Zoom Etiquette Guidance Offered to New York Lawyers

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Zoom Etiquette Guidance Offered to New York Lawyers

If you regularly read my column you know that I’ve been encouraging lawyers to use technology for over a decade now. When I first started writing about technology, I highlighted the benefits that social media and blogging could offer lawyers. From there I shifted my focus to mobile computing and cloud-based tools, and then eventually artificial intelligence legal software. Regardless of which technology I was focused on at any given time, my primary goal has always been to lawyers to motivate lawyers to familiarize themselves with - and begin to use - these emerging tools.

In the early years, my efforts often fell on deaf ears. Generally speaking, lawyers wanted nothing to do with all of the newfangled technology that I was so excited about. But over time, attitudes have changed, in part because the technologies I was evangelizing were becoming part of our day-to-day lives. This entanglement of technology with mainstream culture ultimately had the end effect of changing the practice of law, whether lawyers were on board or not. And eventually, once lawyers actually tried out any given tool, they oftentimes found that it actually had a positive impact on both their personal and professional lives.

That’s why, in 2012, the American Bar Association acknowledged the indisputable influence of technology on the practice of law when it modified comment 8 to Model Rule 1.1 to state that maintaining technology competence is part of the ethical obligations of lawyers. The first states to adopt this duty of technology competence did so in 2013, and New York followed suit in 2015. Most recently, California joined their ranks, and became the 39th state to adopt this duty when the California Supreme Court approved the new rule on Feb. 18, 2021.

It’s no coincidence that this continued emphasis on technology competence has occurred in parallel with the increased reliance by law firms on remote working technologies. The global pandemic in which we now find ourselves took most everyone by surprise and resulted in a greatly accelerated rate of technology adoption by the legal profession and the general population as a whole. Social distancing requirements necessitated remote interaction, and as a result cloud-based software, including videoconferencing tools, quickly became commonplace in most households.

Notably, the rapid technology adoption did not occur without a few hiccups. In fact, it has seemed as if not a day has gone by without a Zoom fail making the news, many of which feature lawyer gaffes during Zoom court appearances. These headlines have occurred with such frequency that I recently penned a Daily Record column wherein I urged lawyers to “stop acting like idiots online.”

It would seem that I’m not the only one who is at the end of their rope when it comes to this issue, since top administrative law judges in New York State recently issued a memorandum entitled “Virtual Proceedings - Appropriate Decorum.” 

Prior to providing its recommended videoconferencing protocols for New York lawyers, the judges explained why it’s so important for lawyers to behave properly during virtual court proceedings: “The COVID-19 pandemic has required all courts across New York State to innovate and adapt in order to continue to provide the effective and efficient administration of justice and Access to Justice for all court users consistent with the highest standards…Appropriate decorum/etiquette is a necessity during all virtual court proceedings.”

Next, they provided the following guidance to New York lawyers who appear remotely in court proceedings. While the recommendations offered seem to be fairly self-evident, if recent headlines are any indication, they are a much-needed addition to the virtual toolbox of lawyers who appear in court remotely:

  • Dress in appropriate attire, as if you were appearing in-person in court
  • Display an appropriate and professional background
  • No consumption of food or drink during the proceeding
  • Remain professional and dignified
  • As in ln-Person proceedings, only one person should be speaking at a time.

Now that lawyers have this videoconferencing advice readily available, I have the utmost confidence that the salacious headlines regarding lawyers’ inappropriate behavior on Zoom will decline significantly. From here on in, I fully expect New York lawyers to be fully dressed, dignified, and polite whenever they make a virtual appearance. Capisce? Capisce.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


ABA weighs in on the ethics of practicing law virtually

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Because of the pandemic, lawyers are working remotely more than ever before, and many will likely continue to do so - at least occasionally - even after the pandemic is behind us. Now that practicing law virtually is more commonplace than ever, many different bar associations have recently handed down ethics opinions that address the ethical issues to consider when working from a remote location. Most recently, the American Bar Association weighed in on this issue on March 10th in Formal Opinion 498. In this opinion, the ABA Standing Committee on Ethics and Professional Responsibility offered ethical guidance on a host of issues that are triggered when law firm employees work remotely. The opinion covers a wide range of topics and is worth an in-depth read, but for the purposes of this article, I’m going to focus on the technology-specific recommendations.

