I recently started my own practice. There’s a lot to do and a lot to think about—but seeing as I practice in the area of professional responsibility, one of my foremost concerns was ensuring my new firm would comply with Law Society requirements.

From my recent experience, here are five things to think about from an ethics and professionalism perspective if you are opening your own firm or solo practice:

1. Transferring clients: If you are leaving a firm, discuss which (if any) clients you wish to bring with you as soon as possible. Importantly, you cannot unilaterally decide that

Just When You Thought You Had Perfected Your Cybersecurity Training for Law Firm Employees . . .

Time to think again. It’s no secret that cybercriminals have increased all kinds of phishing activity since the pandemic. More people utilizing consumer grade equipment in a less secure work-at-home environment creates a fertile ground for phishing attack victims.

According to a ZDNet report, phishing attacks are shifting to mobile devices. That’s not surprising since mobile devices are the primary computing technology for more than 50% of users. The goal of the attackers is to obtain usernames and passwords that could be used . . . [more]

We can speak authoritatively about cybersecurity awareness for law firm employees because we give this training so often. Here are some of our tips to ensure you maximize the effectiveness of your training.

1. Take cybersecurity awareness training seriously and do it right.

A significant recent statistic is that human beings are involved in the success of 82% of cyber attacks. They tend to have crummy passwords, they reuse and share passwords, they click on links or attachments without thinking, they get emails which seem improbable and yet respond to them, and the list goes on and on.

We used . . . [more]

Virtual private networks (VPN) are very standard these days. But they are riddled with vulnerabilities – and subject to a “man in the middle attack.” They have wreaked havoc in 2020 in a work-from-home environment.

Enter zero trust network access (ZTNA).

An October 2020 Forrester study (commissioned by Cloudflare) offered some key findings.

Working from home compelled firms to transform how they operated in the cloud. However, 80% of the IT decision-makers interviewed said their companies were unprepared to make the transformation. Existing IT practices made it difficult to support employee productivity without security compromises.

As a result, 76% of . . . [more]

Those of you of a certain age will remember the song “What Kind of Fool Am I?” That song was about love, but for Pete’s sake, why is it that some lawyers keep insisting that they won’t use MFA (multi-factor authentication)?

Thanks to our good friend Ben Schorr (who works at Microsoft) for sending us an August 7 Microsoft update on why multi-factor authentication is so critical. It is short, sweet and should be read by anyone who has resisted multi-factor authentication (and there’s a lot of you!).

From the post:

“When you sign into your online accounts –

1. Is it real?
2. What does it cost if it happens?
3. How does it compare to the status quo?
4. Are there other risks that are important, too?

Whether we have overcome our storied risk aversion, or we have merely been given a more important risk to avoid, the legal profession in Canada is now struggling to adopt technology at a very fast pace.

And as might be expected, success is not evenly distributed. The difference between the people who take this opportunity for change and those who miss it will be how they think about risk.

Here’s . . . [more]

Love it or hate it, everyone is on Zoom these days, including lawyers.

The company notes that daily use went up from 10 million users a day in December 2019, to over 200 million daily users in March 2020. On March 23, 2020 alone, the app was downloaded 2.13 million times globally.

Social distancing during COVID-19 has in no insignificant way pushed the use of this platform to new levels, with share prices going from $70 in January to $150 by the the end of March 2020. Yet, the platform was never designed with this type of use in mind. . . . [more]

Almost everything of social or financial value is now online in some form, benefitting in many ways from the interconnection with the world, and tempting in many other ways to the world’s thieves and saboteurs. As a result, Internet security has never been more important to personal, corporate and political interests than it is now.

Yet we read weekly of new damage done to online resources: legal service firms taken offline by ransomware, virtual currencies highjacked, endless personal records stolen from enterprises in all lines of business. It is remarkable how rarely critical infrastructure – power supplies, transportation, communications – . . . [more]

Here are excerpts from the most recent tips on SlawTips, the site that each week offers up useful advice, short and to the point, on practice, research, writing and technology.

Technology

My Favourite Apps – Part V
Lesha Van Der Bij

Passwords. The bane of most people’s existence. So many to remember! I know a few people who swear they have figured it all out – using some kind of mnemonic to remember all of their passwords. Apparently, I am not that clever. So I recently turned to LastPass. You remember one password and LastPass stores the rest. … . . . [more]

While there has been controversy about the enforcement of the electronic communication provisions of Canada’s Anti-Spam Law (CASL) due to the ambiguities of the complex scheme, there is widespread support for the anti-malware provisions. The Canadian Radio-television and Telecommunications Commission (CRTC) recently enforced those anti-malware provisions against .Mr. Revesz and Mr. Griebel, the partners of Orcus Technologies, pursuant to section 22 of CASL, for a total penalty of $115,000.

The defendants have 30 days to file representations with the CRTC or pay the penalty.

The CRTC alleges that Orcus Technologies developed, distributed, promoted, and sold a Remote Administration Tool called . . . [more]

A recent news story, on CBC and elsewhere, told of a woman whose son went missing for two years. When she found his body (in a morgue), she did not know why he died. She has been trying to get information about his social media accounts, in order to see if there was something particular on his mind that might explain his death.

She has not been very successful, especially with the US social media giants like Yahoo and Google. (She did get an order from a Canadian court that got her some information from Canadian sources.)

Question: should the . . . [more]

It was big news in late August when Microsoft said that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks. This doesn’t apply just to Microsoft accounts. It applies to any other account on any website or online service.

Today, virtually all service providers support multi-factor authentication, and in most cases, there is no charge. It can be something as simple as SMS-based one-time passwords or advanced biometrics solutions.

“Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA,” said Alex Weinert, Group . . . [more]