John W. Simek is vice president of the digital forensics, managed information technology and cybersecurity firm Sensei Enterprises. He...
Sharon D. Nelson, Esq. is president of the digital forensics, managed information technology and cybersecurity firm Sensei Enterprises. Ms....
With the coronavirus outbreak driving people to work remotely, John and Sharon have been inundated with questions from lawyers and law firms on how to work from home securely. This edition of Digital Detectives is dedicated to answering the most common questions they’ve received and helping listeners continue to serve their clients in these uncertain times. They discuss methods lawyers should be employing during this crisis and offer recommendations for remote work tools and services.
Special thanks to our sponsor, Logikcull.
Coronavirus and Working Remotely: What You Need to Know
Intro: Welcome to Digital Detectives, reports from the battlefront. We will discuss computer forensics, electronic discovery and information security issues and what’s really happening in the trenches; not theory, but practical information that you can use in your law practice, right here on the Legal Talk Network.
Sharon D. Nelson: Welcome to the 113th Edition of Digital Detectives. We are glad to have you with us. I am Sharon Nelson, President of Sensei Enterprises, a digital forensics, cybersecurity, and information technology firm in Fairfax, Virginia.
John W. Simek: And I am John Simek, Vice President of Sensei Enterprises. Today on Digital Detectives our topic is, ‘Coronavirus and Working Remotely: What You Need to Know’.
Sharon D. Nelson: Before we get started I would like to thank our sponsor. Thanks to our sponsor Logikcull, instant discovery software for modern legal teams. Logikcull offers perfectly predictable pricing at just $250 per matter per month. Create your free account at anytime at logikcull.com/ltn.
John W. Simek: Today Sharon and I are without a guest. With all that’s happened with the coronavirus recently, we have been inundated with questions from lawyers and law firms. So this podcast is dedicated to answering some of the most common questions we have gotten about working remotely and securely and even questions we got this weekend, right Sharon?
Sharon D. Nelson: Oh, we have had nothing but questions; in fact, I didn’t even get a chance to tell you John that I talked to a cybersecurity expert down in an Atlanta and he has been doing all over the entire weekend what our guys have been doing, which is getting everybody set up to work remotely. And he told me that when they proposed their plans to him, he just said I can’t believe how stupid these employers are.
On that cheerful note, let’s talk about remote access, because there are some firms, many firms actually that are provisioned for remote access but not necessarily for everyone and not all the firms are provisioned for remote access. So what do you have for us in terms of suggestions?
John W. Simek: Well, I guess it’s a mixed bag as you know and I think the good news or the positive side at least for a lot of our clients is they are already equipped with laptops as their primary workstation, in the office, which is good. Maybe they are not used to taking it home all the time, but they should be doing it now if they are not — if they haven’t fully implemented a work at home environment, but it’s certainly a lot better if they have a laptop to start with than it would be if they are using a traditional like Tower or a desktop unit in their office, that makes the choices a lot less, if you know what I mean.
Having the firm’s laptop, at least we have some semblance of control with it, we know what’s on it, all we have to do if it hasn’t already been provisioned for some sort of remote connectivity is to maybe configure it quickly or get some software, those types of things on it, but that’s kind of the basis. And like I said, the good news is that more and more folks are using laptops as primary, just like we do in our own firm here.
But more and more as well are in a good position now because of cloud usage, their data is in the cloud or maybe they are using practice management systems like MyCase or Rocket Matter or Clio or something like that, which is in the cloud, so they don’t really have to worry about which machine they are using. A lot of folks are using cloud services for document assembly, document management, those types of things. Office 365 is a great tool as you know and we have a lot of clients. What would you guess, maybe probably 50-60% now that are subscribers, if not more?
Sharon D. Nelson: I think it’s more than that now, it’s gone very quickly and it certainly is our recommendation that you think about moving to Office 365 if you have not because you get so much with it that will help you in this particular crisis.
John W. Simek: Yeah. And I think those folks are — they are actually enjoying the fact that — their subscription service with Microsoft and Office 365. But really you have to step back and you have to look at all of those things, all those pieces and kind of do your gap analysis.
So as an example, if you — maybe you have a practice management system but the data is not in the cloud and it resides on a server in your firm and you decide that you know what, maybe you are being forced by the Governor because they are telling businesses to shut down or your firm decides that we are going to implement a work at home policy, well, now you have got to deal with that data, how do I get to it, right? It’s sitting on a box that’s in my firm. Do I have anything today that’s in place to remotely connect to that, to remotely access that information?
