Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.
This month we answer readers’ questions about choosing the best cloud storage services and how to stop hackers from taking over your e-mail account.
Q: Do you have any recommendations for a personal cloud storage network?
A: Yes! The answer depends a lot on what tools you already have in your life. First off, what service do you use for your personal e-mail? Both Office 365 and Gmail come with free cloud storage. Using that for your personal (or work) cloud storage is your easiest and best option by far. If you use Apple products, Apple also has an included cloud storage starting at 99 cents. The reality is that most cloud storage companies are equally good. You can do all the same things—lock files, share files electronically, encrypt files, etc.—in any of these. So, don’t go seeking out expensive tools specifically for cloud-based storage. Use what you have at hand. Expanding your use of an existing tool is always a better option than learning a new tool.
Techie: Jordan L. Couch, GPSolo eReport Contributing Technology Editor, Palace Law, firstname.lastname@example.org.
Q: What can I do about hackers breaching one our e-mail accounts and sending e-mails to all our contacts?
A: Be ready in advance. If hackers gain access to your e-mail account, they can send out malicious e-mails, purportedly from you, to your clients and others.
The hackers’ e-mails may contain infected attachments designed to break into the computers of anyone with whom you’ve exchanged e-mails. The hackers can steal financial account information and breach the e-mail accounts of people who open their infected attachments.
Hackers also can download all the e-mails and attachments sent and received in your account. That makes for a public relations nightmare!
After a breach, you need to make some fast phone calls and take actions to protect your clients and yourself.
Your first step: Change the password on each e-mail account immediately.
Second step: If you have cyber insurance, call the company. As noted by Sherri Davidoff, CEO, LMG Security: “You may need approval from your cyber-insurer before sending a notification in order to ensure coverage for any lawsuits, investigations, or PR needs that result.” Your insurance carrier can advise you on what actions to take immediately and the services included in your policy.
When your e-mail account is breached, you likely have duties to notify the people who may be affected. Included are those who have sent e-mails to you or received e-mails from you. Notifications by e-mail and by U.S. Mail may be necessary to fulfill your legal obligations.
You should be guided by your insurer or your cybersecurity expert. You also may need to consult an attorney who specializes in data breaches. The attorney can advise you on the nature and extent of your legal obligations. They vary by jurisdiction and type of information at risk.
Of course, it is best to take actions ahead of time to both prevent and prepare for data breaches. Otherwise, you will have to move up a steep learning curve fast if you are hacked. That is stressful!
What’s YOUR Question?
If you have a technology question, please forward it to Managing Editor Rob Salkin (email@example.com) at your earliest convenience. Our response team selects the questions for response and publication. Our regular response team includes Jeffrey Allen, Wells H. Anderson, Jordan L. Couch, Ashley Hallene, Al Harrison, and Patrick Palace. We publish submitted questions anonymously, just in case you do not want someone else to know you asked the question.
Please send in your questions today!
Published in GPSolo eReport, Volume 9, Number 6, January 2020. © 2020 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association or the Solo, Small Firm and General Practice Division.