Sui Generis--a New York law blog

I often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from March:

• Plenty of options when it comes to litigation fact management software - ABA Journal
• ABA TECHSHOW 2021: It's Virtual But Still Has Lots To Offer - Above the Law
• New York Provides Zoom Decorum Advice Because Lawyers Clearly Need It - Above the Law
• ABA (Virtual) Techshow 2021: All You Need to Know - MyCase Blog
• ABA TECHSHOW 2021: It’s a Wrap! - MyCase Blog
• ABA Techshow 2021 Visual Notes: Responding to Online Disinformation - MyCase Blog
• The Case for Law Practice Management Software - MyCase Blog

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

New Jersey On The Ethics Of “Reply All” Emails

Lawyers have communicated with clients via electronic means for more than two decades. For most of that time period, email has been the preferred and primary method of electronic communication. However, over time, email - which is inherently unsecure and is no different than sending a postcard written in pencil through the post office - has begun to fall out of favor as technology has improved.

For that reason, in recent years, more secure communication methods are increasingly being recommended by ethics committees and cybersecurity security experts. More secure options include encrypted email and the encrypted client communication portals built into law practice management software, for the reasons set forth in ABA Opinion 477, where the ethics committee concluded that due to “cyber-threats and (the fact that) the proliferation of electronic communications devices have changed the landscape…it is not always reasonable to rely on the use of unencrypted email.”

Despite this recommendation, many lawyers continue to use unencrypted email for confidential client communications, and doing so can sometimes compromise confidentiality. For example, the New Jersey Supreme Court Advisory Committee on Professional Ethics recently addressed one of the many ethical risks posed by email: the use of the “reply all” functionality.

At issue in NJ Ethics Opinion 739, which was handed down in March, was whether ethical issues were presented when lawyers used the “reply all” function to respond to a group email that had been sent by a lawyer who had cc:d his client in on the original email. Specifically the inquiring lawyer queried whether lawyers who used the “reply all” function in that scenario were unethically communicating with his client without consent, thus compromising the confidentiality and sanctity of the attorney-client relationship.

At the outset, the Committee noted that the applicable Rule of Professional Conduct was Rule 4.2, which  provides: “In representing a client, a lawyer shall not communicate about the subject of the representation with a person the lawyer knows, or by the exercise of reasonable diligence should know, to be represented by another lawyer in the matter ….”

Next, the Committee wisely considered analogous offline conduct prior to reaching its determination. Specifically the Committee explained that when lawyers receive a letter where opposing counsel’s client is copied, it would be unethical for the recipient lawyer to respond by writing a letter addressed to both the lawyer and the client. In comparison, if a lawyer placed a phone call to another attorney and the client was on the line as well, the lawyer who initiated the call would have been deemed to impliedly consent “to opposing counsel speaking on the call and thereby communicating both with the opposing lawyer and that lawyer's client.”

According to the Committee, because email is a decidedly informal method of communicating, when clients are cc:d in on a group email, it is assumed that all replies to the email are directed  toward the attorneys in the group and not the client.

The Committee acknowledged that some other jurisdictions have concluded otherwise, and have found that implied consent to client communications does not occur in this scenario. However, the Committee specifically rejected that determination since “these opinions from other jurisdictions do not fully appreciate the informal nature of group email or recognize the unfairness of exposing responding lawyers to ethical sanctions for this conduct.”

Therefore, the Committee concluded that implied consent does, in fact, in this situation and that “(l)awyers who initiate a group email and find it convenient to include their client should not then be able to claim an ethics violation if opposing counsel uses a ‘reply all’ response. ‘Reply all’ in a group email should not be an ethics trap for the unwary or a ‘gotcha' moment for opposing counsel. The Committee finds that lawyers who include their clients in group emails are deemed to have impliedly consented to opposing counsel replying to the entire group, including the lawyer's client.”

I wholeheartedly agree with the Committee’s conclusion, and particularly appreciate that it reached its determination on this issue by considering how Rule 4.2 is applied to analogous forms of offline communication. Because, as I always say, the online is simply an extension of the online. New rules are rarely required for online conduct. Instead, existing rules and principles can be applied to online conduct thus providing more relevant and concrete guidance that will withstand the test of time.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Zoom Etiquette Guidance Offered to New York Lawyers

If you regularly read my column you know that I’ve been encouraging lawyers to use technology for over a decade now. When I first started writing about technology, I highlighted the benefits that social media and blogging could offer lawyers. From there I shifted my focus to mobile computing and cloud-based tools, and then eventually artificial intelligence legal software. Regardless of which technology I was focused on at any given time, my primary goal has always been to lawyers to motivate lawyers to familiarize themselves with - and begin to use - these emerging tools.

