AI tools used in the legal industry raise important ethical and professional responsibility considerations, including issues related to confidentiality, competence, and the unauthorized practice of law. Law firms utilizing AI technologies should ensure that they adhere to ethical guidelines and use these tools responsibly and ethically. Your firm partners may want to develop a policy of oversight and review before encouraging attorneys to use AI tools.

Microsoft Copilot is an AI tool primarily designed to assist software developers in writing code. It provides code suggestions and auto-completions and helps developers with common programming tasks. The applications for Microsoft Copilot for lawyers are focused on very large law firms that will use Copilot to develop in-house processes and procedures. Copilot is less relevant for a small law firm.

ChatGPT, on the other hand, is designed for natural language understanding and generation. It’s trained to have conversations with users, answer questions, generate text based on prompts, and perform various language-related tasks. Although it is early, there will be lawyers who employ ChatGPT to assist in drafting legal documents such as contracts, briefs, pleadings, and letters. ChatGPT might aid in legal research by generating relevant case citations, statutes, regulations, and legal precedents based on the queries or context provided by lawyers. Soon, AI may help lawyers analyze large volumes of documents, such as contracts, agreements, and discovery materials. AI, like ChatGPT, could help lawyers in writing responses to client inquiries, providing general legal information, and explaining complex legal concepts in plain language.

SECURITY

AI steps up the need to ensure all security measures are being taken to keep client-privileged data secure. Your firm has a cyber security plan in place, and in the event of an issue, all data is backed up and recoverable.  The local FBI field office can be reached at (754) 703-2000. Cyber-attacks can be reported here: https://www.ic3.gov/  Monitor your backups daily and we perform test restores.

  • Ensure your firm has a highly-rated firewall with a subscription to keep it updated. Get notifications of any suspicious activity.
  • LCC strongly recommends your firm also employ multi-factor authentication on all secure systems and websites.
  • LCC strongly recommends your firm employ secure passwords!
  • Education is the best defense against a cyber-attack.
  • Schedule a phishing test and share the results later this month.

Let’s schedule a time to discuss your concerns about using AI in the practice of law and how to keep data secure with AI threats.

Pension Trustees need to affirm Pension Administrators are in compliance with EBSA Cybersecurity guidelines.
https://www.dol.gov/newsroom/releases/ebsa/ebsa20210414

The Department of Labor Department of Labor set new standards for Cybersecurity Compliance. In April 2021, the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issued cybersecurity guidance for employee retirement plans. Shortly thereafter, the DOL updated its audit inquiries to include probing questions for plan fiduciaries about their compliance with these new agency guidelines. Subsequently, pension trustees have a responsibility to affirm pension administrators are abiding by Internet Security best-practices as outlined by the Department of Labor.

Legal Computer Consultants (LCC) assists pension trustees, working with pension administrator’s Chief Information Officers (CIOs), to affirm they are following cybersecurity best practices.

Working with the CIO of each pension trust, LCC conducts an in-depth inventory and questionnaire, collates results, and in some cases, requests validation. The evaluation assesses adherence to Department of Labor guidelines as articulated in the following guidelines outlined by the DOL:

Cybersecurity Program Best Practices,
https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/best-practices.pdf

Online Security Tips,
https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/online-security-tips.pdf

and
Tips for Hiring a Service Provider With Strong Cybersecurity Practices.
https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/tips-for-hiring-a-service-provider-with-strong-security-practices.pdf

 

To learn more about how Legal Computer Consultants helps pension trustees perform cybersecurity due-diligence, contact
Peter Rabbino
peterr@legalcomputer.com
(954) 937-4528

 

 

 

.

Now is the time to prepare your law firm for the growing Corona virus epidemic.
In response to the current public health emergency, state and local governments across the country are requiring employees to work remotely to reduce the spread of the Corona Virus. Soon, this will be the case in South Florida too.

Legal Computer Consultants can help your law firm develop an emergency plan that includes technology solutions for remote access and communication strategies to ensure your employees, partners and clients have the essential information and tools they need.

How to prepare your law firm:

    1. COMMUNICATE an emergency plan: All businesses should have a written emergency plan that outlines how employees should communicate with managers, where they can receive updated information about business hours and employee expectations, how to secure corporate assets and respond to customer requirements, and more. The plan should be distributed, giving staff the opportunity to address any specific concerns.

    2. TEST remote work options: Consider off-premise collaboration tools for employees. Employ telephone solutions that include voice, video conferencing and messaging to keep employees working effectively. In addition, provide managers the training they need to manage their teams remotely and clear guidance on what they should expect from remote workers. Confirm your entire staff can concurrently access information they need to respond to customer demands remotely, including encrypted data.

    3. SECURE your network and backup data: Responding to an emergency highlights the importance of implementing strong cybersecurity solutions and training your staff on ways to protect company data and assets.

