International Legal Technology Association (ILTA) Legal Technology Conference in Las Vegas August 22-26

The National Law Review suggests you look into attending the International Legal Technology Association (ILTA) Legal Technology Conference – Strategic Unity in Las Vegas August 22-26 Aria Resort http://conference.iltanet.org/

What Corporate America Can Learn from America’s Greatest Spy. Corporate Data Security Quick Reminders.

Since the 1990’s the information explosion has drastically increased the ability to share information and also the ability to steal information.  Former FBI undercover operative Eric O’Neill is widely credited with bringing down America’s most notorious spy, Robert Phillip Hanssen.  At Inside Counsel’s Super Conference, Eric gave the first day’s Keynote address where he outlined how Corporation’s can learn some lessons from the Hanssen case.

As an undercover surveillance specialist, O’Neill was trained to watch, profile and follow people. In 2001, O’Neill was approached by his superiors to investigate special agent Robert Hanssen. O’Neill was assigned as a direct report of Hanssen’s and on his first day of work, Hanssen introduced O’Neill to “Hanssen’s Law.” “Hanssen’s law” was that the spy is always where he has access to the information that he knows he can use to do the most damage and get the most money.

In the corporate setting , O’Neill outlined a few obvious and not so obvious ways that industrial spies obtain proprietary corporate information:

Corporate Dumpster Diving: Picking up information that is cast off (i.e. trash at home or work.)  Most larger organizations have thorough data destruction policies and employ data destruction vendors. But things can go very wrong if procedures are not faithfully followed or if vendors are not fully vetted and monitored.  There needs to be corporate awareness that data security is everyone’s  daily concern.

Security industry analyst Steve Hunt, who heads up Hunt Business Intelligence, believes too many people think  that data security is just an IT issue. “There are so many physical security aspects to data protection it ought to never be considered merely an IT security issue,” Hunt said in an article written for CSO On-Line.   With all the focus on protecting electronic data, many organizations forget about paper data and the physical protection of electronic data.                                                                                                                                                                                                    

Hunt recently did a corporate dumpster dive in a major U.S. City and found all sorts of things that would be in violation of most companies’ data destruction policies.  The dive turned up cancelled checks with the bank account owner’s social security number written on top. The bank account numbers, balances for the political fundraising account of “a certain prominent politician in the area.” Hunt also found the personal financial statement of a very wealthy individual, including the person’s name, home address, real estate owned and values of the properties, several of the individual’s bank account numbers, social security number and date of birth. Hunt’s experiment even yielded a whole laptop with a tag on the back that says “Property of [another financial institution]”.  Steve’s adventure took all of three minutes and he astutely advises companies to do their own dumpster diving tests to monitor how their company’s data destruction policies are actually functioning. 

Corporate Charity:  Information that is ‘castoff’ can include old computers donated to charity.  O’Neill detailed situations where companies purchased all the old computers of their competitor from a charity who supposedly cleaned off all pertinent information and the purchaser ended up obtaining valuable business information from their competitor’s donated computers.  If making a charitable donation of your used electronic equipment, is what your organization chooses to do, it may make sense to do the data cleaning in house prior to physically surrendering your old equipment, so you can control the data cleaning process.

Corporate Posers / Impostors:  Corporate spies often attempt to gain access by relying on people’s willingness to help out, the awkwardness of questioning strangers, and the excitement of receiving free stuff. Corporate spies know these human tendencies and use them to their full advantage. According to O’Neill, a hacker could be posing as ‘Joe from IT’ sending you an email or phone call requesting your password.  If you’re busy or distracted, this just may work.

“Hi, I’m the rep from Cisco and I’m here to see Nancy.”  Chris Nickerson, founder of Lares, a Colorado-based security consultancy, recently pulled off a successful social engineering exercise for a client by wearing a $4 Cisco shirt that he got at a thrift store (Read: Anatomy of a Hack).

Criminals will often take weeks or months getting to know a place before even coming in the door, according to O’Neill. Posing as a client or service technician is one of many possibilities. Knowing the right thing to say, who to ask for, and having confidence are often all it takes for an unauthorized person to gain access to a facility, according to Nickerson.  

Other old stand-bys according to O’Neill are: “Can you hold the door for me? I don’t have my key/access card on me.”. An another version would be “Can you hold the door for me?” while carrying a box of “paper for a printer” using both hands.  How many people at your organization would turn away a HVAC person on an emergency call after normal business hours?  Would the air conditioner  / heater actually be serviced? Or would bugs be planted,  phones be tapped,  pictures be taken? Would computer drives be duplicated, papers photocopied, or data altered? 

Another ruse is Flash Drives distributed at conferences or left in strategic locations. Flash drives left unattended in a parking lot, public bathroom or elevator of a targeted company may be a part of a sophisticated social engineering attack. These drives may be seeded with a trojan horse set to automatically run as soon as the drive is inserted and quietly steal your personal or company information in the background.  This happened in an actual attack against the U.S. Pentagon!

Take Away:   Closely check the background and reputation of any data destruction vendors.  Verify  that the data is actually destroyed in a non-usable format, and monitor closely that your corporate record destruction procedures are being faithfully followed.  Remember the simple and obvious ways that corporate spies can try to gain your trust and gain access to vital information.   Be wary of free give away computer devices or cast off computer items that can be inserted into your computer.

Eric M. O’Neill is the founding partner of the Georgetown Group, where he specializes in counterintelligence and counterterrorism operations, security risk assessments, investigations into economic espionage, internal investigations, and background investigations. Eric served as an undercover operative for the F.B.I., where he conducted national security field operations against terrorists and foreign intelligence agents.  His role in the investigation and capture of Robert Phillip Hanssen, the most notorious spy in United States history, became the subject of Universal Studio’s , movie Breach , released to critical acclaim in 2007. 