Notably, at the outset, the Committee acknowledged that all of the ethical issues discussed apply whether a firm’s workforce is working in the office or elsewhere, but that the issues may need to be addressed differently when a firm is operating remotely.

Prior to offering guidance, the Committee first provided its definition of a virtual practice, which it stated was a “technologically enabled law practice beyond the traditional brick-and-mortar law firm.” This definition comports with the general understanding of this concept.

Next, the Committee explained the rationale behind providing this type of ethical guidance at this time. According to Committee, recent events have resulted in an acceleration of technology adoption in the legal profession and as a result, updated guidance was necessary: “Virtual practice began years ago but has accelerated recently, both because of enhanced technology (and enhanced technology usage by both clients and lawyers) and increased need.”

The Committee then turned to specific technology-related guidance, and explained that regardless of where law firm employees are working, maintaining client confidentiality is of the utmost importance. That being said, when employees work from remote locations, reasonable steps must be taken to ensure that procedures are in place that sufficiently protect client data: “(A) non-exhaustive list of factors may guide the lawyer’s determination of reasonable efforts to safeguard confidential information: ‘the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients…’"

According to the Committee, particularly sensitive client data will warrant increased protection: “(D)epending on the circumstances, lawyers may need to take special precautions…Factors to consider to assist the lawyer in determining the reasonableness of the ‘expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.’”

Next the Committee addressed the options available to lawyers that may need to encrypt some types of more sensitive data, especially when it comes to communicating with clients about confidential information electronically. The Committee explained that in some cases unencrypted email is insufficient and secure online client communications portals like the ones available in law practice management software may be necessary: “As ABA Formal Op. 477R noted, a ‘lawyer has a variety of options to safeguard communications including, for example, using secure internet access methods to communicate, access and store client information (such as through secure Wi-Fi, the use of a Virtual Private Network, or another secure internet portal)…”

Last but not least, the Committee focused on a potential, and possibly unexpected,  issue that may affect many lawyers and law firm firm employees working from home: the security of smart listening devices such as Amazon Echo or Apple’s Siri. The Committee explained that in some cases these devices should be turned off when confidential information is being discussed: “Unless the technology is assisting the lawyer’s law practice, the lawyer should disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters. Otherwise, the lawyer is exposing the client’s and other sensitive information to unnecessary and unauthorized third parties and increasing the risk of hacking.”

Those are just some of the issues covered in this very concise, but comprehensive opinion. I strongly suggest that you review the entire opinion since it provides ethical guidance on a number of different security issues that may be triggered when a law firm’s workforce is displaced from the office, or otherwise working remotely - something that is likely to become increasingly common in the years to come.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


New Cybersecurity Recommendations For Lawyers

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

New Cybersecurity Recommendations For Lawyers

Now that lawyers have been intermittently working remotely over the past year - and may continue to do so in the near future - their ethical obligations relating to cybersecurity practices have taken on a whole new level of importance. That’s why technology competence is paramount in 2021: it is essential for law firm leaders to have a full understanding of cybersecurity issues and how they may affect their displaced workforces, especially since lawyers and other law firm employees will likely continue work remotely at different times throughout the coming year.

The good news is that since the start of the pandemic, a number of different bar associations have provided cybersecurity ethical guidance, with the State bar of Wisconsin most recently weighing in on this issues in Wisconsin Formal Ethics Opinion EF-21-02. In this January opinion, the Wisconsin Bar ethics committee offers advice on a number of different issues related to practicing law remotely, including lawyers’ obligations to secure IT systems, protect confidentiality and communicate securely.

