.dni.gov/ncsc/knowtherisk/tools/

Risks include: social engineering, social media deception, spear-phishing, mobile device safety, and foreign travel risks.

Federal Courts may require your firm to submit PDF files in a PDF/A compliant format.  PDF/A is type of PDF file that contains all the elements of the document ‘embedded’ in the document versus having links to content in the document.  This is important for long term archiving and subsequently preferred by the courts.

Here are two ways to convert PDF files to PDF/A compliant:
1.  Print PDFs to the PDF printer driver;  Choose, [File][Print] in the PDF and choose the PDF printer driver as the printer to create the output.  This is fast and simple, but the markups and other features like digital signatures, embedded content and encryption will be removed from the file.  This is usually OK for legal professionals submitting files to the courts.
2.  Using Adobe Professional, creating PDF/A files requires a few extra steps, but this method preserves the markups and other features.  Choose PDF/A-1b for Federal Court Filings:

Do not hesitate to email or call me to review PDF/A

Thanks,

Peter Rabbino

Mobile: (954) 937-4528

peterr@legalcomputer.com

www.legalcomputer.com

Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.