N S T I T U T E I C L E N Y C L A N EW Y ORK B RIDGE THE G AP S ESSION A: U SING P ERSONAL D EVICES IN THE W ORKPLACE ; M ANAGING Y OUR L AW F IRM ’ S I NTERNET P RESENCE Prepared in connection with a Continuing Legal Education course presented at New York County Lawyers’ Association, 14 Vesey Street, New York, NY scheduled for Wednesday, September 10, 2014 Faculty: Jason Habinsky and Jason Juceam, Haynes and Boone LLP; Andrew Cabasso, JurisPage This course has been approved in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 4 Transitional and Non-Transitional credit hours; 1 Skills; 1 Professional Practice/Law Practice Management; 2 Ethics. This program has been approved by the Board of Continuing Legal education of the Supreme Court of New Jersey for 4 hours of total CLE credits. Of these, 2 qualify as hours of credit for ethics/professionalism, and 0 qualify as hours of credit toward certification in civil trial law, criminal law, workers compensation law and/or matrimonial law. ACCREDITED PROVIDER STATUS: NYCLA’s CLE Institute is currently certified as an Accredited Provider of continuing legal education in the States of New York and New Jersey. Information Regarding CLE Credits and Certification New York Bridge the Gap Session A: BYOD—Using Your Personal Devices in the Workplace; Managing Your Firm’s Internet Presence September 10, 2014; 5:30 PM to 9:00 PM The New York State CLE Board Regulations require all accredited CLE providers to provide documentation that CLE course attendees are, in fact, present during the course. Please review the following NYCLA rules for MCLE credit allocation and certificate distribution. i. You must sign-in and note the time of arrival to receive your course materials and receive MCLE credit. The time will be verified by the Program Assistant. ii. You will receive your MCLE certificate as you exit the room at the end of the course. The certificates will bear your name and will be arranged in alphabetical order on the tables directly outside the auditorium. iii. If you arrive after the course has begun, you must sign-in and note the time of your arrival. The time will be verified by the Program Assistant. If it has been determined that you will still receive educational value by attending a portion of the program, you will receive a pro-rated CLE certificate. iv. Please note: We can only certify MCLE credit for the actual time you are in attendance. If you leave before the end of the course, you must sign-out and enter the time you are leaving. The time will be verified by the Program Assistant. Again, if it has been determined that you received educational value from attending a portion of the program, your CLE credits will be pro-rated and the certificate will be mailed to you within one week. v. If you leave early and do not sign out, we will assume that you left at the midpoint of the course. If it has been determined that you received educational value from the portion of the program you attended, we will pro-rate the credits accordingly, unless you can provide verification of course completion. Your certificate will be mailed to you within one week. Thank you for choosing NYCLA as your CLE provider! New York County Lawyers’ Association Continuing Legal Education Institute 14 Vesey Street, New York, N.Y. 10007 • (212) 267-6646 Bridge the Gap Session A BYOD: Using Personal Devices in the Workplace; Managing Your Firm’s Internet Presence Wednesday, September 10, 2014 5:30 PM to 9:00 PM Faculty: Jason Juceam, Haynes and Boone LLP Jason Habinsky, Haynes and Boone LLP Andrew Cabasso, JurisPage AGENDA 5:00 PM – 5:30 PM Registration 5:30 PM – 7:10 PM BYOD: Using Personal Devices in the Workplace Jason Juceam, Haynes and Boone LLP Jason Habinksy, Haynes and Boone LLP 7:10 PM – 7:20 PM BREAK 7:20 PM - 9:00 PM Managing Your Firm’s Internet Presence Andrew Cabasso, Jurispage 9/5/2014 Bring Your Own Device (“BYOD”) Best Practices & Worst-CaseScenarios Surrounding EmployeeOwned Devices in the Workplace © 2013 Haynes and Boone, LLP What is BYOD? • The practice whereby employers permit employees to bring their own personal mobile devices – typically smartphones or tablets – into the workplace and encourage employees to use these devices for business-related tasks. 2 © 2013 Haynes and Boone, LLP 1 9/5/2014 BYOD Statistics – the Good • By 2016, 80% of employees will be eligible to use their own devices (Gartner) • And 38% of employers will stop providing devices to employees (Gartner) • Employees are willing to spend an average of almost a $1,000 on their devices and over $700 on internet data plans (CloudTweaks) • 89% of IT professionals support BYOD and 85% agree that it increases company efficiency (CDW) 3 © 2013 Haynes and Boone, LLP BYOD Statistics – the Bad • 54% of employers either are still developing BYOD policies or have none in place • Only half of IT Managers said their companies “had a strategy in place to effectively manage and secure the additional, personally-owned devices” (CDW) • 51% of employees connect to unsecured wireless networks with their personal devices (Cisco) • 53% of employees use unsupported software or Internetbased services on their personal devices to do work (Forrester) 4 © 2013 Haynes and Boone, LLP 2 9/5/2014 What Does This Mean? • BYOD is here to stay – By 2017, 50% of employers will require employees to supply their own devices for work purposes (Gartner) • Many employers are unprepared and lack sophisticated policies and procedures 5 © 2013 Haynes and Boone, LLP What Does This Mean cont’d? • Employees are performing unauthorized activities, or simply lack formal consent • Employers are vulnerable to security & privacy issues and increasingly susceptible to lawsuits 6 © 2013 Haynes and Boone, LLP 3 9/5/2014 What Should Employers Do? • Develop a strategy for safely and effectively managing BYOD • Implement a clear and effective policy, which includes an Acceptable Use Agreement • Educate employees about BYOD policy and provide effective training • Perform periodic audits to ensure compliance 7 © 2013 Haynes and Boone, LLP The Rise of BYOD • Traditionally, enterprise IT drove consumer technology and trends. Employers provided employees with IT; e.g. Blackberry; Palm PDAs • Today, tech-savvy employees are adopting consumer-focused and business-oriented technologies – e.g. iPhones & Androids – thereby consolidating their personal and work devices for enhanced productivity and convenience 8 © 2013 Haynes and Boone, LLP 4 9/5/2014 The Rise of BYOD cont’d • As of 2013, it was estimated that mobile devices outnumber people (Cisco) • With the influx of devices that have the ability to communicate, as well as track and maintain data, there is a greater likelihood that employees will utilize personal devices with dual functionality 9 © 2013 Haynes and Boone, LLP The Benefits of BYOD • Cost-Savings – Employers save $ since they no longer provide employees with device – Upwards 20% savings on IT • Improved morale • More sophisticated and efficient equipment in the workplace leading to increase in productivity 10 © 2013 Haynes and Boone, LLP 5 9/5/2014 The Benefits of BYOD cont’d • Employees possess better understanding of their own devices thereby reducing the need for training and support • Employees treat their own property better than employer owned property 11 © 2013 Haynes and Boone, LLP BYOD Risks • Employer Security – Public exposure of employer’s confidential & proprietary information • Employees take their devices wherever they go, which means company data goes where employees go • Potential for outside users to access data -Leakage: employer data inadvertently spills out to the public domain -Lost or Stolen Devices 12 © 2013 Haynes and Boone, LLP 6 9/5/2014 BYOD Risks cont’d • Employer Security – Public exposure of employer’s confidential & proprietary information • Employees sending work email or documents to their personal email account through their own devices bypassing employer security channels 13 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Employee use of unencrypted third-party file-hosting services • Data stored on iCloud is potentially susceptible to hackers 14 © 2013 Haynes and Boone, LLP 7 9/5/2014 BYOD Risks cont’d • Employer Security – Threats to employer’s network • Data breaches • Network Invasions e.g. malwares and viruses that harm employer’s network by collecting data (e.g. mechanisms that target shared folders as well as internal File Transfer Protocol (FTP) sites) 15 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Employee Privacy – Protection of employee’s personal information – Because its their device, employees may possess greater expectation of privacy – The protective measures employers implement to combat security threats often implicate privacy concerns – The use of biometrics for security purposes (e.g. scanning of finger prints and voices), could lead to privacy and discrimination claims 16 © 2013 Haynes and Boone, LLP 8 9/5/2014 BYOD Risks cont’d • Employee Privacy cont’d • E.g. Tracking or monitoring employee devices; wiping devices when lost or stolen • Reviewing an employee’s device upon departure from company and sometimes the potentially awkward situation where an HR or IT Professional reviews employee owned device • These policies must be made clear 17 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Liability for employee conduct on devices – Because they’re using their own devices, employees might be inclined to bring unacceptable “after-hours” behavior into the workplace – Texts, social media, and tweets sent in the office of through an employer’s network can lead to sexual harassment lawsuits and bullying 18 © 2013 Haynes and Boone, LLP 9 9/5/2014 BYOD Risks cont’d • Liability for employee conduct on devices – Possibility that employees may use their personal devices to bully their co-workers – 35% of working adults claim to have been bullied at work (Workplace Bullying Institute) – If an employer, knows or should know about such harassment and does not remediate the situation, it could face liability • 19 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Privacy Concerns – An employee’s expectation of privacy on a personal device used for work-related purposes can be impacted by a company’s BYOD policy and Acceptable Use Agreement, as well as whether an employer pays for the device • In Mintz v. Bartelstein & Assoc., Inc., 885 F. Supp. 2d 987 (2012), the Court denied plaintiff’s motion to quash a subpoena seeking records from plaintiff’s cellular phone provider, holding that the employee had a limited expectation of privacy because the company’s employee manual provided that electronic communications could be reviewed. The company also paid for a portion of the cellular phone bill. 20 © 2013 Haynes and Boone, LLP 10 9/5/2014 BYOD Risks cont’d • Privacy Concerns – Privacy rights can potentially be dictated by the posture of the litigation. • In Kamalu v. Walmart Stores, Inc. 119 Fair Empl. Prac. Cas. (BNA) 1223 (E.D. Ca. 2013), the court held that for discovery purposes, there was no expectation of privacy with respect to phone records such as date, time, and duration of phone calls and text messages, but that privacy rights attached to the substance of the communications thereby preventing disclosure . 