At the outset, the Committee focused on the duty of technology competence, explaining that basic technology competence includes, at the very least, “knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private.”

Next, the Committee turned to its cybersecurity recommendations and emphasized the importance of securing law firm devices and systems by putting into place strong safeguards to provide protection for remote working processes. The guidance included a broad range of cybersecurity issues, including password protection, encryption, data backup, and secure communication.

After providing a brand spectrum of general advice, the Committee then offered extensive list of cybersecurity recommendations. What follows is a truncated version of the cybersecurity best practices covered by that list:

  • Require strong passwords to protect data and to access devices.
  • Use two-factor or multifactor authentication to access firm information and firm networks.
  • Avoid using unsecured or public WiFi when accessing or transmitting client information.
  • Use a virtual private network (VPN) when accessing or transmitting client information.
  • Use and keep current antivirus and antimalware software.
  • Keep all software current: install updates immediately.
  • Supply or require employees to use secure and encrypted laptops.
  • Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
  • Specify how and where data created remotely will be stored and how it will be backed up.
  • Save data permanently only on the office network, not personal devices.
  • Use reputable vendors for cloud services.
  • Encrypt emails or use other security to protect sensitive information from unauthorized disclosure.
  • Encrypt electronic records, including backups containing sensitive information such as personally identifiable information.
  • Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, or online ads.
  • Use websites that have enhanced security whenever possible.
  • Do not have work-related conversations in the presence of smart devices such as voice assistants.

Certainly, there’s even more advice where that came from, so make sure to read the opinion in its entirety for lots of useful cybersecurity guidance from the State Bar of Wisconsin. And then, take the advice offered to heart and implement any cybersecurity suggestions not yet in place in your firm. Finally, and most importantly of all - maintain technology competence, keep innovating, and stay safe out there!

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

In March of last year, as we faced lock downs and the newfound threat of COVID-19, remote work became a sudden and unexpected reality. Law firms shut their doors and sent everyone home, and the work-from-home revolution began out of necessity, not choice.

As lawyers tried to adapt to the “new normal,” they encountered ethical quandaries when transitioning their dispersed workforces to the cloud-based technologies that would facilitate remote working. Because working-from-home was not commonplace prior to the pandemic, there wasn’t much ethical guidance available regarding technology use that lawyers could turn to.

Fortunately, on April 10, 2020, the Pennsylvania Bar stepped up to the plate and issued Formal Opinion 2020-300. In that opinion, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility provided guidance on how lawyers and their staff can ethically provide legal services while working remotely.

Since that time, as lawyers have continued to work from locations both inside and outside of the jurisdictions in which they’re licensed, another ethical issue has arisen: whether an attorney working remotely long term from a jurisdiction in which they’re unlicensed constitutes the unauthorized practice of law. The Florida Bar Association, D.C. Bar Association, and the American Bar Association have already addressed this issue, and now the Pennsylvania Bar Association, in conjunction with the Philadelphia Bar Association, have joined their ranks by issuing Joint Formal Opinion 2021-100.

At issue in this opinion is whether it is ethical for a lawyer licensed in Pennsylvania to work remotely from another jurisdiction in which the lawyer is not licensed. The Committee summed up the situation leading to the consideration of this issue and the ethical dilemma presented as follows: “The shift to a predominantly remote-based practice model has raised concerns whether a Pennsylvania lawyer practicing law from a physical location outside of Pennsylvania engages in the unauthorized practice of law even though the attorney’s practice is limited to practicing Pennsylvania law for clients in Pennsylvania.”

The Joint Committee acknowledged that the American Bar Association had previously addressed this issue in ABA Formal Opinion 495 and had concluded that “(t)he purpose of Model Rule 5.5 is to protect the public from unlicensed and unqualified practitioners of law…(and) is not served by prohibiting a lawyer from practicing the law of a jurisdiction in which the lawyer is licensed, for clients with matters in that jurisdiction, if the lawyer is for all intents and purposes invisible as a lawyer to a local jurisdiction where the lawyer is physically located, but not licensed.”