In the early years, my efforts often fell on deaf ears. Generally speaking, lawyers wanted nothing to do with all of the newfangled technology that I was so excited about. But over time, attitudes have changed, in part because the technologies I was evangelizing were becoming part of our day-to-day lives. This entanglement of technology with mainstream culture ultimately had the end effect of changing the practice of law, whether lawyers were on board or not. And eventually, once lawyers actually tried out any given tool, they oftentimes found that it actually had a positive impact on both their personal and professional lives.

That’s why, in 2012, the American Bar Association acknowledged the indisputable influence of technology on the practice of law when it modified comment 8 to Model Rule 1.1 to state that maintaining technology competence is part of the ethical obligations of lawyers. The first states to adopt this duty of technology competence did so in 2013, and New York followed suit in 2015. Most recently, California joined their ranks, and became the 39th state to adopt this duty when the California Supreme Court approved the new rule on Feb. 18, 2021.

It’s no coincidence that this continued emphasis on technology competence has occurred in parallel with the increased reliance by law firms on remote working technologies. The global pandemic in which we now find ourselves took most everyone by surprise and resulted in a greatly accelerated rate of technology adoption by the legal profession and the general population as a whole. Social distancing requirements necessitated remote interaction, and as a result cloud-based software, including videoconferencing tools, quickly became commonplace in most households.

Notably, the rapid technology adoption did not occur without a few hiccups. In fact, it has seemed as if not a day has gone by without a Zoom fail making the news, many of which feature lawyer gaffes during Zoom court appearances. These headlines have occurred with such frequency that I recently penned a Daily Record column wherein I urged lawyers to “stop acting like idiots online.”

It would seem that I’m not the only one who is at the end of their rope when it comes to this issue, since top administrative law judges in New York State recently issued a memorandum entitled “Virtual Proceedings - Appropriate Decorum.” 

Prior to providing its recommended videoconferencing protocols for New York lawyers, the judges explained why it’s so important for lawyers to behave properly during virtual court proceedings: “The COVID-19 pandemic has required all courts across New York State to innovate and adapt in order to continue to provide the effective and efficient administration of justice and Access to Justice for all court users consistent with the highest standards…Appropriate decorum/etiquette is a necessity during all virtual court proceedings.”

Next, they provided the following guidance to New York lawyers who appear remotely in court proceedings. While the recommendations offered seem to be fairly self-evident, if recent headlines are any indication, they are a much-needed addition to the virtual toolbox of lawyers who appear in court remotely:

• Dress in appropriate attire, as if you were appearing in-person in court
• Display an appropriate and professional background
• No consumption of food or drink during the proceeding
• Remain professional and dignified
• As in ln-Person proceedings, only one person should be speaking at a time.

Now that lawyers have this videoconferencing advice readily available, I have the utmost confidence that the salacious headlines regarding lawyers’ inappropriate behavior on Zoom will decline significantly. From here on in, I fully expect New York lawyers to be fully dressed, dignified, and polite whenever they make a virtual appearance. Capisce? Capisce.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Because of the pandemic, lawyers are working remotely more than ever before, and many will likely continue to do so - at least occasionally - even after the pandemic is behind us. Now that practicing law virtually is more commonplace than ever, many different bar associations have recently handed down ethics opinions that address the ethical issues to consider when working from a remote location. Most recently, the American Bar Association weighed in on this issue on March 10th in Formal Opinion 498. In this opinion, the ABA Standing Committee on Ethics and Professional Responsibility offered ethical guidance on a host of issues that are triggered when law firm employees work remotely. The opinion covers a wide range of topics and is worth an in-depth read, but for the purposes of this article, I’m going to focus on the technology-specific recommendations.

Notably, at the outset, the Committee acknowledged that all of the ethical issues discussed apply whether a firm’s workforce is working in the office or elsewhere, but that the issues may need to be addressed differently when a firm is operating remotely.

Prior to offering guidance, the Committee first provided its definition of a virtual practice, which it stated was a “technologically enabled law practice beyond the traditional brick-and-mortar law firm.” This definition comports with the general understanding of this concept.