21 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Harassment and Discrimination – Employers have a duty to put a stop to discrimination or harassment transpiring in the workplace when the employer knows or has reason to know of such conduct • Summa v. Hofstra University, 708 F. 3d 115 (2d Cir. 2013) – A female graduate student who worked as team manager for the Hofstra football team brought state and federal sexual harassment claims against the school stemming in part from the creation of an inappropriate Facebook page by members of the football team. – The court granted Hofstra’s motion for summary judgment because the school promptly took remedial action: disciplining the players involved with page and ordering them to take the page down. The school also addressed all of the employee’s complaints and provided adequate training concerning harassment and discrimination. 22 © 2013 Haynes and Boone, LLP 11 9/5/2014 BYOD Risks cont’d • Harassment and Discrimination • In contrast, Espinoza v. County of Orange, 2012 WL 420149, the employer was held liable for harassment by employees towards a fellow-employee on a non-work blog after the employer learned of the conduct and failed to take remedial action. 23 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Harassment and Discrimination • Employers may be liable for discrimination or harassment perpetuated through an employee’s personal device that occurs outside the workplace if there is a sufficient link with the workplace • Amira-Jabbar v. Travel Services, Inc., 726 F. Supp. 2d 77 (D. Puerto Rico 2010) • Employee sued employer for hostile work environment. The claim stemmed from a racist comment made on a Facebook picture from a work event by a co-worker. The court found this to be a sufficient nexus to work-related activity regardless of whether the racist comment was made during or after work. 24 © 2013 Haynes and Boone, LLP 12 9/5/2014 BYOD Risks cont’d • Safety Concerns – Chatman-Wilson v. Cabral and Coca-Cola Refreshments USA, Inc., 2013 WL5756347 • Coca-Cola, Inc. ordered to pay $21.5M for employee’s car accident resulting from talking on her personal cell phone while driving • Coca-Cola employee violated company’s hands free cell phone policy while using cell phones for work purposes • Coca-Cola found vicariously liable 25 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Safety Concerns – Potential for respondeat superior to trigger liability • Clo White Co. v. Lattimore, 590 S.E.2d 381 (Ga. Ct. App. 2003) – Accident victim sued employer following car accident with employee because employee used personal cell phone to call work at the moment he got into a car accident. – Summary judgment denied; the court noted the employee would regularly use his personal cell phone for work-related tasks 26 © 2013 Haynes and Boone, LLP 13 9/5/2014 BYOD Risks cont’d • Potential wage & hour lawsuits – Employees’ use of smartphones to respond to work-related matters outside of business hours can blur the line between personal & work time – Creates potential for overtime claims, e.g. Fair Labor Standard Act (FLSA) claims, which requires non-exempt employees to be paid for all hours worked and overtime for hours worked beyond 40 in a week 27 © 2013 Haynes and Boone, LLP BYOD Risks cont’d • Wage and Hour Concerns − Mohammadi v. Nwabuisi, 2014 WL 29031 • Employer found liable for not compensating employee for overtime work performed using employee owned device • In addition, employer failed to keep accurate records, and employee’s oral recollection of time worked satisfied record keeping requirements 28 © 2013 Haynes and Boone, LLP 14 9/5/2014 BYOD Risks cont’d • “Information governance,” compliance w/ corporate investigations & litigation discovery holds • Inadvertent restrictions of union activities – compliance w/ § 7 of the NLRA • Insurance coverage for BYOD conduct – Verify that your policies are up to date 29 © 2013 Haynes and Boone, LLP Protective Measures • Mobile Device Management (MDM) and Mobile Application Management (MAM) – MDM allows companies to encrypt data, as well as remotely locate, lock & wipe devices, and track user activity – MAM enables IT operators to manage and block applications that are potentially harmful • “Sandboxing” – Software virtualization that partitions employee & employer’s data 30 © 2013 Haynes and Boone, LLP 15 9/5/2014 MDM & MAM are not Perfect! • MDM creates potential privacy issues – Excessive monitoring, or monitoring without consent, can be an invasion of employee privacy • MAM cannot monitor and control all apps – Impossible to monitor and control all apps downloaded onto employee devices – E.g. Employees uploading docs through thirdparty cloud services 31 © 2013 Haynes and Boone, LLP Sandboxing is not Perfect! • Sandboxing is not 100% effective – “Spillage,” when employer data migrates to the personal side of a device can occur – Employee use of third-party cloud services that automatically backs up documents and other information on personal devices can inadvertently compromise employee data 32 © 2013 Haynes and Boone, LLP 16 9/5/2014 Sandboxing is not Perfect! Cont’d • E.g. Apple stores (in the cloud) EVERYTHING you tell Siri for two years. As a result, employees may inadvertently share sensitive information simply by using common features on a device 33 © 2013 Haynes and Boone, LLP Drafting BYOD Policy: General Advice • Implement a policy that combines technology solutions with clear and comprehensive policies • Emphasize security & respect employee privacy • Clearly explain permissible behaviors and activities on personal devices that have access to corporate systems • Perform periodic audits to ensure compliance with BYOD Policy 34 © 2013 Haynes and Boone, LLP 17 9/5/2014 What to include in an Effective BYOD Policy • Which employees are allowed to BYOD? – Some companies are inclined to limit BYOD to high-level employees • Which devices are authorized? • Ensure that a company’s BYOD Policy is consistent with other policies (e.g., trade secret, harassment/discrimination, wage and hour) 35 © 2013 Haynes and Boone, LLP What to include in an Effective BYOD Policy cont’d • What are the employee’s security obligations? – E.g. prohibited websites & applications while connected to employer network – E.g. passwords; firewall • What are the parameters of acceptable use? – Acceptable information and communications • What activities are prohibited? 36 © 2013 Haynes and Boone, LLP 18 9/5/2014 What to include in an Effective BYOD Policy cont’d • What employer networks, services and applications can be accessed? • Protocols for device repairs; who bears the cost? • Detailed procedure in the event device is lost or stolen – Ability to locate, lock, & wipe a device 37 © 2013 Haynes and Boone, LLP What to include in an Effective BYOD Policy cont’d • Disciplinary action • Assurance that company is not infringing upon employees’ right to organize under the NLRA • Separate wage and hour policies • Safe driving • Include an Acceptable Use Agreement (“AUA”) • Outboarding: Employee departure procedure – Ensure removal of employer data at end of employment 38 © 2013 Haynes and Boone, LLP 19 9/5/2014 BYOD Training • Provide BYOD training to employees and supervisors • Educate employees about BYOD Policy & provide effective training that is consistent with other company policies 39 © 2013 Haynes and Boone, LLP Notices to Incorporate in BYOD Policy • Inform employees about all MDM monitoring or tracking of devices • Inform employees before installing anything on employee devices • Inform employees that they must consent to the BYOD Policy and agree to a Acceptable USE Agreement prior to utilizing a dual-use device 40 © 2013 Haynes and Boone, LLP 20 9/5/2014 Crafting an Acceptable Use Agreement • Explain that duel-use of a personal device is a “privilege“ • Acknowledgement & acceptance of the Acceptable Use Agreement (“AUA”) • Employee acceptance of the AUA must be easy 41 © 2013 Haynes and Boone, LLP Crafting an Acceptable Use Agreement cont’d • Obtain employee consent for the company to: – Remotely wipe a device – Monitor the personal device when connected to company network – Inspect device upon legitimate request, e.g. corporate investigations and litigation holds Obtain company release from employee for any liability stemming from the destruction or incidental viewing of personal information – Employee acceptance of the AUA must be easy 42 © 2013 Haynes and Boone, LLP 21 9/5/2014 Is your client protected? • In the event an employee’s dual-use device is lost or stolen, can your client: – Lock down the device remotely – Identify what was on the device – Identify who is accessing your network and what they’re doing, such as what files are being accessed – Perform network forensics 43 © 2013 Haynes and Boone, LLP Is your client protected cont’d? • Are you tracking the latest developments in employment law and does your BYOD policy conform with changes in the law? – Because the law is consistently changing, your BYOD policy must be fluid and needs to be updated in order to stay current and ultimately be effective. 