In reaching its conclusion, the Joint Committee adopted the ABA committee’s rationale and concluded that Pennsylvania lawyers could ethically work remotely from a jurisdiction in which they were not licensed as long as there are no statutes, rules, opinions or case law of that jurisdiction in place that would prohibit them from doing so. The Joint Committee determined that this type of remote work is permissible but “lawyers may not hold themselves out as being licensed to practice in the local jurisdiction and may not advertise or otherwise hold themselves out as having an office in the local jurisdiction, or provide or offer to provide legal services in the local jurisdiction, the fact that they are physically located there does not bar them from working remotely for the same clients.”

This opinion, and the ones from the bar associations that preceded it, are evidence of a greater trend: the pandemic has ushered in a new normal for the legal profession. Remote working, and the cloud-based technology needed to enable it, are here to stay. Practicing law from any location is becoming an accepted and commonplace practice. So if you’re still on the fence regarding the use of cloud computing software in your law firm, what are you waiting for? The tides have turned, and there’s no better time than now to make the transition to working remotely using cloud-based technology.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


Round Up: Document Assembly Software, Legal Tech Adoption, and Cybersecurity

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from February:


N.Y. Bar opines on online lawyer-client matching services

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Since the turn of the century, the internet has increasingly become part of our day-to-day lives. Initially, this new reality presented a bit of a challenge for precedent-based, risk-averse lawyers. As a result, in most cases the legal profession as a whole has adapted to the online world more slowly than the general population. Internet marketing, however, was one of the exceptions, and lawyers recognized its potential fairly early on.

That being said, ethics rulings have been one of the primary roadblocks for lawyers seeking to obtain clients via the internet. Since the advent of online advertising, ethics committees across the country have approached it with suspicion and have typically interpreted ethics rules narrowly, issuing holdings that tend to limit the ability of lawyers to advertise and market their services online.

This is especially so when it comes to lawyer-client matching services and the sharing of online referral fees with non-lawyers. Historically, ethics committees have frowned on this practice, permitting fee-sharing arrangements for online referral services under very limited circumstances. The latest opinion from the New York State Bar Association’s Committee on Professional Ethics is no exception. At issue in Opinion 1213, which was decided in January, was whether a fee-sharing arrangement between a lawyer and an online attorney-client matching website was permissible where the match included a “recommendation” of the attorney.

Specifically, the inquiring attorney was seeking input as to whether it would be ethical to participate in an online attorney referral service where the referral fee would be collected by the site, and the matching service vouched “for the lawyer’s credentials, competence and effectiveness…(when recommending) the lawyer as the ‘best lawyer’ for the needs of the potential client.”

The specific service at issue connected individuals who had received a traffic violation with lawyers in their area who were “the best local traffic lawyer for the case.” Once a potential client was paired with a lawyer, they received a price quote that was set by the lawyer. After the client paid said legal fee, a portion of it was kept by the online matching site as a service charge and the remainder was transferred to the lawyer.

Other relevant facts regarding the service included the following: 1) it solicited customer feedback and, in its sole discretion, would offer a full or partial refund if there was an unfavorable outcome, 2) it represented that it was not a law firm, did not offer legal advice, and that none of the attorneys it connected with clients were its employees or agents, and 3) it was not owned by lawyers admitted in New York.

Based on those facts, the Committee then turned to the issue at hand and considered whether “the portion of the legal fee paid by the client but retained by the online lawyer matching service constitute(d) an impermissible referral fee?”

At the outset, the Committee noted that pursuant to Rule 7.2(a), New York lawyers are not usually permitted to pay fees for client referrals. However, the comments to the rule clarify that online lead generation services are an exception as long as the service does not imply or create “a reasonable impression that it is recommending the lawyer… or has analyzed a person’s legal problems when determining which lawyer should receive the referral.”