    4. DEPLOY collaboration and communication tools: Improving remote work abilities is possible with the help of cloud-based collaboration tools. Whether team members use a tablet, mobile devices or desktop computers, employees can continue to stay connected and remain productive even when they’re not in the office.

    The time to act is now!
    Contact Legal Computer Consultants today to discuss how we can support your emergency planning efforts.

    Stay safe and let us know if LCC can help prepare your law firm.

    Peter Rabbino
    Mobile: (954) 937-4528
    Dade: (305) 371-4522
    Broward: (954) 680-3760
    WPB: (561) 296-4522
    peterr@legalcomputer.com

    www.legalcomputer.com
    Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.

CNN reports that Microsoft sends another warning: Update Windows now to fix critical security issues

Microsoft issued two emergency Windows updates Monday to protect against “critical” and “important” vulnerabilities impacting Internet Explorer and Windows Defender, the anti-virus software.

The Internet Explorer flaw, which affects versions 9, 10 and 11, could enable attackers to gain the same user rights as the current user and infect a computer. Although Microsoft replaced Internet Explorer with the Edge browser in Windows 10, the software is still pre-installed on all versions of Windows.

The Windows Defender bug makes it possible for a remote attacker to take over a target system and prevent legitimate users from using the software.

Users must install the security update for Internet Explorer manually as Microsoft (MSFT) will not release an updated scan file until the next security release in October 2020, but the update for Windows Defender will be installed automatically.

Recently there have been complaints from users about Windows updates breaking and slowing computers, which could deter users from installing the updates. However, Gartner analyst Peter Firstbrook told CNN Business that users should go ahead with the updates because a blue screen is much easier to cleanup than an attack.

“From a security perspective, you’re much better off to stay current and stay with the latest updates,” Firstbrook said.

Although it might seem like bad updates are a common occurrence, Firstbrook said attacks are actually more frequent. Bad updates typically receive more user reaction compared to attacks that occur when users don’t install updates.

The latest security threats come just a little over a month after the company warned Windows 10 users to update their operating systems due to two potentially “wormable” vulnerabilities.

 

Properly implemented, Office 365 Advanced Threat Protection (ATP) helps protect against sophisticated threats hidden in email attachments and links, and it provides cutting-edge defenses against zero-day threats, ransomware, and other advanced malware attempts.

 

Call Legal Computer Consultants today to learn how Advanced Threat Protection can help your firm protect itself from advanced threats.

(800) 646-9199

If your firm needs to comply with regulatory standards for retaining your data, the Office 365 Security & Compliance Center provides features to manage the lifecycle of your data in Exchange Online. This includes the ability to retain, audit, search, and export your data. These capabilities are sufficient to meet the needs of most firms.

However, some firms in highly regulated industries are subject to more stringent regulatory requirements. For example, firms that deal with financial institutions such as banks or broker dealers may be subject to Rule 17a-4 issued by the Securities and Exchange Commission (SEC). Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of records retention.

To help these firms better understand how the Security & Compliance Center can be leveraged to meet their regulatory obligations for Exchange Online, specifically in relation to Rule 17a-4 requirements, Microsoft has released an assessment in partnership with Cohasset Associates.

Cohasset validated that when Exchange Online and the Security & Compliance Center are configured as recommended, they meet the relevant storage requirements of CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4.

Click below to download the report by Cohasset.

Office 365 Exchange Online Cohasset SEC 17a-4(f) Assessment

Highly regulated industries are often required to store electronic communications to meet the WORM (write once, read many) requirement. The WORM requirement dictates a storage solution in which a record must be:

  • Retained for a required retention period that cannot be shortened, only increased.
  • Immutable, meaning that the record cannot be overwritten, erased, or altered during the required retention period.

In Exchange Online, when a retention policy is applied to a user’s mailbox, all of the user’s content will be retained based on the criteria of the policy. In fact, if a user attempts to delete or modify an email, a copy of the email before the change is made will be preserved in a secure, hidden location in the user’s mailbox. Retention polices can ensure that an organization retains electronic communications, but those policies can be modified.

By placing a Preservation Lock on a retention policy, an organization ensures that the policy cannot be modified. In fact, after a Preservation Lock is applied to a retention policy, the following actions are restricted:

  • The retention period of the policy can only be increased, not shortened.
  • Users can be added to the policy, but no user can be removed.
  • The retention policy cannot be deleted by an administrator.

For more information on how the Security & Compliance Center can be leveraged to meet your regulatory obligations for email with Office 365 Exchange Online, Contact Legal Computer Consultants at (800) 646-9199.

CYBER SECURITY POLICY
KEEP CONFIDENTIAL INFORMATION SECURE
Our employer is implementing cyber-security policies and best practices to improve security of our computer network and confidential work product. Please review carefully, implement each policy immediately, print and sign this policy statement and return to administration immediately.