44 © 2013 Haynes and Boone, LLP 22 9/5/2014 Questions? 45 © 2013 Haynes and Boone, LLP 23 Related Articles Regarding BYOD Agencies Inch Toward Solutions on BYOD 1 of 13 http://www.govtech.com/Barriers-to-BYOD.html Solutions to deal with security and data privacy issues have sprouted up in droves, but is there a good fix to the people problem? BY ADAM STONE (HTTP://WWW.GOVTECH.COM/AUTHORS/98564519.HTML) / JULY 18, 2014 Jay Hadley: The city of Rancho Cordova, Calif., uses mobile device management, but still worries about risks. The BYOD phenomenon is becoming more entrenched in government, and with good reason. Bring your own device promises potential cost savings and increased productivity. Moreover, employees want it. They’re used to accessing the world through 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 2 of 13 http://www.govtech.com/Barriers-to-BYOD.html their tablets and smartphones, and taking their work on-the-go feels like a natural extension of their mobile lifestyles. Faced with tough fiscal choices, many city and state managers find BYOD a tempting proposition. In a 2013 study, Cisco’s Internet Business Solutions Group said BYOD could net employers up to $3,150 per employee each year on device expenses and increased productivity. BYOD employees gain 37 minutes per week in productivity, while spending more than $1,500 a year on expenses related to their devices. But BYOD is hardly a slam dunk. As with any emerging technology, the transition to this new paradigm presents a range of hurdles to IT managers trying to do what’s best for the jurisdiction while simultaneously supporting the desires of end users. Security is a primary concern, as work data increasingly commingles with private information and travels outside the office walls. But there are other sticking points, including concerns about privacy, issues of overtime and the burden on IT of having to support a broad range of devices, to name a few. Public-sector technology leaders say these challenges can be overcome, but it takes some creativity and forethought. Even before concerns about technology, IT leaders are wrangling with questions about people. Perhaps more than any other facet of IT today, BYOD challenges technology 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 3 of 13 http://www.govtech.com/Barriers-to-BYOD.html managers to consider the end user, both as an employee and as an individual with specific personal needs. At the same time, the employee’s relationship to the workplace must be addressed. Take, for instance, the issue of discovery, the possibility that participants in a lawsuit could demand access to the content of a personal device in order to investigate work-related information. “Now somebody wants to see if you have documents on your device that pertain to subject X. What does the law really say about that?” asked Minneapolis CIO Otto Doll. “We don’t see the laws as being clearly written to say you can only look at the business side of the device and not the personal side. It is not very clear how someone would ascertain just what is the business side versus the personal side.” Some see the issue of discovery as a major impediment, largely because of employees’ reluctance to make their private data public. “The city or state has to provide access to relevant public documents. This means the government has to have access to that device,” said New Hampshire state Rep. Bill O’Brien, a former state speaker of the House and now COO of Brainloop, which delivers collaboration tools. “Yet the last thing any employee would expect is to have their devices summoned into court.” Even without the threat of litigation, it’s a real issue: New Hampshire has received as many as 203 requests for open records. The state’s response has been straightforward, mirroring what many say is the best approach to 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 4 of 13 http://www.govtech.com/Barriers-to-BYOD.html 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 5 of 13 http://www.govtech.com/Barriers-to-BYOD.html employee-based BYOD concerns. That is, candor upfront. Employees bringing their own devices are told at the start that the state has the right to demand that any content be made available as needed. Privacy is just one aspect of the “people” 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 6 of 13 http://www.govtech.com/Barriers-to-BYOD.html equation. Of further significance are questions of compensation — both in terms of device usage and work hours. In Napa County, Calif., where several hundred of the county’s 1,300 employees bring their own devices, CIO Jon Gjestvang has tackled the issue directly, deciding early on that employees should receive some form of stipend if they make productive work use of their own devices. The county will pay $35 to $120 a month to cellphone users, along with a $50 to $60 data allowance. “It was based on your job, how much we thought you would be calling for business, and the data stipend was based on roughly the cost of a data plan at the time we made the policy,” he said. The basic rule for compensation: “It’s available, but there has to be a business reason for it.” And that’s up to department heads to decide. It seems simple, but there are complications. Governments are supposed to be saving money, and yet the stipend, in some cases, feels like an expense, even if the user is gaining productivity. “If I give you $50 to come in with a phone, that’s still $50 that I am paying,” Doll said. One further point on the human element: When are you at work? And should you be paid for that time? Will hourly workers claim overtime for work done at home? Is this a convenience or a new way for management to squeeze out more work for less pay? “You need to define those parameters, that there is no additional requirement to do more work because of having these devices. It is only 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 7 of 13 http://www.govtech.com/Barriers-to-BYOD.html intended for the convenience of the employee. That has to be in every single policy,” said Jerry Irvine, CIO of Prescient Solutions and a member of the National Cyber Security Task Force. Some jurisdictions have started addressing the overtime question explicitly in their BYOD policies. In Rancho Cordova, Calif., hourly employees using personal devices outside of their normal work schedule can work up to seven additional minutes per day without needing to report it. Anything beyond that, however, must be accounted for on the employee’s timesheet. The rule aligns with the city’s policy of rounding minutes worked to the nearest quarter hour. While IT must consider the human element, there also are a range of technology-related impediments in play. One of the most significant of these is the matter of device management. “When we started allowing access back in the BlackBerry days there was one device, one operating system. It was pretty simple,” said Gjestvang. “With the introduction of multiple devices, that has opened up challenges for us.” Gjestvang’s team has installed a server separate from the BlackBerry server and developed software components to manage multiple devices. Set-up isn’t hard, he said, but upgrades can be a bear. A recent upgrade to the email system didn’t take on every device, in spite of an otherwise smoothly operating mobile device management system, and technicians spent time making adjustments. 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 8 of 13 http://www.govtech.com/Barriers-to-BYOD.html “Typically this would not have been a big deal,” he said. Similar issues have come up when setting up new business applications. “Apps don’t necessarily work the same on one mobile device operating system as another,” Gjestvang said. “Some installations have taken a fair bit of manual tweaking.” Sometimes issues arise on individual devices. One way to simplify that situation: Wash your hands of it. Gjestvang’s team as a rule will not offer support for personal devices. “We won’t just hang up on them, we’ll tell them what to do next, whether it is taking it to their carrier or dealing with some issue within the device,” he said. “Anything else really just stretches IT too thin.” Rancho Cordova IT Manager Jay Hadley takes a similar approach. “We are always willing to assist them, but there is a line there where we can only do so much,” he said. “In 90 percent of the cases when a user comes to us with an issue, it is just a small glitch or a misunderstanding about how to use it. But there are times when there is something going on that is on the carrier side. Then there is nothing we can do.” Hadley stretches his resources further by posting information about devices on the city intranet, including how to choose a device. “They can read it themselves, and if they need more information we are glad to sit down and help them with that,” he said. Even if they can reduce the complication by offering only minimal support, IT managers still have to wrangle with obstacles inherent in 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 9 of 13 http://www.govtech.com/Barriers-to-BYOD.html the devices themselves. As Gjestvang noted, the same apps won’t always play nicely on multiple