And your IT folks can help a lot when it comes to that, but when we are talking specifically about anything that is driven by a database, a practice management system or document assemblies or any of those types of things, dragging that data across the Internet, if you will, having the data in your law firm and having the client software sitting let’s say on your laptop at home and moving all that information across that wire is not really a good thing and it can also cause potentially data corruption. And even if you are using Wi-Fi, you shouldn’t be doing that either.
So you have to be really cognizant of those types of things, which means that if you do have on-premise information that you need to gain access to, you are going to need some sort of remote access capability to do that, whether that’s a LogMeIn, a remote control type of deal, GoToMyPC, whatever piece of software to access your own computer in your office. Or if you are a larger firm, maybe you have got terminal server running or Citrix or something like that, but at the end of the day you really have to analyze where your data is at and then how are you going to get to it, whether that’s through cloud services or whether that’s some sort of remote control or remote access service into your own law firm.
Sharon D. Nelson: John, I think that it’s true that there are some, especially for the solo and small firm lawyers, there are some folks, like LogMeIn I believe is offering free access right now. Is there a catch?
John W. Simek: It’s interesting. Yeah, there is a catch. It’s interesting. You have to read the fine print, right? We have a lot of folks that are taking advantage of the situation and some of them that are gouging, as you know, like try to get your hands on a one ounce bottle of Purell. What did I tell you, I found one yesterday that was — it was like —
Sharon D. Nelson: $750 or something.
John W. Simek: Yeah, something crazy. But LogMeIn is doing some good things, but for the solo and small, I have got some other alternatives for them. But what LogMeIn is offering, the free thing, I think that you heard was they are offering free remote work kits for healthcare providers, educational institutions, municipalities and nonprofits for three months, they are offering that for free.
And they have got some other incentives too. If you are already a LogMeIn customer, they are going to give you that emergency remote work kit, which includes a lot of different tools, which I am not going to get into all the detail. You can kind of get on the Internet to look at all the stuff that’s included. But that’s really the free thing that they are giving away.
Cisco with WebEx though is giving free things away too, but as an example, for businesses, you can get, if you are not currently a WebEx customer at the present time you can get a free 90 day license for your business. I think what they are hoping is that you try and then you are going to buy it, right, if you use it for 90 days. And if you are already a customer, then there are other incentives as well.
More and more of the companies, they certainly are helping during the coronavirus pandemic that we have, but you need to kind of look at what’s the fine print, if you know what I mean, in what they are offering, because I mean if you are LogMeIn — if you are a solo using LogMeIn, a regular subscription to that is like $350 a year and maybe now is the time that you want to do that, maybe you want to take control of your office computer and work from home more.
Sharon D. Nelson: Well, I think that a lot of folks have been saying that the way we work has probably changed forever, especially after we get used to all these new systems and have everything in place, we probably will never go back entirely to the traditions of the past. I think those days may well be gone.
John W. Simek: Well, I think you are right and I think you are going to see a lot more cloud adoption too as a result, right?
Sharon D. Nelson: Yes. Oh yeah, no, that’s something we will definitely be seeing. I do want to caution people though particularly to pay attention to the number of licenses they have, because that’s — I think that’s going to be one of the biggest problems is that they are going to have insufficient licenses to do what they want to do.
John W. Simek: And I think that’s a good point, because depending on what you are using, if you have a VPN connection, VPN Enterprise version as an example, maybe you have only purchased for three people to access and then now you are asking 10 people to do it. So that’s a very good point about the licensing.
Sharon D. Nelson: It’s very different. And it’s funny, I just got a flash alert from a LISTSERV saying that the Virginia Supreme Court has closed our court system with the exception of minor — very important matters, but everything else is closed. So we are seeing — we are grinding to a halt and I know the legal profession is worried about everything that has to do with that, and don’t take my word for that statement about the Supreme Court shutting down the court system because I did just hear it from a LISTSERV and not from an authorized source, but I am pretty sure it’s accurate because they met yesterday and we were expecting an announcement today.
John W. Simek: You mean it’s not like the Internet, that it’s not true?
Sharon D. Nelson: Yeah, yeah, not exactly, not exactly, and that’s a big problem too and we will talk about that later John, but all those hoaxes that we have seen about the coronavirus and people clicking on things, that’s a big problem.
But let’s go back to the actual questions we were meaning to talk about, collaboration is going to be a very big thing, so collaboration tools are big. If you have Office 365, the Pro version are higher, you are going to have Teams, Microsoft Teams and lawyers are learning to work with that a whole bunch more than they once did. I mean that was just not something that they utilized very much, but now they are not only utilizing it, they love it, so you might explore that if you haven’t explored it yet. You can also I think get Teams free, right, currently.