Getting Your Firm’s Articles Read by Corporate Counsel

Newspaper Headline

In-house attorneys have always been generalists but now, more than ever, as layoffs have hit in-house law departments hard, they must act like ER doctors conducting triage when the ambulance gets in. They have to quickly identify the problem, establish priorities, determine what they can handle themselves, and whether they will require the services of a specialist or outside counsel. So how do articles written by lawyers enter into the mix of helping in-house counsel determine what’s a “Code Blue”?

A Descriptive Headline Helps the Article be Found

From the start, the article’s title sets the tone. Well-read articles have descriptive headlines that also include the relevant industries and jurisdictions involved. Cute headlines may be fun, but in-house counsel aren’t looking for fun in legal articles.  If the targeted reader can’t quickly figure out what the article is about, the article won’t get read and the author and his or her law firm won’t reap the benefits. .

In search-engine terms, the title of your article is the most interesting element. The search engine assumes that the title contains all the important words that define the topic of the piece, and thus weights words appearing there most heavily. When writing a title, think about search terms readers will use when looking for articles on the same topic as yours.

Descriptive Headlines Part Two– Sometimes Less Is More

Many legal writers have caught wind that the article title is important to search engines and accordingly try to cram every conceivable keyword into the title.  This results in a long, unreadable, and often boring title.  Titles should include terms such as “healthcare,” “labor,” and “bankruptcy” for articles that address those issues. For federal cases, mentioning the circuit and district is often important, but it’s rarely necessary to include “the United States District Court for the Northern District of West Virginia” in the title. The word on the street is that Google will display approximately 65-70 characters of a title tag in a search result and will index additional characters in the SERP (Search Engine Results Page). The lesson is don’t blow the first 65 characters of your article’s title on text that does not tell your reader what the article is about and why it is important.

Also, many firms and article syndication services tweet article headlines to drum up more interest. With Twitter you have 140 characters max.  Newsletter, journal publishers, and article syndication services have strict title character limits. It’s been said that your title is the face of your writing. If you don’t want a stranger to take a scalpel to your face without your input, be forewarned.

Effective Articles Help the Reader Quickly Assess the Situation

Effective articles succinctly identify the key issues early on in the text.  If it’s a new healthcare regulation, does it impact all healthcare organizations or just hospices? Is it just in Illinois or nationwide? Let the reader know what the issue is from the start, then explain why it is important, who is impacted, and what jurisdictions are involved.

Many article-publishing services and law firm Web sites only include short teasers of the article’s content in areas highly accessible to search engines, meaning either the full text is in a less searchable format like PDF or the bulk of the text is behind a password- protected section of the Web site. In addition, many legal writers writing about a local issue bury the jurisdiction at the end of the article hoping that they will draw in more readers. Your readers will be unhappy if they have to log on or wait for a PDF to open only to find out the article only addresses one far-flung jurisdiction. If you want to draw in national readers, why not also include a succinct blurb on the regulations in a few large states like Texas, New York, and California? Your single-state article addresses a broader audience and is more likely to be passed on to other interested readers.

Help Your Reader Make the Sale

Most legal writers include government statistics and tales of multimillion verdicts to draw in the reader.  Law departments have to adhere to their budgets, so if they want additional resources (e.g., outside counsel) or resources beyond what is typically budgeted, (e.g.,. high-priced counsel, panel counsel, and local counsel), the assistant counsel must seek permission from the General Counsel,, The General Counsel, in turn, may need authorization from the CEO and/or  may need to make his or her case to the Board.   Your statistics and case references can be a great start in helping inside counsel make their case.  Your articles may also assist CEOs, CFOs, and Board members who do their own research on pertinent legal issues so they can ask informed questions of their General Counsel and form their own opinion of the gravity of particular regulations or litigation issues.

Present Solutions, Not Just Headaches

Whenever possible, don’t just identify problems, try to offer potential solutions or postulate possible outcomes.  Establish your credibility by demonstrating your expertise. Simply identifying problems leaves your reader with that  “Oh no—now what do I do?” feeling. Offering ideas on how to solve those problems leaves the reader with the “I have a problem and maybe this law firm can help me” feeling.

Jennifer Schaller is Managing Director of the National Law Review, an online magazine and database resource for in-house counsel and other professionals.  Jennifer started her legal career at Aon Corporation and has also worked at CNA Financial and Smith Amundsen LLC.  Jennifer can be reached at 708-357-3317.

This article originally appeared in the Spring 2010 issue of In the Loop, the Legal Marketing Association Midwest Chapter newsletter, originally published 5/21/2010.

© 2010 Legal Marketing Association — Midwest Chapter

Why Information Architecture Is The Most Important Part of Designing a Website

Plan & Organize that Website Early

Today’s National Law Review Guest Blogger Jeff Roberts of Moiré Marketing Partners explains Why Information Architecture Is The Most Important Part of Designing a Website:

You just bought a parcel of land and are planning to build a brand new home, your dream home. Would you start building this home without an architecture or floor plan? I would hope not. And the same goes for building a website.

Blueprints are to a house, like sitemaps and wireframes are to a website. Information architecture requires a significant amount of hours of research and discovery long before the designer touches the canvas with their interactive tools. Eliminating this step will create a website that is not targeted to any research or your audience, a site that’s not user-friendly and lacks strategy. At Moiré, we believe design without strategy is just art. This results in project scope-creep, missed deadlines and unhappy clients!  Full Text:

http://natlawreview.com/article/why-information-architecture-most-important-part-designing-website