devices. But sometimes IT leaders bring the problems on themselves by trying to take an overly simplistic approach to launching mobile apps for BYOD. Israel Lifshitz, CEO of Nubo Software, said it won’t do just to try and port a desktop function onto a range of mobile devices. Often, a multifaceted desktop tool is wedged onto a mobile device and asked to do too much. “For example, you can see that the work of one Outlook desktop application [when shifted onto mobile] uses at least five different apps: email, calendar, contact, notes and tasks,” he said. The result? Diminished user experience. “The best solution is to develop apps for mobile, to provide native apps,” Lifshitz said. “Using antiquated desktop applications on mobile platforms will not work, as the typical uses of mobile apps are totally different than desktop applications.” It all seemed so easy. Employees would bring in their tablets and phones, their iThisOrThat. IT would load them up with enough software to give them access to their needed work materials and send them on their way. Well, it probably never seemed quite that easy. IT folks are savvy enough to realize that this quiet revolution is going to come with complications. Even a couple years into the BYOD groundswell, many are still just 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 10 of 13 http://www.govtech.com/Barriers-to-BYOD.html discovering the magnitude of the challenge. Human concerns, technological adaptations — and then there’s security. In a sense, this isn’t hard, really. Put in enough safeguards to keep government data secure from any incursion; lock it up tight. But then employees won’t be able to get in either. We’ve killed the patient to treat the disease. Before looking for remedies, therefore, it’s best to understand the risks. What exactly are the security challenges facing BYOD? A leading concern involves the nature of the devices themselves and the way people use them. “Most people don’t protect the data in their personal smartphones the same way their data in a work device would be protected,” said Michigan Chief Security Officer Dan Lohrmann. “There aren’t the same mandates, and ultimately people don’t perceive the risk, so they don’t take the precautions.” Without those precautions, it’s easy to see a catastrophic scenario. In Napa County, Gjestvang voices the worry that is foremost on the minds of many IT executives dealing with BYOD: data loss. “The big concern is about the data going out, anywhere from personally identifiable information to protected health information,” he said. Maybe it happens via a breached firewall or a lost device. The prospect of outsiders gaining access to inside information is the leading worry. Gjestvang’s solution is not atypical. Workers can sign into county systems using a mobile device management system, but no county data will reside on their devices. Everything 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 11 of 13 http://www.govtech.com/Barriers-to-BYOD.html comes in encrypted, containerized and password protected, and it can be wiped remotely. Hadley makes use of a mobile device management solution, a mechanism through which IT managers can program in rules and establish routines intended to give strict guidance to the movement of data over the network. But it’s not a perfect fix. “You can put some policies on mobile devices, but we still don’t have the same comfort level that we have when we put policies on workstations. We can tell it to require PINs, we can tell it to lock devices, but it’s still not satisfying,” he said. “Suppose the mobile device gets a virus, for example. I want something that will report that back to us, and I haven’t seen anything like that.” Faced with the same issues, others have taken a range of approaches, said Dux Raymond Sy, chief technology officer at AvePoint Public Sector: Third-party providers lock down data on employees’ devices, often through the use of additional verification methods such as geofencing and two-factor authentication. Government assumes control over an entire smartphone or tablet through mobile device management or other means. Containerized solutions create partitions between personal and work-related data. Secure file sharing and collaboration tools allow content sharing while maintaining control over data. In King County, Wash., IT Enterprise Manager Bob Micielli frets the mundane, the proverbial laptop left on the train. He implemented a 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD http://www.govtech.com/Barriers-to-BYOD.html couple of layers of safeguards against such an eventuality, relying especially on cloud provider MaaS360. Not only does a cloud solution help ensure data is safely out of reach from malicious actors, it also lightens the IT load. “It gives us the flexibility to access the information from anywhere you are,” Micielli said. “You don’t have to sign into our environment, you can use the cloud portal. So rather than us building the servers, supporting the software, supporting the applications, we let the cloud provider handle all that. It means we don’t have to set up an entire IT stack.” Despite such potential solutions, few in IT are comfortable with the state of BYOD security: There are just too many unanswered questions. “We know we just don’t have the same tools that we have on laptops and workstations,” Hadley said. “I haven’t seen anything that totally satisfies us.” Adam Stone (http://www.govtech.com/authors/98564519.html) | Contributing Writer (http://www.govtech.co (http://www.govtech.co (/subscribe?promo_co /computing/State/local/5 Tips to Build 12 of 13 8/28/2014 10:17 AM Agencies Inch Toward Solutions on BYOD 13 of 13 http://www.govtech.com/Barriers-to-BYOD.html (/subscribe?promo_code=Story) 8/28/2014 10:17 AM BYOD Policy, Security Highlighted as Apple, IBM Join Forces 1 of 4 http://www.shrm.org/hrdisciplines/technology/articles/pages/why-byod-p... (/pages/default.aspx) SHRM (/Pages/default.aspx) » HR Topics & Strategy (/hrdisciplines/Pages/default.aspx) » Technology (/hrdisciplines/technology/Pages/default.aspx) » Articles By Aliah D. Wright 7/25/2014 Apple and IBM’s recent announcement that they will partner to bring IBM’s big data and analytics capabilities to the iPhone and iPad highlights the need for human resources and information technology professionals to be prepared for the sea change of enterprise mobility. Why should HR care? Because according to Counterpoint Technology Market Research (http://www.counterpointresearch.com /top-10-smartphones-in-february-2014), Apple’s iPhone 5s continues to be the best-selling phone in the world, and more and more businesses, in an effort to save money, are requiring their employees to bring their own devices to work—despite security concerns, experts say. Bring your own device (BYOD) as a trend “is an inevitable part of your workforce strategy and … companies must prepare for its spread across their organizations,” according to the June 2014 Forrester Wave: Global BYOD Management Services report. In a recent survey, 26 percent of respondents said their employer required use of employees’ personal devices, and 15 percent had signed a BYOD agreement, information technology research and advisory company, Gartner stated in a report published in May 2014. A sample BYOD policy (/templatestools/samples/policies/pages/bringyourowndevicepolicy.aspx) is available on the Society for Human Resource Management’s (SHRM) website. As SHRM reported in spring 2014, “Gartner forecasts that by 2018, 70 percent of mobile professionals will conduct work on personal devices (/hrdisciplines/technology/articles/pages/byod-identity-crisis.aspx).” 8/28/2014 10:08 AM BYOD Policy, Security Highlighted as Apple, IBM Join Forces 2 of 4 http://www.shrm.org/hrdisciplines/technology/articles/pages/why-byod-p... After all, “iPhone and iPad … have transformed the way people work with [more than] 98 percent of the Fortune 500 and [more than] 92 percent of the Global 500 using iOS devices in their business today,” said Apple CEO Tim Cook in a news release on Apple’s mobile operating system. “For the first time ever we’re putting IBM’s renowned big data analytics at iOS users’ fingertips.” Experts say this trend will mean HR needs to prepare to implement mobile device management policies and IT will need to address security concerns. Forrester reports that 35 percent of companies with more than 1,000 employees in the U.S.