John W. Simek: Yeah, Microsoft is now offering six months of Teams free, even if you don’t have the Office 365 subscription.
Sharon D. Nelson: So that’s a really good tip. And Slack, which a lot of people use now, I think they have a free offering as well.
John W. Simek: They do have a free offering; it has some limitations. I don’t know if they have expanded that offering though.
Sharon D. Nelson: It’s something to look at, because Slack is something that a lot of — the smaller groups often like that, so you might take a look and see about that.
Are there any other collaboration tools? I guess we should talk about video conferencing. We have seen more and more of the smaller firms use Zoom, which in fact we are using to record today. In the larger firms it tends not to — it tends to be Cisco, right, WebEx?
John W. Simek: WebEx, yeah.
Sharon D. Nelson: We see that I think more than anything else, but if you haven’t done the video conferencing, we would suggest that you check out Zoom. There are some limitations to it, but even if you have the paid version, it’s only, what, $15 a month John, is that right?
John W. Simek: Oh, I would have to bring it up. I don’t remember what the cost is.
Sharon D. Nelson: Yeah, I think it’s $15 a month, but it’s not a lot. And one of the things they are saying is we all begin to huddle inside our homes and not go out, one of the things the experts are saying is that since you can’t meet with your client in person the way you used to or — it’s certainly not desirable to, they are saying that forming a personal relationship is far better if you are video conferencing than just talking on the phone and that is the way to develop relationships today if you cannot meet or should not meet in person.
So I thought that was very interesting that they are really recommending that people go to the video so that people can see for instance whether something you are saying might be a joke, because you are obviously smiling. You can just communicate a lot better and forging a relationship is so important as a lawyer.
John W. Simek: You are right, it is $15 a month for the Pro version of Zoom.
Sharon D. Nelson: Okay.
John W. Simek: But I don’t know, did you see that recent, and not to beat on Zoom, but I will, the post that just came out which basically says Zoom can tell your boss if you are not paying attention? They have a feature called Attention Tracking within Zoom.
Sharon D. Nelson: Yeah, they are not the only one, so let’s not beat on Zoom. This attention tracking thing is rampant these days. So yeah, I have some issues with the privacy there.
John W. Simek: Yeah, so just be aware of that.
Sharon D. Nelson: Yeah, be very aware.
John W. Simek: Well, it’s like what we are always saying, right, read the Terms of Service and read the privacy statements.
Sharon D. Nelson: Yeah, I guarantee you even after having listening to this they won’t take our advice, they won’t do it, but yeah, nonetheless, I think they will be interested in the fact that their bosses may know whether they are paying attention, so they may actually pretend to pay attention.
John W. Simek: But I do want to add something to the video conferencing thing and a lot of these tools are used. I know a lot of the — some of the vendors that we deal with and I deal with, they use Zoom as their primary communication mechanism, because they are using Voice over IP, they don’t want people paying for phone calls and that kind of stuff. But whenever you use any of these tools certainly give consideration to a few things. Sound is a big one and whether that’s microphone or audio even for yourself, so getting yourself a headset, a USB headset with a microphone or something like that or earbuds is certainly going to help the quality for the people that are on the receiving end, hearing you as well as you being able to hear too.
Sharon D. Nelson: Very good tips. Let’s talk a little bit about allowing remote access from the home machines, which really is a security nightmare and especially the way employers right now, law firms are deploying this kind of thing, very stupidly as our friend said to me earlier. So what is it that we need to be careful of John?
John W. Simek: Well, a couple of things about home machines. First off, understand that if they haven’t already been pre-configured to connect to the law firm network, you are going to have to deal with that, even if you are using a VPN. So think about this, if you are using a VPN, you have a VPN client, VPN software, you have got to somehow get that on that remote users, their home machine, have it configured so that they can use that VPN and then contact and connect up with the law firm’s network. But I think what’s probably — and then you have got the liability issues and policies that you have to put in place and all that kind of jazz, which I know you know all about.
But I think probably one of the bigger issues is going to be — or concerns to me is the security on that home device. What kind of security software are they running? Is it up-to-date, do they have a subscription, is the machine patched to current levels, all that kind of stuff? And what we are seeing is that — and for a lot of our clients, they want those home machines to participate in the same managed security network that their law firm machines are.
So as you know, we are pushing out the antivirus, anti-malware, the security software that we use within the law firm’s network, we are pushing it out to the home machines, so they are now managed centrally as part of that same environment. So again, we get a warmer, fuzzier feeling because we have got our own security software, if you will, on there and we know that we are protected. So that’s one thing about that, right?
