Cybersecurity 101: Common Sense Can Make All the Difference

The Slaw blog had a good basic post yesterday morning on cybersecurity for law firms. It made me want to share some of their advice, to which I’d add a few of my own and which may apply not only to professionals but also to any type of organization.

As you may notice, a lot of this is basically common sense, as applied in the digital age:

  • Start by asking yourself what type of data your organization handles, and contemplate what problems you may have were it to fall in other hands or become unavailable;
  • Inventory all devices which your organization uses, including in particular those that connect to its systems and/or the Internet and make sure your personnel knows the dangers associated with plugging anything new (for ex., an infected USB stick);
  • Realize that anything you plug into the Internet (i.e. make accessible) may become a point of entry for eventual hackers or infections, in particular any devices that have not been fully updated (including any firmware and software running on it) – make sure all your hardware and software are regularly updated (starting with your router and computers/servers);
  • Stop allowing or using weak passwords and force everyone to use a solid password manager;
  • Better yet, have everyone in the organization access every tool that can be through Two Factor Authentication (2FA);
  • Acknowledge that employees require on-going cybersecurity training and reminders, and actually schedule it so that it does happen, at least every year,. Including as to things like:
    • The risks associated with using passwords (such as weak or reused ones);
    • Problems which may be triggered by navigating one’s browser to a malicious site or clicking on a link in an email;
    • The dangers of activating, opening or clicking on attachments;
    • The concept of social engineering and its role in many attacks;
  • Know in advance who you will call in case of an incident to investigate or remedy, and make sure your personnel knows what your game plan is;
  • Do not assume you are safe because no one would bother attacking you, as we’re all potential victims of cybersecurity incidents, as anyone can fall victim to an attack without even having been specifically targeted.

With Québec’s passing of a new personal information stature, further to Bill 64, I’d say now’s a good time to brush-up on your cybersecurity practices and safeguards!

Top 10 Ways to Improve Your Handling of Email

Email now apparently takes more than 2 hours of a typical person’s job, in any given day, a figure which I figure is likely exceeded for a typical attorney. With that kind of time invested in it, you’d think we’ve collectively gotten better, over time, at handling it -not so, if you ask me.

I happened this morning on a post entitled 40 One-Sentence Email Tips which inspired me to distill my own experience (of 20 years reading/writing emails), for your benefit and my own. Here it is, in the hope it may help us be more productive:

  1. Send less emails, receive less emails;
  2. Limit your consents to receiving mass emails (like newsletters);
  3. Use your email app intelligently – don’t spend time manually saving emails into folders, etc.;
  4. Don’t generally answer emails instantly or at all times of the day or night, or risk involuntarily training recipients of your emails to expect that level of responsiveness;
  5. For any new email, start by asking yourself whether this communication channel is appropriate for this particular discussion (would a text or a call be better?);
  6. If email is the way to go, don’t C.C. any person that doesn’t really need to see that email (as you’ll be wasting their precious time with your thoughtless inclusion of their address);
  7. Give your email a Subject that does describe adequately what it’s about (dhu);
  8. Start your emails with a sentence or two that provides context and what specifically you hope to get back from this recipient (information, action, etc.);
  9. In the body of your email, be brief and concise: keep sentences and paragraphs short, and limit the length of your email to about a page -max;
  10. Be kind to recipients of your emails and use plenty of spaces and bullet points, to make scanning your message easy and quick (typically, that person will want to spend about 30 seconds reading it).

We’re collectively spending A LOT of time on electronic communications, which doesn’t mean the average person (or lawyer, for that matter) knows how to handle it adequately. Remember, your email app should work for you, not the other way around.

So, What the Hell is a NFT, Legally?

As you may already know, the Internet has been abuzz recently with “NFT“s, or Non-Fungible Tokens, an offshoot of blockchain technology, a form of distributed ledger. Basically, an NFT is an electronic token (an asset, of sorts) that been created and placed on a blockchain , and which is capable of containing certain information and passing from one buyer to the next.

Recently, artists realized that they could personally create and authenticate tokens but associating them with some of their works (think copyright), in essence creating digital tidbits capable of being bought, sold and exchanged, over time. This, couple with a limited supply, created an instant collectors’ market of NFT enthusiasts and who are now investing in upcoming artists, in a manner that is strangely reminiscent of Renaissance patrons of the arts. This allows artists to make some money and collectors to… well… collect.

The numerous stories I’ve been seeing online about this lead me to reflect as to what exactly these little electronic tidbits are, legally I mean. Are people buying art, perhaps electronic copies, or something else?

Legally, the first thing we should note is that this little trend does NOT involve people dealing or trading art (or I.P.) online. No real transfer of rights (intellectual or otherwise) gets created or transferred when buying an NFT-type electronic token, not really anyway. In effect, what will happen upon any of these purchases is that a transaction will be recorded on the blockchain at issue, showing you as the “owner” of such and such token. Period.

Does this grant you a real right of ownership to that intangible? Maybe, maybe not. But one thing for sure, what these transactions do NOT do, is transferring title to any intellectual property, such as the copyrights in this drawing or this photo, for example. So, contrary to some may be thinking reading stories about the NFT-craze, people are not buying the I.P. to copyrighted works using this scheme.

Sure, people may be buying (using the term loosely) something that was created by Mr. X, and then get bragging-rights about it, but little else. Sure the NFT may be one of the few linked to that particular piece of artwork (a music album, for example) but little else. Buying an NFT does NOT get you any real rights to the actual artwork or the I.P. to it.

The truth of it is, at law, we’re not dealing with any asset that can be readily categorized or put in a neat little box here. NFTs are rather a pure creation of the electronic age, before any rights or legislation applies to them. In effect, those who create NFTs decide what little rights (let’s call them that) they are deciding with accompany their offering of NFTs. In practice, this will usually translate to fairly little, for example a personal right (read license) to display a piece of artwork for one’s personal pleasure, etc.

So, if your reflex upon reading this is to ask what a NFT is good for, the honest answer may be: to fill an artist’s pockets. That said, don’t get me wrong, NFTs are a cool idea and I’m all for encouraging budding artists with a modicum of intermediaries who’ll profit in between; let’s just be clear as to what little legal effects are created when buying one of these tokens. At least for now anyway, we’re not dealing with anything that has inherent great value here, aside from what other collectors may be after that is.