—and 24 percent of such employers in Canada, as well as 21 percent in Europe—“are ready to pay some or all the cost of a mobile phone or smartphone used for work.” While at other companies, having employees pay for their own equipment may ease costs, the need for policies surrounding BYOD will be even more critical, experts say. David Lee, vice president of product management at RingCentral, a software-as-a-service vendor that provides cloud-based phone systems for businesses, told SHRM Online in an interview that mobile providers are hoping to enter the enterprise, which “should make it easier for HR to manage and enforce BYOD policies and [for] IT to provide secure and manageable infrastructure for these new mobile devices.” Security Still Important The Forrester Wave report stated that “security management for employee personal devices used for work is a top concern, which is unlikely to abate.” Some 77 percent of those surveyed by Forrester said they expect their BYOD policies to change within the next 12 months to address security concerns. Part of that focus will be on “what type of information and resources can be accessed, and how to monitor and enforce IT policies related to downloads, and transfers of information,” according to the report. “One challenge HR may face is employees’ willingness to partially give up control of their personal devices,” Lee said. “Many of the mobile device management functions included in [Apple’s latest operating system], which IBM will no doubt leverage, take some control away from users (what can be installed, what can be deleted, etc.), and may enable employees to have access to data on their personal devices that employers may not be aware of,” Lee pointed out via e-mail. “HR may need to manage those concerns and expectations transparently to ensure employee acceptance.” Michael Osterman, principal analyst with Osterman Research, which provides insight for companies in the messaging industry, told CIO Magazine (http://www.cio.com/article/2376794/byod/cios-face-byodhard-reality--employees-don-t-care.html) recently that “it is clear organizations need to continue to educate employees on the dangers and risks of mobile security, but also look to solutions that safeguard the devices and applications which these employees have access to.” Here’s What HR Can Do 8/28/2014 10:08 AM BYOD Policy, Security Highlighted as Apple, IBM Join Forces 3 of 4 http://www.shrm.org/hrdisciplines/technology/articles/pages/why-byod-p... SHRM Technology and HR Management Special Expertise Panel member Jeremy Ames told SHRM Online in an e-mail interview that measures for securing personal devices can include “such things as ensuring your company has a virtual private network, or for Android users, installing security programs such as Avast [or] … making sure ‘Find My iPhone’ [an app that locates the missing device] is set up.” He said the goal is to have the minimum set of security requirements for BYOD devices. Ames added that training on the use of BYOD is important, but “I don’t think that training alone can be sufficient if companies truly think that what they’re ending up with is a secured dual-purpose device,” he said. “That is true of most companies, but especially for industries like financial services, legal, defense contractors, etc. More and more companies are trying to realize the cost savings associated with BYOD, but aren’t tackling this important issue” of security. “One of the biggest challenges for IT leaders is making sure that their users fully understand the implications of faulty mobile security practices,” Mike Escherich, principal research analyst at Gartner, stated in a news release, “and to get users and management to adhere to essential steps which secure their mobile devices.” Ames added, “Of particular concern are the mechanisms people have to send data up to cloud-data storage services like Dropbox. If the data isn’t properly segregated, you’ve already lost some control, and information, to the cloud. So yes, while there can be ‘DIY security’ put in place, I think that companies might want to determine if the effort to physically get the devices in their hands to secure them is worth the payback they’ll end up with.” Aliah D. Wright is an online editor/manager for SHRM and author of A Necessary Evil: Managing Employee Activity on Facebook, Twitter, LinkedIn … and the Hundreds of Other Social Media Sites (http://www.amazon.com/Necessary-Evil-Managing-Employee-Activity/dp/1586443410) (SHRM, 2013). Obtain reuse/copying permission RELATED CONTENT Lessons for HR in Light of Data Breaches (/hrdisciplines/technology/Articles/Pages/Data-BreachLessons-for-HR.aspx) Use of Big Data to Detect Cyber Crime Growing (/hrdisciplines/safetysecurity/articles/Pages/Use-BigData-Detect-Cyber-Crime.aspx) Health Data Breaches Exposed 1 in 10 Americans Since 2009 (/hrdisciplines/safetysecurity/articles/Pages /Health-Data-Breaches-HIPAA.aspx) Can Monitoring Company Vehicles Drive Safety? (/hrdisciplines/safetysecurity/articles/Pages /Monitoring-Company-Vehicles-Safety.aspx) Managing Risk in a Digital World (/hrdisciplines/technology/Articles/Pages/Managing-Digital-Risk.aspx) 8/28/2014 10:08 AM BYOD: If You Think You're Saving Money, Think Again | CIO 1 of 5 http://www.cio.com/article/2397529/consumer-technology/byod--if-you-... 8/28/2014 10:14 AM BYOD: If You Think You're Saving Money, Think Again | CIO 2 of 5 http://www.cio.com/article/2397529/consumer-technology/byod--if-you-... 8/28/2014 10:14 AM BYOD: If You Think You're Saving Money, Think Again | CIO 3 of 5 http://www.cio.com/article/2397529/consumer-technology/byod--if-you-... 8/28/2014 10:14 AM BYOD: If You Think You're Saving Money, Think Again | CIO 4 of 5 http://www.cio.com/article/2397529/consumer-technology/byod--if-you-... 8/28/2014 10:14 AM BYOD: If You Think You're Saving Money, Think Again | CIO 5 of 5 http://www.cio.com/article/2397529/consumer-technology/byod--if-you-... 8/28/2014 10:14 AM Keep Cyberspies Out 1 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... (/pages/default.aspx) SHRM (/Pages/default.aspx) » Publications (/Publications/pages/default.aspx) » HR Magazine (/Publications/hrmagazine/Pages/default.aspx) » Editorial Content (/Publications/hrmagazine /EditorialContent/Pages/default.aspx) » 2013 (/Publications/hrmagazine/EditorialContent /2013/Pages/default.aspx) » July 2013 (/Publications/hrmagazine/EditorialContent/2013/0713/Pages /default.aspx) » Keep Cyberspies Out COVER STORY Vol. 58 No. 7 Here’s how HR can safeguard sensitive data and reduce the threat of cybercrime. By Aliah D. Wright 7/1/2013 They lurk in a sea of online data—these anonymous cybercriminals —trying to reel in a big fish: you. You're the unsuspecting HR professional who sits atop a treasure trove of information—Social Security numbers, addresses, electronic health records, strategic plans, trade secrets—that can help criminals in their quest to profit from stolen data. It's getting harder to protect data from cybertheft. Security experts say three developments since early 2012 have led to an increase in hacker attacks: 8/28/2014 10:11 AM Keep Cyberspies Out 2 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... The ease of using online "social engineering" techniques—taking advantage of human characteristics such as curiosity, helpfulness or greed—to trick and exploit people. Perpetrators often find victims through publicly identifiable information and then attempt to access sensitive corporate data through those individuals. A shift to using mobile devices—a Wild West of security vulnerability. An increase in the use of cloud-based services, which can have security holes. Theft of corporate information threatens organizations of all sizes, and many are unprepared to detect or resolve such losses, according to the Ponemon Institute LLC, a research and consulting company in Traverse City, Mich., specializing in data security. (/Publications /hrmagazine /EditorialContent /2013/0713/Pages /default.aspx) More from this issue (/Publications In The Post Breach Boom, a report released in February that reflects /hrmagazine the responses of 3,500 information technology security professionals /EditorialContent surveyed by Ponemon, 54 percent of the respondents said data /2013/0713/Pages breaches had increased in severity during the past two years. Another 52 percent said breaches had become more frequent. Moreover, 45 percent of chief executive officers said their companies experience cyberattacks daily or hourly, according to Ponemon's nationwide 2012 study, The Business Case for Data Protection. /default.aspx)HR Magazine homepage (/Publications /hrmagazine/Pages /default.aspx) Web Extras Determined Cyberthieves Use Many Tools Data breaches often involve multiple techniques, according to the 2013 Study: The Business Case for Data Breach Investigations Report, an analysis of more than 47,000 Data Protection security incidents from Verizon Communications Inc.: (http://www.ponemon.org /library/the-business-case-for- 76 percent of network intrusions exploited weak or stolen credentials, such as usernames or passwords. data-protection-what-seniorexecutives-think-about- 40 percent incorporated malware—malicious software, script or code data-protection) (Ponemon used to steal information. Institute) 35 percent involved physical attacks, such as ATM skimming. SHRM article: Cybersecurity 29 percent leveraged social engineering tactics, such as phishing. Bill Dies, Executive Order on the Way? (/hrdisciplines /safetysecurity/articles/Pages /Cybersecurity-ExecutiveOrder.aspx) (Safety & Security) 8/28/2014 10:11 AM Keep Cyberspies Out 3 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... Cyberattacks are typically outside jobs. In a 2013 analysis of more than SHRM article: Cybercrime 47,000 security incidents, Verizon Communications Inc. researchers 2012: Malware Threatens Social found that "external attacks remain largely responsible for data Media, Cloud Services breaches, with 92 percent of them attributable to outsiders." These (/hrdisciplines/safetysecurity attacks came from organized crime, activist groups, former employees, /articles/Pages/Cybercrime- lone hackers and even organizations sponsored by foreign 2012-Malware.aspx)(Safety & governments, according to the 2013 Data Breach Investigations Security) Report. SHRM article: Bring Your Own "There isn't just one type of criminal operating online. It's a robust, Device (/Publications complex and very healthy ecosystem composed of many different types /hrmagazine/EditorialContent of attackers, all looking for different things to buy and sell," says Eric /2012/0212/Pages M. Fiterman, founder of Spotkick, a Washington, D.C.