The Committee explained that previously, in Opinion 1131, it had concluded that a lawyer could ethically pay a service fee to an online referral service where “neutral” and “mechanical” factors were applied when matching a potential client with a lawyers. Conversely, the Committee noted that in Opinion 1132, it concluded that a referral fee paid to Avvo Legal Services was impermissible since a number of different aspects of the service when considered together amounted to an attorney recommendation.

Next, the Committee turned to the factual scenario at hand and concluded that the online service setup was very similar to Avvo’s and thus constituted fee-sharing based on an impermissible recommendation. The Committee explained the attorney could not participate on the site since the matching service was “based on factors that include attorney success rate, response rate, and customer service rating…(and it) plainly strives to give potential clients the impression that it has selected the ‘best’ or ‘right’ lawyer for the potential client’s matter, and that the lawyer selected is preferred over other candidates in the service’s database.”

Accordingly, the lesson to be learned is that New York lawyers should participate in online referral services that provide lead generation for lawyers with care. If there is anything in the marketing language or website description of the service that gives the impression that the service will be vouching for the lawyer’s credentials and competence and/or will recommend that a particular lawyer is the “best lawyer” for a potential client’s needs, then walk the other way.

As I always say, if it’s unclear, err on the side of caution and just say no. You’ve got everything to lose from using a questionable service and very little to gain.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


The importance of technology competence when communicating electronically

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

The importance of technology competence when communicating electronically

I’m sure that by now you’ve already seen the now infamous cat filter court hearing video. If not, Google it and watch it. I’ll wait.

Now that you’re back, let’s talk about how you can avoid replicating that unfortunate predicament. The short answer? By maintaining technology competence when using electronic methods to communicate with clients and colleagues.

It’s always been important to ensure that you understand how to use the technologies that you use regularly in your practice. But now that many of us are working - and appearing in court - remotely, it’s imperative that lawyers are technologically competent when communicating electronically.

If you’re not sure what your obligations are when it comes to electronic communications or aren’t sure where to start, you’re in luck. The Florida Bar issued an updated guide last year that’s right on point: “Best Practices for Professional Electronic Communication.” 

This 25-page ebook offers a comprehensive overview of the ins and outs of different types of electronic communication and the issues lawyers need to understand when using said technologies. The types of electronic communications covered include texting, email, social media, telephones and cellphones, laptops, and court appearances via videoconference.

I recommend that you read the guide in its entirety since it contains at ton of useful information about securely and ethically communicating electronically. In the meantime, here are some highlights to get you started.

For starters, let’s take a look at the technology considerations you need to be aware of when texting. First and foremost, please understand that like the internet (see last week’s column), texting is forever. As the authors explain, “text messages can be saved on a cell phone within the actual conversation or on a smartphone by simply taking a screenshot of the conversation. These captured text messages can be forwarded to other recipients or exported from the device.” So please, text with care.

Other useful tips to keep in mind when texting include the following: 1) understand that text threads can be altered, and 2) when texting with or about clients, familiarize yourself with the backup policies, retrieval methods, metadata, etc. that texting service providers and devices employ to allow the retention and destruction of sent and received text messages.

The advice relating to email was likewise instructive, and worth taking note of. First, the authors focused on email attachments and the importance of understanding and managing any metadata contained therein: “Attachments may contain metadata that could disclose unwanted information to the recipient (and may) contain malicious software code (so) use scanning software for both outbound and inbound emails.”

Another important factor that was emphasized was the need to preserve confidentiality when using email. The authors explained the risks of using unencrypted email when sharing confidential information: “(I)f you use email as form of confidential communication, you should know the risks and be familiar with the options of sending secure/encrypted messages (since) there is always a chance that your email may be intercepted. Many of these risks are mitigated if not entirely eradicated when using an encrypted email service.”

