Computer screens against skyscraper backdrop

Should Bar Associations Vet Technology Service Providers for Attorneys?

[Originally published in GPSOLO, Vol. 36, No. 6, November/December 2019, by the American Bar Association. Reproduced with permission. All rights reserved.]

Image Credit: Gerd Altmann from Pixabay1

Bar associations across the country have similar goals: advance the rule of law, serve the legal profession, and promote equal access to justice. Technology can easily support these goals. From online research and billing software, to virtual receptionist and SEO services, technology vendors improve the efficiency and accessibility of attorneys. It is no wonder then that bar associations around the country are promoting technology solutions for their members.

Despite the obvious benefits, bar associations need to be diligent about vetting technology vendors. By promoting one technology provider over another, bar associations could run afoul of advertising laws, tax requirements, and software agreements. In addition, bar associations and their members need to pay close attention to technology vendors’ cybersecurity safeguards to protect client confidences.

This article will briefly address each of these issues in turn and provide a non-exhaustive checklist of considerations before choosing a legal technology provider.

Bar Associations as Influencers

When we think of product endorsements today, we think of social media influencers, bloggers, and vloggers—not bar associations. Yet, bar associations wield incredible influence over the purchasing decisions of their members. Given this influence, bar associations should stay mindful of laws addressing unfair and deceptive advertising, such as Section 5 of the Federal Trade Commission Act (FTC Act), state false advertising laws, and state unfair trade practices acts (little FTC acts).

Continue Reading Should Bar Associations Vet Technology Service Providers for Attorneys?
Postal Customer Council Flyer - Data Protection Lunch and Learn on November 14

Metaverse Law to Speak at Postal Customer Council Lunch and Learn

Metaverse Law will be giving a zip talk and participating in a Q&A panel on Thursday, November 14 at the Phoenix Club in Anaheim, CA about Data Protection and Cyber Security.

The event itinerary includes registration at 11:00AM – 11:45AM, followed by lunch and a seminar which conclude at 1:30PM.

Registration details can be found at http://www.socalpcc.org/lock-it-or-lose-it.html.

Lock in "cyber security" word circle and other dot circles

Cybersecurity Ignorance is No Excuse for Tax Professionals

Image Credit: Pete Linforth from Pixabay

Co-authored with Lily Li and Kenny Kang. Mr. Kang is a Certified Public Accountant (CPA), Charted Global Management Accountant (CGMA), and Certified Fraud Examiner (CFE) with a wealth of experience in public accounting and industry.

CPAs and other tax professionals collect their client’s crown jewels: sensitive financial data. This makes them prime targets for cybercriminals. For hackers looking to make a quick buck, or engage in more sophisticated identity theft and tax fraud schemes, tax professionals are a treasure trove of social security numbers, tax ID numbers, bank account numbers, confidential agreements, and other personally identifiable information. Consequently, 3-5 tax practitioners get hacked each week, according to a 2017 webcast by the IRS criminal investigations unit – a number that has likely increased over the last couple of years.

In July 2019, IRS released its own statistics relating to identity theft:

IRS Individual Filing Article “Identity Theft Information for Tax Professionals”

[Page Last Reviewed or Updated: 24-Jul-2019]

An estimated 91 percent of all data breaches and cyberattacks begin with a spear phishing email that targets an individual. The criminal poses as a trusted source, perhaps IRS e-Services, a tax software company or a cloud-storage provider, or the criminal poses as a potential client or professional colleague. The objective is to get the tax professional to open a link or PDF attachment. This allows the thief to steal passwords or download malware that tracks keystrokes or gives the thief control of your computer. 

In light of the rise in cyberattacks against tax practitioners, the IRS has taken notice. For this year’s PTIN renewal season, the IRS has revised Form W-12, IRS Paid Preparer Tax Identification Number (PTIN) (Rev. October 2019) by adding Line 11, which included a mandatory checkbox for tax preparers, requiring them to confirm their awareness of their data security responsibilities. Line 11, Data Security Responsibilities, states:

 As a paid tax return preparer, I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information.  Check the box to confirm you are aware of this responsibility.

This affirmative checkbox applies to licensed tax attorneys, CPAs, enrolled agents, enrolled actuaries, enrolled retirement plan agents, state regulated tax return preparers, certifying acceptance agents, and it should not come as a surprise for tax professionals.

Continue Reading Cybersecurity Ignorance is No Excuse for Tax Professionals

Women in Cybersecurity – Metaverse Law Interviews Malia Mason

Image Credit: Pete Linforth from Pixabay

Metaverse Law recently interviewed Malia Mason, co-founder and president of the Southern California Chapter of Women in CyberSecurity, Navy veteran, and business owner. A transcript of the conversation is available below:

Lily Li: Women make up only 15% of today’s cyber security workforce.  Today, I have brought my good friend, Malia Mason, who’s trying to get that number to 50%.  Malia, thanks for joining me today and talking a little bit about women in the cyber security and tech community.  To get started, can you let us know a little bit about how you got involved in cybersecurity? 

Malia Mason: Yeah, so, my career in cybersecurity actually began in the military when I was in the Navy years ago. I served active duty for four years and worked to secure our nation’s secrets. When I got out of the military, that’s when I wanted to continue to help secure data and decided to get into the cybersecurity realm and I’ve worked as a consultant for a few years and actually, this year, just founded my own small cybersecurity consulting firm called Integrum. We’re working to help secure small businesses, especially in nonprofits. 

Lily Li: Another thing that you’re very involved with is women in cybersecurity. So, tell us a little bit about what that organization does and what’s been happening lately in that space. 

Malia Mason: Yes, so, Women in CyberSecurity is a national nonprofit that was founded in 2012 and I am actually the co-founder and president of the Women in CyberSecurity SoCal chapter.  We boast over a hundred members so far and we have a chapter as well in San Diego and our launch event actually brought over 50 attendees, both women and allies, and it was great to see the community come together and we’re hosting a big Cyber Career Day on October 19th; which should be really, really fun and try to help more people get into this industry, especially women.

Continue Reading Women in Cybersecurity – Metaverse Law Interviews Malia Mason
Image of gears directing arrows to shield.

The 2019 Capital One Breach Compared to the 2017 Equifax Breach: Evolving and Improving Attitudes toward Data Security, Breach Detection, and Breach Notification

Image Credit: Khanittha Yajampa via Dreamstime.com

On September 7, 2017, Equifax announced that it had suffered a data breach that exposed the personal data of nearly 147 million people. Two years following the Equifax breach, Capital One also suffered a data breach nearly as massive in scope, affecting approximately 100 million users in the United States and 6 million users in Canada.

A casual observer might think that the two breaches are similar. After all, they both affected a large financial institution and encompassed over a million financial records. The similarities end there, however. Capital One implemented security measures to protect its customer data and engaged in a speedy response to an insider threat. Equifax failed to implement even basic data protection measures and was laggardly in reporting the inevitable breach.

Only time will tell what the full repercussions will be of these two breaches. But based on the facts in front of us, Capital One’s quick response to this breach will ultimately protect more customers in the long run. Comparing the circumstances surrounding the two breaches show a positive trend toward companies taking their customers’ data more seriously and mindfulness of ever-increasing consumer vigilance about their own data.

Continue Reading The 2019 Capital One Breach Compared to the 2017 Equifax Breach: Evolving and Improving Attitudes toward Data Security, Breach Detection, and Breach Notification
1 2 3