Next, the Committee explained the rationale behind providing this type of ethical guidance at this time. According to Committee, recent events have resulted in an acceleration of technology adoption in the legal profession and as a result, updated guidance was necessary: “Virtual practice began years ago but has accelerated recently, both because of enhanced technology (and enhanced technology usage by both clients and lawyers) and increased need.”

The Committee then turned to specific technology-related guidance, and explained that regardless of where law firm employees are working, maintaining client confidentiality is of the utmost importance. That being said, when employees work from remote locations, reasonable steps must be taken to ensure that procedures are in place that sufficiently protect client data: “(A) non-exhaustive list of factors may guide the lawyer’s determination of reasonable efforts to safeguard confidential information: ‘the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients…’"

According to the Committee, particularly sensitive client data will warrant increased protection: “(D)epending on the circumstances, lawyers may need to take special precautions…Factors to consider to assist the lawyer in determining the reasonableness of the ‘expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.’”

Next the Committee addressed the options available to lawyers that may need to encrypt some types of more sensitive data, especially when it comes to communicating with clients about confidential information electronically. The Committee explained that in some cases unencrypted email is insufficient and secure online client communications portals like the ones available in law practice management software may be necessary: “As ABA Formal Op. 477R noted, a ‘lawyer has a variety of options to safeguard communications including, for example, using secure internet access methods to communicate, access and store client information (such as through secure Wi-Fi, the use of a Virtual Private Network, or another secure internet portal)…”

Last but not least, the Committee focused on a potential, and possibly unexpected,  issue that may affect many lawyers and law firm firm employees working from home: the security of smart listening devices such as Amazon Echo or Apple’s Siri. The Committee explained that in some cases these devices should be turned off when confidential information is being discussed: “Unless the technology is assisting the lawyer’s law practice, the lawyer should disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters. Otherwise, the lawyer is exposing the client’s and other sensitive information to unnecessary and unauthorized third parties and increasing the risk of hacking.”

Those are just some of the issues covered in this very concise, but comprehensive opinion. I strongly suggest that you review the entire opinion since it provides ethical guidance on a number of different security issues that may be triggered when a law firm’s workforce is displaced from the office, or otherwise working remotely - something that is likely to become increasingly common in the years to come.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

In March of last year, as we faced lock downs and the newfound threat of COVID-19, remote work became a sudden and unexpected reality. Law firms shut their doors and sent everyone home, and the work-from-home revolution began out of necessity, not choice.

As lawyers tried to adapt to the “new normal,” they encountered ethical quandaries when transitioning their dispersed workforces to the cloud-based technologies that would facilitate remote working. Because working-from-home was not commonplace prior to the pandemic, there wasn’t much ethical guidance available regarding technology use that lawyers could turn to.

Fortunately, on April 10, 2020, the Pennsylvania Bar stepped up to the plate and issued Formal Opinion 2020-300. In that opinion, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility provided guidance on how lawyers and their staff can ethically provide legal services while working remotely.

Since that time, as lawyers have continued to work from locations both inside and outside of the jurisdictions in which they’re licensed, another ethical issue has arisen: whether an attorney working remotely long term from a jurisdiction in which they’re unlicensed constitutes the unauthorized practice of law. The Florida Bar Association, D.C. Bar Association, and the American Bar Association have already addressed this issue, and now the Pennsylvania Bar Association, in conjunction with the Philadelphia Bar Association, have joined their ranks by issuing Joint Formal Opinion 2021-100.

At issue in this opinion is whether it is ethical for a lawyer licensed in Pennsylvania to work remotely from another jurisdiction in which the lawyer is not licensed. The Committee summed up the situation leading to the consideration of this issue and the ethical dilemma presented as follows: “The shift to a predominantly remote-based practice model has raised concerns whether a Pennsylvania lawyer practicing law from a physical location outside of Pennsylvania engages in the unauthorized practice of law even though the attorney’s practice is limited to practicing Pennsylvania law for clients in Pennsylvania.”

The Joint Committee acknowledged that the American Bar Association had previously addressed this issue in ABA Formal Opinion 495 and had concluded that “(t)he purpose of Model Rule 5.5 is to protect the public from unlicensed and unqualified practitioners of law…(and) is not served by prohibiting a lawyer from practicing the law of a jurisdiction in which the lawyer is licensed, for clients with matters in that jurisdiction, if the lawyer is for all intents and purposes invisible as a lawyer to a local jurisdiction where the lawyer is physically located, but not licensed.”

