By Bill Kammer
This article was originally published in the July/August 2020 edition of San Diego Lawyer.
We may have spent a substantial portion of 2020 working remotely from home, utilizing new technologies, and learning new skills. We might have stumbled upon different methods of pursuing our profession, and been forced by the pandemic to question past ways of doing business. Some may question the need for offices in high-rise buildings or the dedication of specific office space to particular attorneys and staff. But despite those new experiences, some old threats and issues persist.
Zoom: By now, many may have earned a Scout merit badge in Zoom. Life in the Zoomiverse is a new experience. We have seen webinars and columns suggesting ideal ways to use Zoom. We may not have immediately absorbed all that wisdom, but this is a learning experience.
Some key pieces of advice have not been universally adopted. In any large Zoom gathering, muting audio is highly advisable; yet we have heard dogs barking, doorbells ringing, and even toilets flushing. A touch of the spacebar will always unmute a participant when there is a need to speak or comment.
Zoombombing remains a concern. Unwise reuse of meeting IDs can open any Zoom meeting to intruders, and robodialing can easily penetrate a meeting ID. Much like two-factor identification, adding a password to an invite remains excellent advice.
Zoom itself has acknowledged these security issues including the need for encryption. Zoom has rolled out regular updates to its software, most recently to version 5.0 (or higher). On May 31, all Zoom applications using older versions were forced to upgrade to enable joining a meeting. The upgrade facilitated encryption across the entire platform.
Gmail Addresses: This may be old news, but I recently analyzed an issue related to the form of a username for a Gmail account. Gmail ignores periods in usernames. It makes no difference whether the username contains multiple periods or no periods because Gmail parses only the letters and numbers in the username. Mail to john.sullivan, .john.. sullivan, and johnsullivan will all end up in the same mailbox.
Masks and Face IDs: The next time we meet, we may still be masked. Many have relied on Face ID as a fast way to log on to their mobile devices. Unfortunately, a mask may fool your phone’s recognition of your face. Apple and Google have attempted revisions of their software to eliminate
this problem, but the wiser course may be to revert to a passcode or password.
Working at Home: Many attorneys have been working at home and may continue to do so. That evolution introduces additional cybersecurity challenges we must confront and resolve. The initial concern might be the required login credentials of attorneys and staff. Lawyers may have tolerated simple passwords for office machines, but continued use of those deficient passwords for remote access is unwise.
Although most email is encrypted in transit, the movement of email and documents from a home computer to an office computer or server may include intervals at rest where the files may not be encrypted.
Cybersecurity Insurance: If you have wisely obtained a policy, review it for coverage of work-at-home risks. For instance, some policies only cover losses related to devices owned by the “named insured.” If anyone is using a home computer, tablet, or mobile phone, there may not be coverage.
Hacking and Malware: These threats continue to increase. By now, most know lawyers are soft targets.
A global cybersecurity firm recently reported that, despite excellent cybersecurity standards, 15% of sampled law firms showed signs of compromised networks. Another study found that 61% of small/medium-sized businesses had experienced cyberattacks in the past 12 months. The concerns are serious enough that the New York State Bar has recently imposed a requirement of one cybersecurity MCLE hour every two years. We should do all we can to harden our systems to the max.
Incognito Mode: Our internet browsers have incognito modes and private windows. We might use those modes to investigate facts or companies, believing we are searching stealthily. However, those modes don’t mean that our internet activity can’t be tracked. Basically, they only prevent the depositing of cookies and other data onto our computers by the visited website.
Cloud Breaches: Verizon recently released its 2020 Data Breach Investigations Report that analyzed over 150,000 incidents in the prior year. Many lawyers have turned to cloud-based software and cloud storage in lieu of software, operating systems, and data storage in their offices. In their recent report, Verizon found that cloud breaches were now almost 25% of total breaches. Yet one thing hasn’t changed: three-fourths of those resulted from breached credentials. Again, the quality of our passwords and passphrases is necessary to maintain the security of the information and data of our offices and our clients.
Bottom line, in the words of the French writer Jean-Baptiste Alphonse Karr: “The more things change, the more they stay the same.”
Bill Kammer (wkammer@swsslaw.com) is a partner with Solomon Ward Seidenwurm & Smith, LLP.