Sharon D. Nelson: Yeah, absolutely. And I did just get confirmation that the Supreme Court did issue that order, it’s already online. So it looks like it’s for a period — all deadlines are tolled and extended for a period of 21 days.
Anyway, that’s probably — now that you can look it up online in the State of Virginia, you are probably going to see something like that in a lot of other states. I am not aware how many states may have done something yet, but this is going to make a big impact on lawyers and law firms, and it also sends a message, it sends a message that this thing is really serious and that the courts are taking note and taking measures, strong measures.
John W. Simek: Well, before we move on to our next segment let’s take a quick commercial break.
Sharon D. Nelson: 10 years ago eDiscovery meant lawyers packed into a basement, fumbling with complex slow software, wondering where their lives had gone wrong. Today not much has changed. That’s why Logikcull is putting an end to eDiscovery. Logikcull is simple, powerful, instant discovery software, designed to make you hate document review less. Create a free account today by yourself, with no human interaction at logikcull.com/ltn. That’s logikcull.com/ltn.
Sharon D. Nelson: Welcome back to Digital Detectives on the Legal Talk Network. Today our topic is, ‘Coronavirus and Working Remotely and Securely: What You Need to Know’.
So John, I know that this is something that only you can explain, but you were talking to me about splitting VPNs and I will bet not one person in a thousand listening has any idea what that means or whether it’s a good or bad idea, so would you explain please?
John W. Simek: Yeah, when I said splitting VPNs, you probably said my head is splitting.
Sharon D. Nelson: It often does when you are talking my dear.
John W. Simek: Well, and there are other people that can talk about it too. It’s actually — the term is actually split tunneling and the guidance over the years has always been that if you are going to use the VPN, a VPN as you know is an encrypted channel, encrypted connection, is we wanted all of that data to move down that channel, that complete channel so we can control it; DNS requests, Internet activity, anything, everything, we always wanted to run that for security purposes down that one pipe.
Well, because more and more folks now are going to be using VPNs and they are going to be using VPNs to connect up to their law firm’s network, we have to be concerned about capacity and bandwidth. If all data, including your searching on Amazon and all this other stuff, if all that data is being pumped through the law firm’s network and then from the law firm going out to the Internet, then we are using bandwidth that we don’t want to use. It’s going to really start chugging things down and slowing them down.
So the concept here is to do what they call split tunneling. So you build a tunnel and this is a propeller-head way to go at it, so your IT folks are going to have to do it, is any traffic that needs to get to the law firm’s network goes down one tunnel and anything else that doesn’t need to go down there goes out another tunnel. So you are using the user’s home network, if they are at home, their home network to do all the other Internet type stuff, but only the things that are required to go to the firm are going that direction. So that’s what that split tunneling means.
And more and more now the security folks are saying, you know, normally we wouldn’t recommend that, but because of the times we are in now, probably we should be doing it.
Sharon D. Nelson: I think probably that’s a good idea.
And here is another problem I foresee. People are human. They go home, they are supposed to do all this stuff, but they haven’t logged in or connected to anything from home forever. And so a lot of them are going to be — they are going to need retraining, not only on just getting in, but on what the policies are about that and anything else they need to touch. If there is anything that they don’t remember, they are just going to be at a loss and they are going to need a lot of support from somewhere.
John W. Simek: Yeah, that’s very true. I think that they are going to have to relearn and maybe there is a document that comes out or whatever or maybe before your firm decides that well, on Wednesday we are going to implement our work at home policies and then so maybe tomorrow you get everybody in the conference room and you show them how this thing works.
Sharon D. Nelson: Yeah, I think that that’s particularly true in smaller firms; the bigger firms are probably connecting more often, but the smaller firms not so much.
And then if there is access from home, are they competing with three kids and their spouse for bandwidth. I mean that’s a problem too. So what they really probably ought to be doing is using phone hotspots, but as you and I both know, there are people who know all about phone hotspots and lots of lawyers who don’t know anything about how to set up a phone hotspot, not that it’s all that complicated, they have just never done it. And do they need to be on separate networks? What do you think about that question John?
John W. Simek: First off, most folks don’t have separate networks in their home to be able to isolate the Netflix traffic from their own law firm traffic, that kind of stuff. Hotspots would create a separate network, if you will, but they tend to be a little bit slower than what your regular one is, your regular Wi-Fi in your home, but they can be faster too. So it’s all experiments.
From a confidentiality and security perspective, sure, if you are on your own hotspot, then you are going to be a lot more secure. But the hotspot is a Wi-Fi connection, remember that, but if you are doing video conferencing and you are running Zoom Communications or you want this personal touch like you were just talking about with seeing someone’s face and doing all that, well, video over Wi-Fi, you are going to have a more unstable connection. You are better off being directly Ethernet attached.
