In large part, remote-work tech tools have been a boon during the past months. But danger lurks behind certain tech when working from home.
SOMETHING WICKED THIS WAY COMES. Working remotely, whether part-time or full-time, requires a variety of technology. And, to be sure, remote-work tech tools are loaded with treats that keep our businesses humming while we work from home. But danger lurks behind certain technology, or the way lawyers and staff might use it.
What are some scary things WFH has revealed about lawyers’ tech habits? We asked our experts for some Halloween observations — as well as tricks for staying safe. Here are takes from Jim Calloway, Anne Haag, Tom Lambotte, Catherine Sanders Reach, Sharon Nelson and John Simek, and Ben Schorr.
Anne Haag: Beware the Internet of (Eerie) Things
If you or members of your team have IoT-connected devices at home like Amazon’s Alexa or a Nest security camera, you need to be wary of what work-related information those devices might see or hear during the day.
Your Google Home is always listening, waiting for you to say a “wake word” and give it something to do. All your interactions with these virtual home assistant devices are recorded, and the recordings are likely being reviewed by a company employee and fed back into their system to improve the AI central to the device’s functioning. And, while your security cameras are intended to give you peace of mind, are you sure no one else is watching? Stories about cameras being hacked abound, including one particularly blood-curdling tale in which a hacker was able to use the microphone to interact with a homeowner’s children.
Whether or not you’re comfortable inviting these devices into your home is a personal choice. But the remote-work environment complicates things. Inform your team of the vulnerabilities and risks, and make sure they know what is at stake when it comes to work-related data.
Anne Haag (@CBA_LPMT) is a Practice Management Advisor at the Chicago Bar Association. Anne worked as a patent paralegal at a Chicago IP firm before arriving at the CBA in 2017 as the Law Practice Management and Technology department’s trainer/coordinator. She is also a certified crisis counselor and volunteers as a patient advocate in the ER.
Ben Schorr: Cybersecurity Ghosts and Goblins
Over the last 18 months, as we’ve all been scattered to our dining room tables for work, we’ve learned a lot of disturbing things about the state of our cybersecurity. Working from home has a more casual feel, even if you’re not wearing bunny slippers on the couch. As a result, our security practices tend to get more casual as well. Here are some of my top scares.
Ghosts and Goblins
Not only are we increasingly working from home, but we’re using home resources such as:
- Unsecure Wi-Fi with simple, or no, passwords.
- Home computers that are shared with family members and used for entertainment as well as work.
- Work passwords used for personal accounts too.
- Home devices — like Wi-Fi routers — that aren’t updated with the latest security patches.
Home Wi-Fi networks may have been set up to accommodate kids, easy access by visitors, or non-technical family members. But that lack of security makes it riskier to use them for confidential business matters.
If your firm doesn’t issue work laptops, then staff may be working on the same home computer their teens use for gaming. Those devices are much more likely to have malware on them and not be updated with the latest security patches. Not to mention the possibility of a curious teen stumbling into a folder of confidential client documents.
Blurring the line between home and work means work passwords may also be used for Netflix, online shopping or other accounts. They may even be shared with family members. That makes them far more susceptible to being leaked, and credential attacks are the most common kind of successful attack we see.
“Hackers don’t break in, they sign in.” — Bret Arsenault, Microsoft CISO
To solve these problems, make sure you’re using a dedicated work computer, and that you use strong and unique passwords for your accounts. Turn on multifactor authentication for all your work accounts and lock your device when you step away from it. Make sure your home Wi-Fi has a good password, and that all your routers and other devices have the latest security patches installed.
Be safe out there!
Ben Schorr (@bschorr) is a senior technical writer at Microsoft. He is the author of several books including “Microsoft Office 365 for Lawyers,” “The Lawyer’s Guide to Microsoft Outlook” and “OneNote in One Hour.” He has been involved with management and technology for more than 25 years.
Jim Calloway: Scared of Videoconference Gaffes? Be Forearmed
In modern times we don’t worry so much about things that go bump in the night as about things that go beep in the night. Is someone texting me at this hour? Did I not plug something in to recharge? Did I forget to turn off some device? Maybe the refrigerator door is ajar?