In reaching its conclusion, the Joint Committee adopted the ABA committee’s rationale and concluded that Pennsylvania lawyers could ethically work remotely from a jurisdiction in which they were not licensed as long as there are no statutes, rules, opinions or case law of that jurisdiction in place that would prohibit them from doing so. The Joint Committee determined that this type of remote work is permissible but “lawyers may not hold themselves out as being licensed to practice in the local jurisdiction and may not advertise or otherwise hold themselves out as having an office in the local jurisdiction, or provide or offer to provide legal services in the local jurisdiction, the fact that they are physically located there does not bar them from working remotely for the same clients.”

This opinion, and the ones from the bar associations that preceded it, are evidence of a greater trend: the pandemic has ushered in a new normal for the legal profession. Remote working, and the cloud-based technology needed to enable it, are here to stay. Practicing law from any location is becoming an accepted and commonplace practice. So if you’re still on the fence regarding the use of cloud computing software in your law firm, what are you waiting for? The tides have turned, and there’s no better time than now to make the transition to working remotely using cloud-based technology.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].

I often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from February:

• Automating your firm’s documents is a snap with document assembly software - ABA Journal
• Has The Legal Profession Reached A Tech Adoption Tipping Point? - Above the Law
• New Remote Working Guidance And Cybersecurity Best Practices For Lawyers - Above the Law
• ABA Survey: Legal Software Use In Law Firms In 2021 - MyCase Blog
• Now is The Time to Transition Your Firm From Premise-Based Legal Software to the Cloud - MyCase Blog
• Cybersecurity Tips for Lawyers Working Remotely - MyCase Blog

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Since the turn of the century, the internet has increasingly become part of our day-to-day lives. Initially, this new reality presented a bit of a challenge for precedent-based, risk-averse lawyers. As a result, in most cases the legal profession as a whole has adapted to the online world more slowly than the general population. Internet marketing, however, was one of the exceptions, and lawyers recognized its potential fairly early on.

That being said, ethics rulings have been one of the primary roadblocks for lawyers seeking to obtain clients via the internet. Since the advent of online advertising, ethics committees across the country have approached it with suspicion and have typically interpreted ethics rules narrowly, issuing holdings that tend to limit the ability of lawyers to advertise and market their services online.

This is especially so when it comes to lawyer-client matching services and the sharing of online referral fees with non-lawyers. Historically, ethics committees have frowned on this practice, permitting fee-sharing arrangements for online referral services under very limited circumstances. The latest opinion from the New York State Bar Association’s Committee on Professional Ethics is no exception. At issue in Opinion 1213, which was decided in January, was whether a fee-sharing arrangement between a lawyer and an online attorney-client matching website was permissible where the match included a “recommendation” of the attorney.

Specifically, the inquiring attorney was seeking input as to whether it would be ethical to participate in an online attorney referral service where the referral fee would be collected by the site, and the matching service vouched “for the lawyer’s credentials, competence and effectiveness…(when recommending) the lawyer as the ‘best lawyer’ for the needs of the potential client.”

The specific service at issue connected individuals who had received a traffic violation with lawyers in their area who were “the best local traffic lawyer for the case.” Once a potential client was paired with a lawyer, they received a price quote that was set by the lawyer. After the client paid said legal fee, a portion of it was kept by the online matching site as a service charge and the remainder was transferred to the lawyer.

Other relevant facts regarding the service included the following: 1) it solicited customer feedback and, in its sole discretion, would offer a full or partial refund if there was an unfavorable outcome, 2) it represented that it was not a law firm, did not offer legal advice, and that none of the attorneys it connected with clients were its employees or agents, and 3) it was not owned by lawyers admitted in New York.

Based on those facts, the Committee then turned to the issue at hand and considered whether “the portion of the legal fee paid by the client but retained by the online lawyer matching service constitute(d) an impermissible referral fee?”

At the outset, the Committee noted that pursuant to Rule 7.2(a), New York lawyers are not usually permitted to pay fees for client referrals. However, the comments to the rule clarify that online lead generation services are an exception as long as the service does not imply or create “a reasonable impression that it is recommending the lawyer… or has analyzed a person’s legal problems when determining which lawyer should receive the referral.”

