August 01, 2018 TECHNOLOGY

Ask Techie

Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.

This month we answer readers’ questions about the best antivirus programs, using electronic images as your primary file, and whether you need to encrypt all your e-mails.

Q: What is the best antivirus program to protect my computer?

A: The battle between cyber-criminals and security companies proceeds at an alarming pace. Traditional antivirus software with its periodic virus signature downloads cannot protect against nefarious virus coders who release thousands of short-lived malware programs throughout every day.

How do we define the “best” antivirus program? It’s not simply the product that catches the highest percentage of existing malware found in the wild. What good is that against brand-new variants constantly appearing? And you don’t want something that bogs down your computer and interrupts you with false positives. When something goes wrong with your computer, it is typical for your tech support person to suspect your antivirus software. You want something highly protective and unimposing.

So, what are the best current technologies against viruses, malware, ransomware, and breaches? People overuse the buzzword “cloud,” but the cloud provides the best protection against the ever-changing host of viruses, worms, Trojans, ransomware, and the like. Traditional software cannot download virus signatures often enough or fast enough to provide up-to-the-minute defenses. Do you really want a gazillion signatures streaming down to your computer or your device? No! Instead, the best approach identifies every remotely suspicious download, executed program, and activity on your computer and reports each of them up to the cloud. Super-powerful cloud servers then compare the suspects against a huge, constantly updated database of file signatures, activity profiles, and malware sources. Yet all clouds aren’t equal. Beware of “cloud-washing.” Companies may claim they are “cloud-powered,” but read the fine print. It could be old tech. Another wishy-washy term is “real-time.” It might describe a good-old approach to heuristically identifying some threats yet doesn’t make a real-time connection to a mighty cloud engine.

What are some of the best products? No cloud-washers in this list!

Oh, and one more thing: Is your backup up-to-date and tested? It’s better to stop malware, break-ins, and data theft in their tracks, but if your anti-malware defenses fail, having an up-to-date backup lets you recover your priceless files and data.

Q: Should I use electronic images as my primary file?

A: I can answer that question in one word: Yes. Using electronic images lets you keep everything on your computer or tablet and lets you easily take large files with you out of the office. Having said that, I have some other comments and concerns that you need to consider.

  1. In most cases you will not be able to do away with paper completely. While I still maintain portions of some files in paper form, all the documents that come into the office for a case get scanned and stored on the computer. This works very efficiently for us.
  2. If you want to make electronic files your primary case files, make damned sure that you have and use a good backup system! Check it out to make sure it works properly and easily. Make sure that it backs up your files automatically, at least daily and to more than one device/location. I recommend that you have at least two backup copies on hard drives in your office, one on a backup drive out of your office, and one securely stored in the cloud.
  3. You need to be careful to protect client confidentiality: If you lose the device on which you have unprotected documents, you will likely breach confidentiality. You should encrypt and password protect sensitive documents. You should use strong passwords or biometric access to your devices and strong passwords on your Internet cloud account and to decrypt your encrypted documents. Be careful where you leave your storage devices.
  4. Don’t rely on the computer’s ability to randomly access documents when you need them. If you misspell something, the computer may never find it. If you ask for the wrong thing (incorrect descriptors), you have the same issue. I recommend that you set up a storage system on your computer that works similarly to a physical file system. I have a folder for each client. In each client’s file I have a separate folder for each matter for that client. In each matter, I have folders to separate types of documents. Standard files include “Correspondence,” “Research,” and “Client Documents.” In a litigation matter, I would have files for “Discovery” and “Pleadings.” Other files get added as needed, either at the primary level or as a sub-folder in a larger one (for example, a “Transcripts” file for deposition transcripts as a sub-folder in the “Discovery” folder).
  5. Note that the failure to properly protect your stored sensitive (confidential) data could result in disciplinary action for an ethics violation by your state bar. Similarly, I would argue that failing to properly back up your files, losing them to theft or a crash, and having that negatively impact your representation of a client also constitutes both an ethics issue in many states and a likely successful malpractice claim for negligently handling the documents.

Q: Should I encrypt all my e-mails to ensure compliance with the ABA Model Rules of Professional Conduct?

A: The issue of whether an attorney should encrypt e-mail devolves to threshold protocol for achieving sufficiently secure communications with clients to sustain attorney-client privilege and to safeguard propriety and confidentiality of client sensitive data. As articulated by the ABA Standing Committee on Ethics and Professional Responsibility in the course of formulating Formal Opinion 477 in May 2017, it’s incumbent on attorneys to ascertain the risks associated with e-mail communications to clients as a function of the nature of the information being transmitted or received. Indeed, the Committee noted that, especially in view of the frequency of cyber-threats such as ransomware and the ongoing vulnerability of law firms to being victimized by malware intrusions, certain circumstances may dictate that attorney reliance on unencrypted e-mail is unreasonable.

Opinion 477 enumerates several factors that should be considered when determining a suitably secure method for communicating with clients on a case-by-case basis: (1) sensitivity of the information; (2) likelihood of disclosure if adequate safeguards aren’t invoked; (3) cost of invoking such adequate safeguards; (4) difficulty of implementing such invoked safeguards; and (5) extent to which such safeguards tend to introduce an additional layer of complexity that may adversely affect an attorney’s ability to properly represent a client’s interests as contemplated in the underlying engagement agreement.

While establishing e-mail encryption typically requires IT support, the integrity of an electronic transmission of information requires end-to-end security. Rather than seeking to achieve prerequisite security and privacy via encrypting e-mails per se, it may be preferable and more straightforward for an attorney routinely to:

  • invoke a secure (encrypted) portal for each client, which would be seamlessly integrated with a web-based practice management application such as Firm Central or Clio;
  • include a secure link within an e-mail requiring a password and preferably two-factor authentication; or
  • obtain an obscure Internet connection via VPN (“Virtual Private Network”) and attach an encrypted PDF file to the clandestine, albeit unencrypted e-mail.

What’s YOUR Question?

If you have a technology question, please forward it to Managing Editor Rob Salkin (robert.salkin@americanbar.org) at your earliest convenience. Our response team selects the questions for response and publication. Our regular response team includes Jeffrey Allen, Wells H. Anderson, Ashley Hallene, Al Harrison, Nerino J. Petro Jr., and J. Anthony Vittal; we may, from time to time, have guest authors. We publish submitted questions anonymously, just in case you do not want someone else to know you asked the question.

Please send in your questions today!

Entity:
Topic: