Monday, June 5, 2017

Sample Documents

The attached documents are presented as examples of my work; none of the individuals or facts presented herein are real. The same were created in accordance with a Legal Procedures class, pursuant to the fictional facts provided by the professor.








Sunday, August 21, 2016

Inadvertent Learning

In a study of American Workers conducted by the Pew Research Center in the Fall of 2015 and published in March of this year concerning employee's motives for advanced education and training- researchers found that “63% of full- and part-time workers say they have taken steps in the past 12 months to upgrade their skills and knowledge.” (Rainie). Motivations for taking courses and participating in training ranged from a desire to learn, maintain or improve job skills; pursuit of raises or promotions; advancement to other positions, or with other employers; licensure or certification requirement; all the way to concerns over potential downsizing.  

While the study addresses focused and determined learning, i.e., a formally-packaged curriculum, created either by companies, or educational institutions- it did not address circumstances where workers gain knowledge, or at least enhance their knowledge, through unintended and indirect means. What I speak of here are those instances where- in speaking with a co-worker, a customer, or a vendor interaction- the worker gains insight into a company’s policies, processes, strategy, or programs then uses that same kernel of knowledge to produce even greater results within a company.

For example, as a contractor and sometimes temporary worker, I am called upon to cover positions in a number of varied industries; most recently at a professional association here in the city. And although I have 5 years of experience as a paralegal along with 2 years of formal education in paralegal studies- I am far from mastering the subject. Consequently that when clients call in asking for assistance, I often utilize a number of different resources to assist them and in so doing- each time I skim a paragraph on a resource like FindLaw, peruse information on the organization’s own website, or discuss a situation with staff post-telephone call, I garner additional information and insight that helps me quickly and efficiently address the next caller; thereby, continuing to further the mission and goals of the organization with whom I am contracted. 

And for me, just as with the participants in that Pew Research Center study, there is both intrinsic and extrinsic value in that.

  

Bibliography

Rainie, Lee. Incentives- and pressures - for U.S. workers in a 'knowledge economy'. Study findings. Washington: Pew Research Center, 2016. PDF.







Monday, July 25, 2016

Non-Private Law Firms

Risk comes from not knowing what you’re doing.” Warren Buffett

As treated here, Risk refers to virtual risks- hidden dangers that are inherent in our electronic ecosystem. Each time that businesses and/or consumers utilize technology there is an associative risk accompanying that activity, regardless of whether that action it is simply entering information into a cloud database, downloading a file, or purchasing products- the risk of exposing systems to intrusion is great; hence, nowhere is the above adage more apropos than when it comes to computing.

Each week we see more and more technology developed to streamline business processes and/or with the claim of enriching our lives. Increasingly the legal community, much like industries before it, continues to incorporate technologies into its practices- albeit a bit more hesitantly than sectors like finance, banking and healthcare; yet, according to the ABA 2015 Legal Technology Survey Report, many lawyers and firms have not implemented elementary security measures considered basic by security professionals and that are used quite frequently in other professions.  Consequently the number of data breaches in law firms has increased- in detailing the alarming number of law firm breaches, the aforementioned report states that 80% of the top 100 largest law firms have been breached[i] and these are firms with in-house I.T. departments.  For some this statistic is startling, but not for the information security [InfoSec] community, on the contrary it comes as little surprise, particularly given the lack of general technological understanding in the legal community, as well as, the relatively late (in comparison to other industries) adoption of technology.

One might wonder why lawyers and law firms are such tempting targets. This question was recently addressed by prolific freelance blogger Jai Vijayan[ii] as he mused over this very question and spoke with one Mr. Jake Olcott, VP, BitSight[iii] and former counsel to the House of Representatives’ Homeland Security Committee. Mr. Olcott indicated that law firms, in addition to holding mountains of sensitive data, lack dedicated information security practitioners, as well as, the budget to properly implement information security programs and incident response plans (codified post-breach procedures). So for firms facing this circumstance here are a few suggestions:
start small- begin by understanding what it is that you have then classify the data in terms of importance, next partner with someone in the information security field (this is not your contracted network administrator who in all likelihood lacks little, if any knowledge of information security) to get a vulnerability assessment- which differs from a Pen Test in that the practitioner will not attempt to break into your system- only identify where your weaknesses lie, look for organizations- educational, non-profit and governmental that disseminate free guidance materials and webinars on the topic, and finally, check out periodicals such as Dark Reading, which offers comprehensive up-to-the-minute coverage on security together with information on vulnerabilities and application weaknesses. Equally important to remember is that software alone is no panacea otherwise, conglomerates such as Sony, Yahoo, Target and Wendy’s International would not have been breached- they own cutting-edge network security software!

While none of the aforementioned measures alone will guarantee 100 % safety, they do serve as preventative steps in the fight against attacks- much as the acts of brushing and flossing serve to prevent tooth decay and later heart disease should the infection spread into the bloodstream. Malware that spreads into a system can lock up the network, preventing the firm from accessing documents and files- a crippling blow to business.

With an estimated 1, 365, 561 lawyers in the country- according to the American Bar Associations’ statistics- it behooves the legal community to work toward a solid understanding of, and grasp on, information security, especially given the legal community’s fiduciary duty to protect the sensitive data of its clients. It is only by acknowledging the lack of awareness then taking the requisite steps to becoming informed that this community will shore up its virtual doors.  Consider this, firms take precautions against the thief that might physically walk through the door or climb through a window, so why not develop measures against those who are coming in virtually?

Wondering how intruders get in, what behaviors they exhibit, and what you and your staff can do beforehand? Then stay tuned for future installments of Non-private Lawyers and Firms.



[i] ABA Legal Technology Resource Center. ABA Tech Report 2015. Chicago: American Bar Association, 2015. PDF.
[ii] Vijayan, Jai. “Law Firms Present Tempting Targets For Attackers.” Vulnerabilities. Dark Reading.com, 12 April 2016. Web. 15 April 2016.
[iii] BitSight is a company aggregating, analyzing, and rating the security performance of companies and organizations across the globe.

Saturday, April 23, 2016

Nine steps to prevent a cyber security breach

Though not comprehensive in the sense of guidance directly from the information security field, this article nonetheless provides useful tips and at least gets the legal community thinking about the issue. The practice of law does not exist in a vacuum and therefore is not exempt in terms of vulnerabilities to data breaches.



Nine steps to prevent a cyber security breach

Sample Documents

The attached documents are presented as examples of my work; none of the individuals or facts presented herein are real. The same were creat...