Legal Tech Blog

Archive for the ‘Security’ Category

iOS 9.3 Adds Message When Work is Managing a Device

Posted on: March 30th, 2016 by Matthew Clover

The latest iteration of iOS aims to make whether or not a device is being managed by a company very clear. The lock screen will now say “This iPhone/iPad is managed by your organization” and when you go into Settings>General and look at the About screen the message will read “This iPhone/iPad is supervised. [Company Name] can monitor your internet traffic and locate this device.” Transparency appears to be the main goal here. There is some confusion out there as to whether or not the message can be turned off, although I did find a post from Meraki, a free MDM solution provided by Cisco, implying that it could. That post can be found here. As a whole it is an interesting move by Apple as they continue to make security and privacy a main focus.

Smartwatch Security in the Workplace

Posted on: March 19th, 2015 by Matthew Clover

Smartwatches have been around for awhile, but the upcoming release of the Apple Watch has the potential to bring them into the mainstream. While the Apple Watch, and other Smartwatches, have the potential to increase efficiency, they also provide another device that can store and/or access corporate data. This presents another device that will need to be incorporated into a business’s BYOD security policy as well as another device to manage.
Read more…

Microsoft Outlook for iOS and Android not Enterprise Ready Yet

Posted on: February 9th, 2015 by Matthew Clover

A new app from Microsoft, Outlook for iOS and a Preview version for Android, shows that Microsoft is committed to designing for other platforms. Some reviews have been positive, like this one from The Verge, while others have said that this app is still a little rough around the edges, like this article from Infoworld. I tend to agree with The Verge, but there is a larger security concern for companies using the ActiveSync protocol (this includes Exchange, IBM Notes Traveler).  Read more…

Employee Mistakes Still to be Main Source of Data Breaches in 2015

Posted on: December 29th, 2014 by Matthew Clover

The Law Technology News just published the top six data breach predictions for 2015 as outlined in Experian Data Breach Resolution’s 2015 Second Annual Data Breach Industry Forecast. That article can be read in full here. I am focusing on the prediction regarding employee mistakes, as this seems to be one of the hardest areas for companies to rectify. As the article points out, both in its title and when discussing employee mistakes, businesses will continue to ignore the employee side in favor of protecting against cyberattacks. There are various reason for this, from the cost of security in general, to the sticky issue of balancing user efficiency and security, to cyberattacks being very much in the news currently. Read more…

Sony Data Breach Fallout and Lessons

Posted on: December 19th, 2014 by Matthew Clover

The FBI has concluded that the North Korean government was behind the Sony data breach that exposed embarrassing emails that have harmed the reputations of the company and its executives, forced the cancellation of the release of the “The Interview” amid terrorist threats, and put thousands of employees’ private information at risk.  This latest breach should cause IT professionals and business owners to review their privacy and security protocols and address weaknesses, and it should serve as a reminder that, while there will always be significant risk, there are some steps we can all take to be more secure online. Read more…

US Courts Issue Warning re eJuror Scam

Posted on: August 5th, 2014 by Angel Falconer

The Administrative Office of the U.S. Courts reports that citizens in several federal court districts have been targeted by a new scam, in which the victim is asked to disclose Social Security number, driver’s license number, date of birth, cell phone number or other sensitive information.  The fraudulent request claims to be affiliated with the online registration program, eJuror, which is used in 80 U.S. court districts.  A link to the U.S. Courts’ warning and tools to locate local district contact information for anyone who suspects they’ve been targeted by the scam can be found here:

ABA Will Consider Resolution Regarding Cybersecurity Policies

Posted on: July 29th, 2014 by Angel Falconer

A Resolution under consideration by the American Bar Association “urges all private and public sector organizations to develop, implement and maintain an enterprise security program in accordance with internationally accepted standards. [109].”  You can read the full press release here and the Resolutions here.

A Continued Disconnect Between the Idea of Security and Actual Practice

Posted on: June 10th, 2014 by Matthew Clover

Lexis Nexis recently conducted a survey, which the Law Technology News wrote about here, regarding the importance of file sharing in law firm collaboration. The survey showed that, while many firms continue to express concerns about security, over two thirds of those who participated in the survey use unencrypted email to share files. The survey points out that these firms rely solely on the confidentiality statement within an email for protection.  Read more…

What Heartbleed means for attorneys and third-party storage of client materials

Posted on: April 14th, 2014 by Matthew Clover

The Heartbleed bug, which surfaced at the beginning of last week, is one of the worst security breaches that the internet has had to deal with. It has been around for approximately two years, undetected by anyone except for, potentially, the NSA. The vulnerability allows attackers to grab usernames, passwords, and actual content, as well as impersonate services, and there is currently no way to detect whether it has been exploited or not. This vulnerability not only affects websites, but also hardware such as wifi routers and firewalls. So, what practical steps should be taken to protect any client materials stored at third party locations?

The first item on the list would be to assure your client that you are contacting the vendors involved. The next step would be to find out if any of the vendors you use were affected by the bug, and to learn as much as possible about what steps the vendor has taken and is taking to protect your client’s data. There are tests that can be done regarding whether websites have been patched, one of them can be found here. A list of hardware vendors to check can be found here. Even if the vendor assures you that the hardware has been patched, you will want to check your own hardware against the list. Once you have confirmation that all vendor services have been patched, the last item is to change your passwords for these services. Although it may be obvious to do so, keep the client informed throughout this process, find answers to any questions the client has, and maintain communication with the vendor so that you, and the client, can rest assured that reasonable steps have been taken to protect their data.

Staying Secure While You Travel

Posted on: March 14th, 2014 by Matthew Clover

Free public WiFi is everywhere. At cafes, hotels, the airport, courts, and many other locales. Its convenience, and the lack of unlimited cellular data for many, mean many of us use it to connect while we are away from home.  Using free public WiFi increases your risk of a data breach, given how easy it is to download tools to snoop for information on these networks. Firesheep is one such tool, and is easy to use. Wireshark is another one; it takes a little more technical know how but also allows hackers to grab unencrypted data from unsuspecting victims. Luckily, there are some solutions out there that can help keep you secure when using free public WiFi. Read more…

Legal Disclaimer

The information contained in this blog does not constitute legal advice, and does not create an attorney-client relationship. We make no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained in or linked to this blog.

About this blog

The goal of this blog is to provide a forum for discussing issues related to technology used in law firm and case management, and share information about CLEs, legal opinions, articles and products that may interest Oregon practitioners in the area of e-discovery.

About the author

  • Matthew Clover

  • Matthew Clover
  • Matthew Clover has been the IT Administrator at Stoll Berne since 2008. He supports attorneys, paralegals, and clients with the technology side of litigation. Matthew has a broad range of experience with legal industry technology, as well as more widely used technologies. He helps manage Stoll Berne's in-house e-discovery systems and has significant experience advising attorneys on the collection and management of electronic discovery and the use of trial software. Matthew also supports the firm's overall network, mobile, and applications infrastructure.
Follow stollberne on Twitter

Subscribe to this blog