-area /0212tech.aspx) (HR Magazine) cybersecurity company. SHRM article: Company Data "Today's spies no longer need to sneak in anywhere with a microfilm Endangered by Lack of BYOD camera under the cover of darkness. They do their spying job without Security (/hrdisciplines ever leaving the comfort of their high-tech offices," says Michael /safetysecurity/articles/pages Burtov, CEO of Cangrade, an applicant tracking and assessment /byod-security.aspx) (Safety & company in the Boston area. Security) HR professionals must be vigilant when it comes to protecting their SHRM article: Cloud organizations from this new breed of cyberthieves. Computing and Security "I work closely with our IT administrator to make sure that we're protecting the integrity of our data," says Ben Eubanks, PHR, HR manager for Pinnacle Solutions Inc., an aviation training and logistics support company in Huntsville, Ala. The company is a government (/hrdisciplines/technology /Articles/Pages /CloudSecurity.aspx) (Technology) contractor, and "data security is highly important to our business," he SHRM article: Employer says. Beware: Spyware Comes to Information gained in cyberattacks can be used to perpetrate identity theft; commit espionage, financial crimes or insurance fraud; or circulate false information. The potential harm of such crimes was apparent this spring when someone hacked the official Twitter account Mobile (/hrdisciplines /technology/articles/pages /spyware-comes-to-mobile.aspx) (Technology) of the Associated Press and tweeted falsely that President Barack SHRM article: Smart Phones Obama had been injured in an explosion at the White House, which led Create New Security Threats for to wild swings in the stock market. HR (/hrdisciplines/technology Phishing for Access /Articles/Pages /SecureSmartPhones.aspx) (Technology) 8/28/2014 10:11 AM Keep Cyberspies Out 4 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... Experts say online social engineering poses one of the greatest risks to SHRM video: Aaron Titus, companies whose information resides on servers or mobile devices or privacy director for The Liberty in the cloud. According to the Verizon analysis of security incidents, the Coalition, offers tips for proportion of breaches incorporating tactics such as phishing—the protecting HR data on company practice of tricking users into clicking on a link presented as that of a networks (/multimedia/video seemingly legitimate website—was four times higher in 2012 than in /vid_archive/Pages 2011. /110121titus3.aspx) Social engineering attempts hinge on fooling people into believing they're going to benefit in some way or prevent a negative consequence RELATED CONTENT by clicking on a link or divulging confidential personal or proprietary information. For instance, a hacker may breach a network and learn that an employee has high health care costs. The hacker could then create an e-mail that looks like it comes from the employee's physician and reads something like, "I need you to come to our office ASAP. Our recent scans show something I need to discuss with you. Click here for an The Heartbleed Bug: Data Breach and Liability Risks (/hrdisciplines/safetysecurity /articles/Pages/HeartbleedBug-Data-Breach-LiabilityRisks.aspx) appointment," says Stu Sjouwerman, CEO at KnowBe4 LLC, a network Financial Institutions Face security firm in Clearwater, Fla. The target might think, "Oh, my God! Variety of Cyberthreats Do I have cancer?" and then click on a link that could put the (/hrdisciplines/safetysecurity company's sensitive HR data at risk. /articles/Pages/Financial- That's because tracking programs—keystroke loggers, Trojans, worms, cookies, adware, viruses and malware—can be introduced when a user clicks a link. Banks-CyberthreatsCloud.aspx) Cybercrime 2012: Malware Threatens Social Media, Cloud Alfred Saikali, an attorney and co-chair of Shook Hardy & Bacon's Data Services (/hrdisciplines Security and Data Privacy Practice Group based in Miami, says /safetysecurity/articles/Pages criminals are targeting three types of data: /Cybercrime- • Personally identifiable information such as name, Social Security 2012-Malware.aspx) number, financial information, driver's license information and date of Tablets and Portals Prove a Hit birth. in Boardrooms (/hrdisciplines • Sensitive proprietary information such as trade secrets. /businessleadership/articles • Health data such as medical records and other information protected under the Health Insurance Portability and Accountability Act. /Pages/Tablets-PortalsPaperless-Boardrooms.aspx) Experts: Seasonal Hiring Boosts Risk for Identity Fraud (/hrdisciplines /staffingmanagement/Articles /Pages/Seasonal-Hiring- 8/28/2014 10:11 AM Keep Cyberspies Out 5 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... "Sometimes, the easiest way into a company's network is through its Boosts-Identity-Fraud- people," says Fiterman, a former FBI agent. "The more information I Risks.aspx) can identify about people in an organization, the easier it makes my job as an attacker. I can use intelligence gathered from social networks, for example, to send highly targeted e-mails with malicious links or attachments to high-value targets" such as CEOs. "An employee's employment history, any derogatory or personal information, financial information, or personally identifiable information all have value to someone," Fiterman adds. A stolen medical identity has a $50 street value, whereas a stolen Social Security number sells for only $1, according to Kirk Herath, chief privacy officer at Nationwide Mutual Insurance Co. Yet most people don't protect their medical information as diligently as they protect their Social Security number. Mobile Security Challenges for HR Despite repeated warnings and reports about data breaches, employers continue to fail miserably when it comes to protecting employee data and corporate information, experts say. Many organizations put themselves at risk by allowing employees to take unencrypted data out of the office on devices such as cellphones, laptops and tablet computers. In addition, myriad apps that allow employees to work remotely can increase cybertheft risks. "Many of these apps will remember IDs and passwords, therefore placing personal and company data at risk if the device is stolen or misused by others," says Gregory Rogers, SPHR, vice president of human resources for GS1 US, an information standards organization based in Lawrenceville, N.J. The possibilities of proprietary information ending up in the wrong hands are endless, he says, and can lead to "payroll and identify theft, retirement plan/401(k) manipulations, medical plan fraud, inappropriate company intranet access, and company data theft—all through the use of mobile apps. "Caution employees to always use a password to access their mobile devices, particularly if these devices provide access to company sites," Rogers says. "Employees should also be cautioned not to store ID and password information on the device or have the device 'remember' this information." 8/28/2014 10:11 AM Keep Cyberspies Out 6 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... Mobile Security Tips Alex Bobotek is co-chairman of the Messaging, Malware and Mobile Anti-Abuse Working Group, a global organization based in San Francisco that targets messaging abuse, and the lead for messaging anti-abuse architecture and strategy at AT&T Labs. To decrease threats from mobile devices, he suggests HR professionals make sure employees: Install a mobile anti-virus product from a leading vendor. Many are free. Download applications only from reputable application stores. Don't download apps from unknown sources such as unofficial app stores or the Internet. Realize that even if an app comes from a reputable app store, it may not be safe. "Some have hidden Trojans that can cost you money or steal your information," Bobotek points out. Consider any communication to be suspicious—whether in an e-mail, text message or in-phone ad—that asks you to download an application. Treat as suspicious any notification of a problem with an account that requests a phone call or a visit to a website to provide account information. Report spam and other unwanted text messages by forwarding them to 7726 (the numbers that spell out "spam" on a phone keypad). The reports go to the GSMA, an association of mobile communications providers, which relays the information to providers. Ponemon reports that 68 percent of companies allow employees to use their own devices in the workplace. Sixty percent of employees, however, circumvent their devices' security features by ignoring warnings not to click on links or failing to download security software. 8/28/2014 10:11 AM Keep Cyberspies Out 7 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... A bring-your-own-device policy, "from a security perspective, is a rat's nest," Sjouwerman says. Business leaders who support BYOD policies should limit the types of devices they support, he says, noting that Apple devices are more secure than Android devices, for instance. "Using enterprise mobile device management software can help companies manage the degree to which employees can access corporate networks," he adds. With such software, HR and IT staff members can secure, monitor and manage mobile devices that access the company's systems. Cristian Florian, project manager with GFI Software in Cary, N.C., adds that "some managers may choose to deploy separate wireless networks, to be used by mobile devices, [that] do not allow full access to company IT resources, such as virtual private networks and databases." Experts note that users are downloading a host of social networking, financial and productivity apps to mobile devices and that malware threats are increasing apace. "There is an enormous growth in malware for mobile devices," Sjouwerman says. "Over 100,000 new [malware] variants are created on a monthly basis, which makes detecting them very difficult," says James Bower, founder and CEO of Ninja Technologies, an information security company in Atlanta. Users can thwart infection of their devices by purchasing apps directly from retail outlets such as iTunes, Google Play or BlackBerry World. In fact, when fashioning a mobile device policy, HR professionals may want to consider requiring employees to buy apps from reliable vendors—but it's probably only a matter of time before those apps, too, are compromised. 