Because of those risks, the authors recommended that lawyers use secure client portals like the ones built into law practice management software in lieu of email: “Secure client portals are an emerging and safe alternative to email. There are many case and practice management systems that offer a client portal component. You should seriously consider this option as a method of communication for confidential information.”

And last but not least, let’s bring it full circle and take a look at some of their recommendations regarding virtual court proceedings. First and foremost, the authors emphasized the importance of technology competence, and explained that judges should “(a)llow a few minutes more than you normally would before the time to begin to ensure technology is working.” Similarly, another piece of advice was to “have technology staff on standby, readily available to handle any technology issues that may arise.”

Take that last tip to heart, dear readers, on the off chance that you, too, end up imprisoned behind an adorable filter at the start of a hearing. With a tech-savvy assistant nearby, you’ll be able to quickly address the issue and thus avoid being immortalized via an internet meme as a very cute, albeit distressed, cat.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


Round Up: Law Practice Management Software, Clubhouse, Remote Work Ethical Guidance & More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from January:


The internet is forever, so behave accordingly

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

The Internet is Forever, So Behave Accordingly

My fellow lawyers: let's talk.

Now let me just say at the outset that I am absolutely thrilled to see all of you using technology, whether it's social media, video conferencing, or cloud computing. For more than a decade now I've been encouraging lawyers to embrace internet-based tools and educate themselves about the possibilities and many benefits of interacting, engaging, and conducting business online.

As you can imagine, it’s been a long, and sometimes frustrating journey. Before the pandemic hit, the legal profession was finally beginning to use emerging technologies, but adoption was occurring at a slow, but steady pace. And then, COVID-19 arrived, and everything changed.

One of the many effects of COVID-19 was that the mandatory quarantines required lawyers to rapidly shift to remote work. As a result lawyers began to use technology at rates never before seen. Lawyers implemented cloud-based software in order to get work done remotely. Similarly, methods of communication shifted rapidly because of social distancing requirements. Lawyers began to interact on social media more than ever before, and video conferencing became the norm.

These rapid changes were a welcome departure from the slow and measured rates of technology adoption that preceded them. However with that rapid technology usage came some very notable bumps in the road. It is these hiccups that I’d like to address in today’s column.

First and foremost I beseech you, my fellow lawyers, to understand that the internet is forever. Let me repeat that: the internet is forever.

Now I know I've told you this before. I’ve repeatedly shared this proposition with you in many different columns, and I know other legal technology professionals have done the same. But based on the barrage of news headlines about the many online missteps by lawyers that have occurred since the onset of the pandemic, I'm not sure the message has gotten through.

So let me be clear: when you are using internet-based technology such as social media or video conferencing software to interact with others please understand that anything you do and say can be recorded and shared across the internet for everyone to see. Screenshots can be taken. Video conference calls can be recorded. Everything you do and say online can be disseminated rapidly across social media, and once this happens there's no going back.

Things that you say and do online can come back to haunt you. You may experience public humiliation. Your actions could result in disciplinary action. You might even face criminal prosecution.

Lawyers have encountered all of these consequences in recent months. Attorneys involved in the riots at the Capital who shared their participation online now face criminal indictments. Lawyers who engaged in unprofessional conduct during Zoom meetings have had their actions shared far and wide. Lawyers who have, in the heat of the moment, posted threats or other inappropriate comments have placed their licenses to practice law at risk.

If only all of these lawyers had paused for mere seconds and thought about their actions prior to engaging in them, much of this could've been avoided.

So, my fellow lawyers, here are a few examples of what not to do, ripped from the headlines. If you're about to riot on the Capital or engage in other potentially criminal conduct, perhaps think before you engage in those actions, and if you decide to go move forward, at the very least avoid posting about them on social media. Or, if you start to get bored during a Zoom meeting, understand that your actions are visible to others and are likely being recorded and thus you should resist the urge to entertain yourself in an unseemly way, either alone or with a partner. And finally, refrain from publicly providing an online contact who is feuding with her ex-husband with advice on how to successfully murder said ex in a way that would allow the claim of self-defense to be asserted.