The Committee explained that previously, in Opinion 1131, it had concluded that a lawyer could ethically pay a service fee to an online referral service where “neutral” and “mechanical” factors were applied when matching a potential client with a lawyers. Conversely, the Committee noted that in Opinion 1132, it concluded that a referral fee paid to Avvo Legal Services was impermissible since a number of different aspects of the service when considered together amounted to an attorney recommendation.

Next, the Committee turned to the factual scenario at hand and concluded that the online service setup was very similar to Avvo’s and thus constituted fee-sharing based on an impermissible recommendation. The Committee explained the attorney could not participate on the site since the matching service was “based on factors that include attorney success rate, response rate, and customer service rating…(and it) plainly strives to give potential clients the impression that it has selected the ‘best’ or ‘right’ lawyer for the potential client’s matter, and that the lawyer selected is preferred over other candidates in the service’s database.”

Accordingly, the lesson to be learned is that New York lawyers should participate in online referral services that provide lead generation for lawyers with care. If there is anything in the marketing language or website description of the service that gives the impression that the service will be vouching for the lawyer’s credentials and competence and/or will recommend that a particular lawyer is the “best lawyer” for a potential client’s needs, then walk the other way.

As I always say, if it’s unclear, err on the side of caution and just say no. You’ve got everything to lose from using a questionable service and very little to gain.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

The importance of technology competence when communicating electronically

I’m sure that by now you’ve already seen the now infamous cat filter court hearing video. If not, Google it and watch it. I’ll wait.

Now that you’re back, let’s talk about how you can avoid replicating that unfortunate predicament. The short answer? By maintaining technology competence when using electronic methods to communicate with clients and colleagues.

It’s always been important to ensure that you understand how to use the technologies that you use regularly in your practice. But now that many of us are working - and appearing in court - remotely, it’s imperative that lawyers are technologically competent when communicating electronically.

If you’re not sure what your obligations are when it comes to electronic communications or aren’t sure where to start, you’re in luck. The Florida Bar issued an updated guide last year that’s right on point: “Best Practices for Professional Electronic Communication.” 

This 25-page ebook offers a comprehensive overview of the ins and outs of different types of electronic communication and the issues lawyers need to understand when using said technologies. The types of electronic communications covered include texting, email, social media, telephones and cellphones, laptops, and court appearances via videoconference.

I recommend that you read the guide in its entirety since it contains at ton of useful information about securely and ethically communicating electronically. In the meantime, here are some highlights to get you started.

For starters, let’s take a look at the technology considerations you need to be aware of when texting. First and foremost, please understand that like the internet (see last week’s column), texting is forever. As the authors explain, “text messages can be saved on a cell phone within the actual conversation or on a smartphone by simply taking a screenshot of the conversation. These captured text messages can be forwarded to other recipients or exported from the device.” So please, text with care.

Other useful tips to keep in mind when texting include the following: 1) understand that text threads can be altered, and 2) when texting with or about clients, familiarize yourself with the backup policies, retrieval methods, metadata, etc. that texting service providers and devices employ to allow the retention and destruction of sent and received text messages.

The advice relating to email was likewise instructive, and worth taking note of. First, the authors focused on email attachments and the importance of understanding and managing any metadata contained therein: “Attachments may contain metadata that could disclose unwanted information to the recipient (and may) contain malicious software code (so) use scanning software for both outbound and inbound emails.”

Another important factor that was emphasized was the need to preserve confidentiality when using email. The authors explained the risks of using unencrypted email when sharing confidential information: “(I)f you use email as form of confidential communication, you should know the risks and be familiar with the options of sending secure/encrypted messages (since) there is always a chance that your email may be intercepted. Many of these risks are mitigated if not entirely eradicated when using an encrypted email service.”

Because of those risks, the authors recommended that lawyers use secure client portals like the ones built into law practice management software in lieu of email: “Secure client portals are an emerging and safe alternative to email. There are many case and practice management systems that offer a client portal component. You should seriously consider this option as a method of communication for confidential information.”

And last but not least, let’s bring it full circle and take a look at some of their recommendations regarding virtual court proceedings. First and foremost, the authors emphasized the importance of technology competence, and explained that judges should “(a)llow a few minutes more than you normally would before the time to begin to ensure technology is working.” Similarly, another piece of advice was to “have technology staff on standby, readily available to handle any technology issues that may arise.”