8/28/2014 10:11 AM Keep Cyberspies Out 8 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... How to Make Your Data More Secure Members of the Society for Human Resource Management's Technology & HR Management Special Expertise Panel identified several best practices HR professionals, along with IT professionals, should follow to keep data secure. Use firewalls and virus protection software. Establish and enforce a variety of password policies. For example, don't allow everyone to have the same level of access to certain types of information. Restrict network access for departing employees. Use encryption software. Make sure backup systems are in place, and have onsite and offsite storage, in case of an attack. Make sure employees log off or lock computers when not in use. Other threats facing mobile devices include the low-tech danger of their being lost or stolen. Sjouwerman says employees should be required to contact HR if a device goes missing. If the device is lost or stolen, it should be locked and its contents deleted as a security precaution. HR professionals should make sure their companies' IT departments have policies "governing the use of mobile devices," Fiterman adds. "Standard guidance usually states, 'Have a password on the device, don't use it for sensitive data storage, and encrypt data when possible.' " The Air Up There in the Tech Clouds IT experts say HR data hosted by a third party in the cloud is only as safe as the provider hosting it. Traditionally, companies have been responsible for securing their own data, says Dave Dalva, vice president at Washington, D.C.-based Stroz Friedberg LLC, a security risk consulting and investigations company. But when data are moved to the cloud, the process results in "a dissolving security perimeter," he notes. 8/28/2014 10:11 AM Keep Cyberspies Out 9 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... HR leaders need to make sure their vendors have conducted "an appropriate security analysis of their cloud environment so they're not putting their customers at risk," Dalva says, "especially if they have multiple customers with data residing in the same cloud environment. There needs to be a separation of customers' information to prevent cross-pollination." Cloud providers, he says, "need to do the technological due diligence to make sure their systems are meeting best practices for security." Due diligence includes making sure "the cloud provider's security requirements are certified by recognized authorities such as the International Standards Organization on Data Privacy and Protection," says Paul Belliveau, SPHR, managing director and global human capital management advisor at Avancé-Human Capital Management in Bedford, N.H. Good cloud providers will also have protocols for keeping data secure, such as encrypting files or spreading the data out among different systems. "Cloud computing is only increasing in scope. And it's critical that companies invest in cloud partners with the highest level of backup and data encryption services," says Shari Missman Miller, business manager at NogginLabs Inc., a custom e-learning software developer based in Chicago. Miller manages the company's human resources. The Cisco Global Cloud Index (2011-2016), issued in 2012, predicts that cloud traffic as a percentage of total data center traffic will increase from 39 percent in 2011 to 64 percent in 2016. Experts suggest that HR leaders might want to consider storing really sensitive HR data in-house. The data that falls into this category depends on what's most important in a company's business, Belliveau says. "Is it pay structures or strategies that deal with human capital? You want to bring that in-house so you're not sharing it," he explains. Keys to Planning Data Protection Having a data security plan is critical. "Plan for the inevitable," including theft and loss, Dalva says. Miller agrees, adding, "There isn't really any way to completely guarantee the safety of corporate data." 8/28/2014 10:11 AM Keep Cyberspies Out 10 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... HR and IT professionals can reduce the possibility of an attack by making sure software for routers, wireless devices, printers, laptops and desktops is current and patched when necessary. "In more than 90 percent of cases, keeping systems up-to-date would have avoided a security breach," says Florian of GFI Software. HR and IT professionals also need to know where network vulnerabilities exist to decrease the probability of a breach. This includes being aware of how people access and transmit corporate data and recognizing that a virtual private network (VPN) is more secure than a standard Internet connection. Systems security audits—reviewing applications, quizzing employees, scanning for security vulnerabilities—should be conducted for all those who access HR data, including third-party sources, says Belliveau, a member of the Society for Human Resource Management's Technology & HR Management Special Expertise Panel. Miller advises HR leaders to focus on prevention and training and to ensure that employees "follow strict security directives when handling data, especially in mobile platforms." "Policy, procedure and security awareness training is essential," Florian adds. It's HR's job to create a policy and to be "instrumental in making sure that policy is applied. From the onboarding process through annual security awareness trainings, employees need cybersecurity training." One way to protect your organization: Train employees to think critically before they click on e-mailed links. Simple skills, such as knowing that hovering your mouse over the link will show the link's destination, can go a long way toward preventing infection, Florian says. The more employees know about the risks, the more secure data will be. Verizon reports that 97 percent of breaches "were avoidable through simple or intermediate controls," such as by training employees not to click on suspicious links and by changing administrator passwords or making them more secure. 8/28/2014 10:11 AM Keep Cyberspies Out 11 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... HR and IT professionals should make sure password policies are well-enforced, recommends Sorin Mustaca, a security expert and vice president of product development with Avira Operations GmbH & Co. KG, a data security company based in Germany. "Many users are simply unaware how simple their passwords are and that they are endangering the entire company" if a password is guessed by a hacker. Two-factor authentication should be required on systems that handle customer data, he says. With this method, the user provides a keyword or other special knowledge that proves he or she has the right to access sensitive data. Requiring employees to access corporate data only over VPNs instead of using free Wi-Fi hot spots, or using a security token that generates new passwords to provide an additional layer of identity protection, can also help, experts say. A strong data security plan and effective training aren't always enough. "If I send one e-mail, I've got about a 25 percent chance that somebody is going to click on a link in that e-mail. If I increase that to six e-mails, I've got an 80 percent chance that someone will click on that link," says Chris Porter, co-author of Verizon's 2013 Data Breach Investigations Report and managing principal for Verizon's Risk Team. "Even with training, people will still click on dubious links." Experts say there was a time when installing anti-virus protection on all computers was sufficient to prevent breaches, but not anymore. "All it takes is one simple mistake for an attacker to find and exploit," Fiterman says, noting that attackers are highly motivated and working 24/7. "So there's no simple answer, other than understanding that malicious action is inevitable. Plan, plan, plan." Aliah D. Wright is an online editor/manager for SHRM and author of A Necessary Evil: Managing Employee Activity on Facebook, Twitter, LinkedIn … and the Hundreds of Other Social Media Sites (SHRM, 2013). What are the biggest cybersecurity threats to your organization? What have you done to close vulnerabilities? If you are having problems seeing the discussion comments when using Internet Explorer on a PC, press F12 and change your Browser Mode to ‘Internet Explorer 8.’ Then press F12 again. 8/28/2014 10:11 AM Keep Cyberspies Out 12 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... Comments for this thread are now closed. Comments 052214_1 • — Clarification would be a blessing. In the non-profit Capitol Hill Update Congress Takes Renewed • — You talk about "the best employers" working to ensure 1 Washington Update High Court Rules President’s • — Of course, these decisions are invalid. Every employer that lost a Washington Update Social Security Administration • — I've tried several times to create an account at the SSA 8/28/2014 10:11 AM Keep Cyberspies Out 13 of 13 http://www.shrm.org/publications/hrmagazine/editorialcontent/2013/071... blog comments powered by Disqus (http://disqus.com) Obtain reuse/copying permission 8/28/2014 10:11 AM 9/8/2014 Your Law Firm’s Internet Presence Wednesday September 10, 2014 An Andrew Cabasso and Jurispage Joint JurisPage.com Overview • • • • • • Email Social Media Your Website SEO Internet Marketing Ethics JurisPage.com Email JurisPage.com 1 9/8/2014 JurisPage.com Your Email Address You want yourname@yourlawfirm.com 4 Steps JurisPage.com Your Email Address: Step 1 $10 /year Buy a .com domain JurisPage.com 2 9/8/2014 Your Email Address: Step 2 Find an e-mail host provider $5 / user / month Google Apps Free for up to 10 users Zoho Most likely your registrar offers email too (Godaddy, 1&1, Rackspace, etc. all have inexpensive plans) JurisPage.com Your Email Address: Step 3 Change your MX records Go to your domain registrar settings to change the e-mail records (called “MX records”) following your e-mail host’s instructions* *if you get your email from your domain provider, this is not necessary JurisPage.com Your Email Address: Step 4 Configure your e-mail client Follow your e-mail host’s instructions (this will let you access your email via Outlook or your phone). JurisPage.com 3 9/8/2014 Alternatively… • Option B: Mail server – Cost – Security – Stability – Scalability – IT guy JurisPage.com Social Media JurisPage.com Why Engage in Social Media? JurisPage.com 4 9/8/2014 Why Engage in Social Media? 