When you really think about it, it's just common sense. The Internet is forever, so behave accordingly. It’s really not that difficult, and I know you can do it. So what do you say? Will you take my advice and stop acting like idiots online? Not only will you avoid a lot of hassles and unpleasant consequences, we’ll all be better off for it. As far as I’m concerned, it’s a win-win all around!

 

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


NYSBA provides ransomware guidance for lawyers

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

NYSBA Provides Ransomeware Guidance For Lawyers

The pandemic has impacted so many different aspects of our lives, from where and how we work to how we communicate and interact with loved ones. The work-from-home requirements necessitated by COVID-19 have been one of the most noticeable effects of the pandemic. This increase in working from home has also led to another notable trend: an escalation in the number of cyberattacks occurring due to the vulnerabilities exposed by the rapid and unexpected transition to remote work by so many businesses - including law firms - across the country.

This development was likely the impetus for the recent release of a cybersecurity alert by the New York State Bar Association’s Technology and Legal Profession Committee relating to ransomeware. This very timely resource provides a wealth of advice and guidance for lawyers seeking to protect their firms’ data from attacks by nefarious actors.

In the report, the authors first tackle the concept of ransomware. They provide the following explanation along with examples to help readers understand what ransomware is and how bad actors use it to attempt to obtain information from law firms:

Ransomware is a form of malicious software (malware) that targets critical data and systems for the purpose of extortion.
Ransomware often encrypts data or programs to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. In many instances, the attacker threatens to publish sensitive information that has been seized, further hurting the victim, or impacting the business’ reputation.

As explained in the alert, the ransom demand typically consists of a demand for cryptocurrency in exchange for the data being held hostage. However, of note is that the Committee cautions that the provision of a payment does not necessarily guarantee that the data will necessarily be returned.
Because there is no way to ensure with certainty that your law firm will be able to obtain the return of its data from the bad actors, it is imperative that steps be taken to protect the data that remains on the firm’s systems. To that end, the Committee provides a step-by-step roadmap that includes recommendations to: 1) immediately isolate affected systems and avoid deleting any data, 2) isolate and/or power off uncorrupted devices, 3) after ensuring that existing data backups are free of malware, secure them and take them offline, 4) report the attack to https://www.ic3.gov/ and contact the local field offices of the FBI and U.S. Secret Service, 5) collect and secure any portions of existing ransomed data, 6) after taking the system offline, change online account and network passwords, 7) change systems passwords once malware has been removed, 8) disable maintenance tasks, and 9) implement incident response and business continuity plans.

The Committee also provides useful best practices guidance for law firms seeking to proactively protect their firms from future ransomeware attacks. The best practice tips are to: 1) implement an awareness and training program, 2) use Multi-Factor Authentication, 3) use long, complex passwords and do not reuse passwords for multiple accounts, 4) change default passwords, 5) enforce account lockouts after a specified number of login attempts, 6) configure access controls—including file, directory, and network share permissions—to limit access to only those who must have it, 7) restrict user permissions to install and run software applications, 8) enable strong spam filters to prevent phishing emails from reaching the end users. 9) set anti-virus and anti-malware programs to conduct regular scans automatically, 10) regularly patch systems, software, and firmware, 11) configure firewalls to block access to known malicious IP addresses, and 12) implement a Clean Desk Policy.

Note that the above constitutes highlights from this cybersecurity alert. For that reason, it’s important to read the alert in its entirety for a complete overview of the risks of ransomware, the precautionary steps you can take to protect your firm from being affected by it, and how to respond to an attack without making the situation any worse than it already is.

In closing, I urge you to give this document a thorough read and then implement the recommendations contained therein. Trust me, you won’t regret it. You’ve got nothing to lose by educating yourself about ransomware risks - and everything to gain!

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.