But 2020 brought us a combination that proved challenging: working from home while also doing live audio and video broadcasts from there. So, we had lawyers appearing as cats in court proceedings, legal commentators losing their gigs due to inappropriate behavior online, kids and pets making guest appearances in virtual hearings, and other misadventures. Recently a judge in my state shared that she presided over a video court appearance where an attorney had his image set to horizontal and apparently couldn’t figure out how to change it. I also experienced an online program where the respected, well-known speaker tried several times to launch his PowerPoint, all the while noting how much trouble he had trying to do it. And I’ve had Zoom meetings with lawyers where everything I said was loudly echoed back because the lawyer didn’t know what caused it or how to make it stop.
When changes happened rapidly in 2020, any connection that worked was a good one. But having reached Halloween 2021, lawyers need to know how to use the tools of their trade, including tools they had never heard of in 2019.
Most conferencing challenges are not that scary. The challenge is preparation.
Remember how much you practiced your first moot court argument or your first “real court” argument? How much time did you spend training on your videoconference software? For many lawyers, the answer is “I clicked on things until it worked. But now I don’t remember what I did.”
If that is you, here are quick pointers:
- Set up a conference with someone else and practice the various tasks you might want to do without the pressure of an actual hearing or client.
- Be aware of the need for tech redundancy, which today means two good cameras and at least two microphones or headsets. I’ve had situations when a finicky platform rejected one camera but accepted another. And remember, equipment does fail — usually at the worst possible time.
- And that annoying echoing? Feedback or echoes are caused by the microphone picking up the sound from the computer speakers, which are often located near each other on laptops. I prefer using a high-quality headset. But keep a microphone or earbuds that plug into the computer nearby to use for a quick fix to these sound issues.
There are many free articles online filled with advice about videoconferencing best practices. Read some. These skills are a part of lawyer competency today.
Jim Calloway (@JimCalloway) is the Director of the Management Assistance Program for the Oklahoma Bar Association and author of several ABA books. A past ABA TECHSHOW chair, he blogs at Jim Calloway’s Law Practice Tips and co-produces the podcast The Digital Edge: Lawyers and Technology.
Tom Lambotte: Creepy Cybercriminal Tricks
The pandemic forced a massive remote-work experiment and the creepy cybercriminals have exploited this as only they can. Here are three tricks to keep an eye on this Halloween.
1. Phishing and business email compromise. Spoofed emails and websites based on legitimate contacts extract credentials granting access to sensitive information, finances or systems.
2. Employees. Even well-intentioned employees pose threats by succumbing to phishing schemes, reusing passwords, accessing systems on unsecured networks, or accidentally deleting files. But disgruntled workers can further abuse access to wreak havoc on unsecured setups.
3. Cybercriminals capitalizing on fear. The exploitation of the pandemic has been rampant over the past two years, with malicious entities hovering. Cybercriminals know how and when to prey on fear and uncertainty.
Brewed together, these three items make it a big, scary mess for remote workers.
Since the number of remote workers isn’t likely to dwindle anytime soon, it’s critical to take proactive measures when it comes to your cybersecurity hygiene.
Recently (without naming names), I was a guest on a well-known tech-savvy individual’s podcast. That afternoon, within hours of recording a podcast, he fell for a well-devised phishing scam. If a cybercriminal can catch this tech-savvy person, it can happen to anyone. Letting your guard down while working remotely happens, so be extra vigilant. Have everyone in your firm, especially the owners, enroll and complete cybersecurity training on an ongoing, monthly basis.
Tom Lambotte (@GlobalMacIT) is a cybersecurity expert who has been in the tech support industry for over a decade. He founded BobaGuard in 2019, which offers a turnkey suite for solo lawyers and small to medium law firms that include a security suite customized just for them. He is also the founder and CEO of GlobalMac IT, a managed service provider specializing in serving lawyers who use Macs.