The employer provides network, communications systems, equipment, devices and access to cloud services (”technology resources”) to carry out legitimate employer business. By using these technology resources, any user consents to disclosing the contents of any data files, information and communications created on, stored on, transmitted, received or exchanged via its network, communications systems, third party hosted applications, cloud services, equipment or devices.

There is no right to privacy in the use of employer’s technology resources. By using the employer’s technology resources any user consents to monitoring, recording, and reviewing the use of that technology resource.

Users are expected to act lawfully, ethically and professionally, and to exercise good judgment.

Users who are granted access to critical data are responsible for its protection.

Use of technology in violation of this policy is subject to disciplinary action up to and including termination.

1) Password policy
a) Do not use the same password for different sites.
b) Passwords must be strong. Strong passwords should:
i) Contain at least 8+ characters, use a passphrase instead of a password.
ii) Include upper and lower case letters, numbers and special characters
iii) Not use dictionary words (brute force attacks)
iv) Be unique to one person
v) Not be reused on multiple account logins
vi) Changed every 60 to 90 days
vii) Be required after a period of inactivity (screen saver with password enabled).
viii) Never be shared with anyone else
c) Appropriate storage of passwords. Do not write down passwords on paper. Do not store passwords on individual laptops, mobile devices or home computers unless they are saved safely in an encrypted application on your mobile device. Example: https://start.1password.com search ‘1password’ in the app store on your device.
d) Never provide security or personal information by email to anyone.
e) Passwords should never be shared.
f) Legal Computer Consultants will never call you to ask for your password over the phone. If you do need to provide other confidential credentials ensure that the employee has authority to receive such credentials from firm administrators or partners.

2) Secure your PC
a) Always lock your computer before leaving your desk: Press the [Windows Key]+[L] to quickly lock your screen.
b) Enable screen savers with a password to be required after a period of inactivity.
c) Do not use USB memory devices on office PCs. Do not save or open files on USB memory media. Do not charge/connect Android devices or ‘Trust’ iPhones in USB ports.

3) Be Careful when you click:
a) Do not click on any link unless you know you can trust the source and you are certain of where the link will send you. If you are unsure about a link, the best thing to do is call the sender prior to clicking on the link. Do not follow links in emails asking to login to existing accounts. Delete the email and go directly to the web site in a web browser to login to an existing account.

4) Do not share confidential information or credentials with anyone by phone or email:
Social engineering is a non-technical approach hackers use to get sensitive information. Social engineering techniques include phishing emails, fake phone calls, and physical impersonation.

5) Never click on links asking you to update your credentials for any web site. If you think the email may be legitimate, you should go directly to the website to update credentials.

6) Appropriate Use:
a) Report any suspicious activity or security concerns immediately.
b) PCs and the computer network are the property of the employer and should only be used for business purposes.
c) Do not install software (like streaming music) or use personal email.
d) Do not use the computer (including browsing the Internet) for personal use.
e) Internet/Intranet Usage:
i) Usage should be focused on business-related tasks.
ii) There is no right to privacy in an employee’s use of the Internet/Intranet.
iii) Use of the Internet, as with use of all technology resources, should conform to all employer policies and work rules.
iv) Visiting or otherwise accessing sites such as the following are prohibited:

(1) Adult Content
(2) Games
(3) Violence
(4) Personals and Dating
(5) Gambling
(6) Hacking

7) Ownership of Data: The employer owns all employer data, files, information, and communications created on, stored on, transmitted, received or exchanged via its network, communications systems, equipment and devices, such as e-mail, voicemail, text messages and Internet usage logs “digital records” even if such communications reside in the cloud. The employer reserves the right to inspect and monitor any and all such communications at any time, including personal data stored on Employer systems, for any lawful purpose and with or without notice to the user. The employer may conduct random and requested audits of employee accounts (including accounts with commercial or other third party providers if used in the course of conducting Employer business) for any lawful purpose including but not limited to ensuring compliance with policies and requirements, to investigate suspicious activities that could be harmful to the organization, to assist the employer in evaluating performance issues and concerns, and to identify productivity or related issues that need additional educational focus within the employer. Digital records may be subject to public disclosure and the rules of discovery in the event of a lawsuit. The employer’s Internet connection and usage is subject to monitoring at any time with or without notice to the employee.

Agreement to follow cyber-security policy:
I understand and agree to abide by these cyber-security policies.

_______________________________ Dated: ____________

Advanced Threat Protection (ATP) is an external extra layer of protection offered by Microsoft Office 365 (before email gets to your office) added above the current virus protection and malware.
• ATP provides “zero-day” protection versus the current automatically scheduled updates
• ATP scrubs attachments before they get to your mailbox.
• Once deployed, you will notice that links in emails are “redirected links” to insure they are safe. ATP tests all links before forwarding them to your inbox.
• Also, ATP can help us diagnose, trace and report intrusion efforts to help us educate specific staff that may be clicking malicious links.

LCC recommends ATP for your firm.
Peter Rabbino
peterr@legalcomputer.com
www.legalcomputer.com
Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.