Take that last tip to heart, dear readers, on the off chance that you, too, end up imprisoned behind an adorable filter at the start of a hearing. With a tech-savvy assistant nearby, you’ll be able to quickly address the issue and thus avoid being immortalized via an internet meme as a very cute, albeit distressed, cat.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].

I often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from January:

• Run your law practice remotely with legal practice management software - ABA Journal
• The Next Social Media Frontier For Lawyers: Clubhouse - Above the Law
• Kicking Off (Virtual) Legalweek 2021 With A Lexis+ Legal Analytics Update - Above the Law
• Ethical Guidance for Lawyers Working Remotely - MyCase Blog
• Top 4 Tips for Building Resiliency Into Your Law Firm in 2021 - MyCase Blog
• Small Firms Lawyers: Plan For a Successful 2021 With These 4 Books - MyCase Blog
• Lay The Groundwork for a Successful 2021 With These 3 Marketing Tips For Lawyers - MyCase Blog
• ABA Survey: Mobile Lawyer Trends in 2021 - MyCase Blog

Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

NYSBA Provides Ransomeware Guidance For Lawyers

The pandemic has impacted so many different aspects of our lives, from where and how we work to how we communicate and interact with loved ones. The work-from-home requirements necessitated by COVID-19 have been one of the most noticeable effects of the pandemic. This increase in working from home has also led to another notable trend: an escalation in the number of cyberattacks occurring due to the vulnerabilities exposed by the rapid and unexpected transition to remote work by so many businesses - including law firms - across the country.

This development was likely the impetus for the recent release of a cybersecurity alert by the New York State Bar Association’s Technology and Legal Profession Committee relating to ransomeware. This very timely resource provides a wealth of advice and guidance for lawyers seeking to protect their firms’ data from attacks by nefarious actors.

In the report, the authors first tackle the concept of ransomware. They provide the following explanation along with examples to help readers understand what ransomware is and how bad actors use it to attempt to obtain information from law firms:

Ransomware is a form of malicious software (malware) that targets critical data and systems for the purpose of extortion.
Ransomware often encrypts data or programs to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. In many instances, the attacker threatens to publish sensitive information that has been seized, further hurting the victim, or impacting the business’ reputation.

As explained in the alert, the ransom demand typically consists of a demand for cryptocurrency in exchange for the data being held hostage. However, of note is that the Committee cautions that the provision of a payment does not necessarily guarantee that the data will necessarily be returned.
Because there is no way to ensure with certainty that your law firm will be able to obtain the return of its data from the bad actors, it is imperative that steps be taken to protect the data that remains on the firm’s systems. To that end, the Committee provides a step-by-step roadmap that includes recommendations to: 1) immediately isolate affected systems and avoid deleting any data, 2) isolate and/or power off uncorrupted devices, 3) after ensuring that existing data backups are free of malware, secure them and take them offline, 4) report the attack to https://www.ic3.gov/ and contact the local field offices of the FBI and U.S. Secret Service, 5) collect and secure any portions of existing ransomed data, 6) after taking the system offline, change online account and network passwords, 7) change systems passwords once malware has been removed, 8) disable maintenance tasks, and 9) implement incident response and business continuity plans.

The Committee also provides useful best practices guidance for law firms seeking to proactively protect their firms from future ransomeware attacks. The best practice tips are to: 1) implement an awareness and training program, 2) use Multi-Factor Authentication, 3) use long, complex passwords and do not reuse passwords for multiple accounts, 4) change default passwords, 5) enforce account lockouts after a specified number of login attempts, 6) configure access controls—including file, directory, and network share permissions—to limit access to only those who must have it, 7) restrict user permissions to install and run software applications, 8) enable strong spam filters to prevent phishing emails from reaching the end users. 9) set anti-virus and anti-malware programs to conduct regular scans automatically, 10) regularly patch systems, software, and firmware, 11) configure firewalls to block access to known malicious IP addresses, and 12) implement a Clean Desk Policy.

Note that the above constitutes highlights from this cybersecurity alert. For that reason, it’s important to read the alert in its entirety for a complete overview of the risks of ransomware, the precautionary steps you can take to protect your firm from being affected by it, and how to respond to an attack without making the situation any worse than it already is.

In closing, I urge you to give this document a thorough read and then implement the recommendations contained therein. Trust me, you won’t regret it. You’ve got nothing to lose by educating yourself about ransomware risks - and everything to gain!

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].