And a lot of folks don’t have hardwired Ethernets in their house. I mean you know we do because I wired it, but for those folks that don’t have that ability to have hardwired Ethernet, a great alternative is to get an Ethernet adapter that goes over a power line. So what basically it is, is you take a box, you plug it into one outlet, you connect an Ethernet cable to that box and you connect it to your router. And then you take a second one, you connect it into another electrical outlet somewhere near your computer, connect the Ethernet cable from that box to your computer and then it uses the electrical wiring that’s within your house to send that Ethernet signal across, so now you are not on Wi-Fi anymore.
A couple of things that does for you, it’s faster speed. So if you are competing for bandwidth for the kids that are surfing the Internet on their iPads, you are going to get there faster because you are on the Ethernet side, so that’s one thing. But it also will help stabilize that video conference connection that you have and so it’s a much better solution.
One of the devices that I really like that I think folks should take a look at is by TP-Link, it’s a model AV1000. It’s about $55 on Amazon, which isn’t a lot of money. It’s going to be a lot cheaper than bringing a contractor in and drilling holes and running a wire through your wall.
Sharon D. Nelson: Yeah, $55, that’s $55 well-spent if you ask me.
Another problem that we are seeing is that law firms are now wanting to issue laptops to employees who didn’t formerly have them. So they want it to belong to the law firm so they control the security, etc., but now we are facing a supply problem. There are some laptops currently that talk about two to three months shipping and some of these are popular manufacturers. So what do we do about that John? I know that we always recommend you get a business-grade machine, but you might have to get a consumer-grade machine if the business-grade is not available, right?
John W. Simek: That’s true. You are going to have to go and hopefully they haven’t shut the stores down yet in your state. So go to a Best Buy or whatever or I know a lot of firms are even going on Amazon and they are buying laptops there so that they can be delivered so they don’t have to go into a store. But the delay is going to be much greater as more and more demand goes after these devices, but yeah, you may have to buy a cheap consumer-grade and accept the fact that you are only going to get a year’s worth of work out of it.
Sharon D. Nelson: Well, the other thing I think we need to say is that if people don’t have a remote working policy, they need to adopt one. There are templates online so you can at least start from that and customize it for yourself.
But the other thing; that was a very serious point, the less serious point is that employees now have an article from Lifehacker on how to make it look like they are working from home when they are not. Just google that so you know what they know so maybe you can counter it in some way. But it’s amazing that that’s what employees are already thinking about.
John W. Simek: Yeah. I want to give another tip too besides those Ethernet connection things, especially for the solo and small folks, if they are looking to do that LogMeIn, that remote control kind of access we were talking about earlier, take a look at a product called ConnectWise Control. It was previously called ScreenConnect. It runs around $24, $25 a month for that, so it’s significantly cheaper and you can get it on a monthly basis. So if you want to do it now and say I am going to hunker down for the next two months or the eight weeks I think is what the CDC is saying these days, right Sharon, then you are out, what, $50 instead of doing an annual $350 subscription like you would with some other products, just another tip.
Sharon D. Nelson: I hope that next time we talk we have a happier, more cheerful subject, but it is what it is and I think that if you take a long hard look at what your needs are and maybe utilize some of the tips we have talked about, in the end you are going to be in a better place even though you have to spend some money for apps upfront. But these are the times we are in and everything is changing for all employers, including law firms.
John W. Simek: Well, that does it for this edition of Digital Detectives. And remember, you can subscribe to all the editions of this podcast at legaltalknetwork.com or in Apple Podcasts. And if you enjoyed our podcast, please rate us on Apple Podcasts.
Sharon D. Nelson: And you can find out more about Sensei’s Digital Forensics Technology and Cybersecurity Services at senseient.com. We will see you next time on Digital Detectives.
Outro: Thanks for listening to Digital Detectives on the Legal Talk Network. Check out some of our other podcasts on legaltalknetwork.com and in iTunes.
Sharon D. Nelson and John W. Simek invite experts to discuss computer forensics as well as information security issues.
Doug Austin and Brett Burney give best practice tips for audio and video discovery.
Judy Selby gives a comprehensive overview of the many uses and risks associated with biometric information.
Cybersecurity expert Mike Maschke explains how penetration tests help lawyers protect themselves by identifying weak points in their security systems.
Maura Grossman discusses how TAR is used by medical researchers to support their efforts to understand and treat COVID-19.
David Ries gives an overview of work-at-home and remote access best practices.
Doug Austin surveys the current state of the eDiscovery industry and discusses emerging trends.