Catherine Sanders Reach: ‘Alexa, Stop Being Freaky’
The Walls Have Ears. OK, not really. Well, kinda if you have a smart home. However, many devices already in your house may be listening to or recording your conversations (as Anne mentioned). Has Alexa ever perked up and provided information even though you didn’t say the “wake word”? Your Google Assistant? Siri? Google was under fire for having built a “secret” microphone into the Nest devices. Amazon’s Alexa collects more data than any other smart assistant. Sure, you can download and delete what Alexa has recorded. Which you should do, before your private conversations are sent to someone else or mocked by Amazon employees. From baby monitors to your smart TV to Windows 10 Cortana, our internet-capable devices are listening.
And you do have something to hide. Lawyers have a duty to protect the confidentiality of their clients. The California Bar has written a draft opinion suggesting that lawyers disable Alexa when working from home.
What to Do?
You can turn off the listening devices. You can review what data has been stored and delete it. Also, you can purchase Paranoid Home Devices to block your smart speakers.
Sadly, the wearable “Bracelet of Silence” has yet to become a real product, but it certainly would be an interesting part of your Halloween costume. In the meantime, you can fight back with the IoT Inspector, an open source app that sees what your devices are doing and identifies risks. In my youth the video for Rockwell’s Somebody’s Watching Me was super scary (right up there with Yes’ “Owner of a Lonely Heart,” but I digress).
Don’t let this Halloween pass before considering the scary consequences of voice-activated assistants.
Catherine Sanders Reach (@catherinereach) is Director of the Center for Practice Management for the North Carolina Bar Association, providing practice technology and management assistance. She was Co-Chair of the 2020 ABA TECHSHOW Planning Board. She was previously Director of the American Bar Association’s Legal Technology Resource Center for over 10 years and was one of the inaugural Fastcase 50.
Sharon Nelson and John Simek: Home Network Fears — Keep It in Check
The pandemic suddenly thrust all of us into work environments that we didn’t anticipate. Working remotely placed a strain on home networks as we tried to connect to law firm networks securely. We competed for bandwidth with our spouse and children. We tried to participate in virtual court hearings and prayed our video didn’t freeze or our audio wouldn’t get choppy.
What we learned (which is scary!) is that most lawyers don’t know how to maximize their success while using home networks.
The reality is that home networks are three and a half times more vulnerable than office networks. We’re using consumer-grade equipment to connect to an enterprise network. Since most lawyers are still working remotely, at least part of the time, here’s our advice on ways to stay safe.
Tricks for Keeping Safe
Router settings. The first advice is to change all the default settings on your home router. As an example, change the administrator password for the router and disable the ability to remotely administer the device. That will help with security — a lot.
Ethernet. Directly connect your computer to the router via Ethernet instead of using the wireless network. A direct connection will provide the most stable and fastest network connection. If your computer is too far away from the router for a long Ethernet cable, consider using Ethernet over powerline adapters such as the TP-Link AV-1000. If Ethernet is not an option, configure and use a separate Wi-Fi network on your router. At a minimum, most home routers can create a guest network. Connecting to a separate Wi-Fi network will help keep your data isolated from other family members. Get help from an IT professional if all this is beyond your tech skills.
VPN. For additional security, make sure you are using a virtual private network or use an encrypted connection when dealing with client confidential information.
Alternate connection methods. Finally, be prepared for a network failure. Have an alternative connection method should your primary access be unavailable or unacceptable (e.g., spotty video). Don’t forget that using the hot spot feature on your cellphone may be a good alternative for network connectivity. If you are competing for bandwidth with your spouse or children, that may be especially useful.
A lawyer’s world is a lot less scary with stable, secure and fast connectivity!
Sharon D. Nelson (@SharonNelsonEsq) and John W. Simek (@SenseiEnt) are President and Vice President of Sensei Enterprises, Inc., a digital forensics, legal technology and cybersecurity firm based in Fairfax, Va. They have written 18 books published by the ABA, including “The Solo and Small Firm Legal Technology Guides” and “Encryption Made Simple for Lawyers.”
More Tech Tips From Our Experts:
Subscribe to Attorney at Work
Get really good ideas every day for your law practice: Subscribe to the Daily Dispatch (it’s free). Follow us on Twitter @attnyatwork.