1) SEO: Google’s search algorithm cares about social media sharing 2) Go where potential clients are 3) Engage other professionals Either use it or don’t – don’t half-use it JurisPage.com Which Social Networks? Focus on 1 or 2 • • • • Google+ LinkedIn Twitter Quora • Facebook • Pinterest • Meetup JurisPage.com Google+ • Highest SEO ROI • G+ Communities for exposure • Client testimonials / reviews JurisPage.com 5 9/8/2014 LinkedIn Have a Company page that your current employees can join, a personal profile so that clients can give testimonials JurisPage.com Twitter JurisPage.com Twitter • Link to blog posts • Discuss events in your practice area that don’t warrant a blog post • Engage other attorneys JurisPage.com 6 9/8/2014 Quora A Q&A website – use it to answer relevant questions in your practice area and build authority JurisPage.com Meetup • In-person events • Make contacts • Make friends JurisPage.com Hootsuite JurisPage.com 7 9/8/2014 Hootsuite • Saves time, posts to every social network simultaneously • Scheduled posts JurisPage.com Websites JurisPage.com JurisPage.com 8 9/8/2014 Things You Need to Have a Website 1. Domain: yourfirm.com 2. Hosting: to make your site accessible 3. Website: preferably using a CMS like Wordpress JurisPage.com What’s a Website For Anyway? JurisPage.com What’s a Website For Anyway? • Getting new leads • Convincing current leads to become clients • Establishing authority in your niche among other attorneys JurisPage.com 9 9/8/2014 What it Should Have 1. 2. 3. 4. 5. Clear indication of the type of law you practice Contact: Forms and Phone Number Attorney Bios Practice area pages for each type of case Social Proof: Testimonials/Verdicts/Settlements 6. Professional design / layout JurisPage.com Make it Mobile-Friendly ? % web traffic from mobile JurisPage.com Make it Mobile-Friendly 40% % web traffic from mobile Google’s algorithm penalizes non-mobile sites JurisPage.com 10 9/8/2014 Mobile-Friendly Example Not Mobile‐Friendly Mobile‐Friendly JurisPage.com Websites – Mobile Sites http://boss.blogs.nytimes.com/2014/01/08/making‐sure‐your‐website‐is‐ready‐for‐smartphones/ JurisPage.com Getting it Built: DIY Wordpress, Wix, Godaddy Pros Cons • Cheap • You’ll know how to update your content • • • • Steep learning curve Hard to design Have to worry about ethics rules Bad SEO JurisPage.com 11 9/8/2014 Getting it Built: Professional Use a Legal-Focused Developer Ask Them: Be Careful: JurisPage.com Getting it Built: Professional Use a Legal-Focused Developer Ask Them: Be Careful: • Will it be mobile‐friendly? • Will I be able to update it myself? • If not, will you update it? • What CMS will you use? • Use Wordpress if possible • Will it be SEO‐ready? • Sitemap, Meta Tags, Content • How fast will it load • Under 3 seconds is best • Can I see an example of your work? JurisPage.com Getting it Built: Professional Use a Legal-Focused Developer Ask Them: Be Careful: • Will it be mobile‐friendly? • Will I be able to update it myself? • If not, will you update it? • What CMS will you use? • Use Wordpress if possible • Will it be SEO‐ready? • Sitemap, Meta Tags, Content • How fast will it load • Under 3 seconds is best • Can I see an example of your work? • Don’t use other peoples’ content • Templates can be boring • Make sure your site isn’t available through both www.yoursite.com and yoursite.com • Make sure they’re accessible JurisPage.com 12 9/8/2014 Building a Second Website • Useful for class actions • Geared towards a specific client type • Plaintiff / defendant sites JurisPage.com Search Engine Optimization JurisPage.com JurisPage.com 13 9/8/2014 JurisPage.com I Want My Site to Come Up in Google! On Site Off Site • Page Content • Meta Tags • Backlinks – Quality > Quantity • Social Mentions • Social Profiles • Directory Profiles • • • • Interlinking Posting Frequency Page Speed Mobile Readiness JurisPage.com On Site Blog, Blog, Blog • Blogging makes you an authority • Fresh content tells Google your website is still relevant • Differentiate yourself JurisPage.com 14 9/8/2014 Keys to Good Blogging On Site • • • • Write for readers, not machines Stay current Stay consistent Be patient! JurisPage.com Use Key Language On Site Optimize keywords Some Popular Attorney-Related Keyword Descriptors I’ve Come Across: Aggressive Top Affordable Cheap Best Local And… yes, unfortunately “attornies” JurisPage.com Hurdles to Blogging On Site • “I’m too busy” – Outsource • “What would I write about” Blog Topic Suggestions: JurisPage.com 15 9/8/2014 Hurdles to Blogging On Site • “I’m too busy” – Outsource • “What would I write about” Blog Topic Suggestions: Client FAQs The auto-fill trick Newly decided cases Recently enacted laws Recent controversies JurisPage.com The Auto-Fill Trick JurisPage.com Privacy Policy On Site No one reads them except 1. The lawyers who write them 2. The developer who copies one and substitutes his/her company name 3. Search engine robots JurisPage.com 16 9/8/2014 Off Site 7 Ways to Increase Backlinks 1. Local Business Directories 2. Social SEO 3. Lawyer Directories 4. Guest Posting 5. Forum Posts / Blog Comments 6. RSS 7. Press Releases JurisPage.com Off Site Local Business Directories • Google Places • Moz Local JurisPage.com Off Site Social SEO • Social media sites (as much as some of us may hate them) are vehicles for linking your content for SEO • • • • LinkedIn Twitter Facebook Quora JurisPage.com 17 9/8/2014 Off Site Lawyer Directories • Reach many more visitors of popular legal websites that get top organic billing • Lawyers.com/Lexis/Martindale • SuperLawyers PageRanks for Legal • FindLaw Directories FindLaw ‐ 7 SuperLawyers ‐ 7 Avvo ‐ 6 Lexis ‐ 6 Martindale ‐ 7 Lawyers.com ‐ 7 JurisPage.com Off Site Reputation Management If you get a bad review somewhere, it’s not the end of the world. There are PR firms and SEO firms that specialize in burying bad reviews. JurisPage.com Tools SEO Tools • Google Analytics – Monitor website traffic • Google Webmaster Tools – Sitemaps, inbound link analysis, keyword analysis • Google Keyword Tool – Analyze prospective keywords • Pingdom Website Speed • Feedburner – Create RSS feed for your content / blog • Keyword Position – Where does your site show up for a particular keyword? JurisPage.com 18 9/8/2014 Tools Google Analytics JurisPage.com Tools Google Webmaster Tools JurisPage.com Tools Pingdom Website Speed JurisPage.com 19 9/8/2014 Tools FeedBurner JurisPage.com Tools Keyword Position Tool JurisPage.com Internet Marketing JurisPage.com 20 9/8/2014 JurisPage.com Internet Marketing Advertising in Google, Bing, and Facebook can get clients to your website (through the front door). Once they’re there, it’s up to your website to get them to stay with you. JurisPage.com Keys to Success JurisPage.com 21 9/8/2014 Keys to Success 1. 2. 3. 4. 5. Use landing pages! Track your campaigns carefully Test changes Try different marketing channels Abandon campaigns that aren’t working JurisPage.com Example Landing Page JurisPage.com Landing Page Basics • Eliminate distractions: navigation, social links, extraneous information • Align landing page copy with ad copy • Include social proof • Have a clear call to action JurisPage.com 22 9/8/2014 Track Your Campaign ROI JurisPage.com Track Your Campaign ROI • • • • Review keywords periodically Track ad click through rate First page vs. top-page cost Track conversions $/Lead $/Client JurisPage.com Test Changes • • • • • • Keywords Ad Copy Landing Page Copy Landing Page Geography Geography Time of Day JurisPage.com 23 9/8/2014 Try Different Channels Directories Search Engines Social Networks Retargeting JurisPage.com Ethics What You Can, Can’t, and Probably Shouldn’t Do JurisPage.com Ethics - Blogs • Concerns about blogging? JurisPage.com 24 9/8/2014 Ethics - Blogs • Concerns about blogging? – Advertising ethics issues – Blogging about clients – Getting sued – Defamation JurisPage.com Ethics - Blogs • Hunter v. VA State Bar • VA criminal defense law firm has blog posts, where every blog post is about his firm. No advertising disclaimer JurisPage.com Ethics - Blogs • A blog is not an attorney advertisement unless the “primary purpose” of the blog is for the retention of the lawyer • NYSBA Opinion 967 (6/5/13) JurisPage.com 25 9/8/2014 Ethics - Blogs • “Advertisement” • “any public or private communication made by or on behalf of a lawyer or law firm about that lawyer or law firm’s services, the primary purpose of which is for the retention of the lawyer or law firm.” JurisPage.com Ethics – Blogs • Blogging about clients? • In re Pershek (2009) – Pub defender referred to criminal clients in blog, tried to anonymize them but did a bad job • Anyone could’ve put pieces together to see who she wrote about JurisPage.com Ethics – Blogs • Blogging about clients? • You need written permission if on-going matter • Non-Confidential info may still be embarrassing to client – Don’t get to that level JurisPage.com 26 9/8/2014 Ethics – Blogs and Stock Photos • Rule 7.1 (c) • No fictionalization of a law firm w/o disclosure • Stock photos 16 instances JurisPage.com Ethics - Expectations • Board of Managers of 60 E. 88th St. v. Adam Leitman Bailey, PC – Firm advertising highlighted that it “gets results” – Judge cut fees from $112,000 to $60,000 JurisPage.com Ethics – Attorney Advertising • ATTORNEY ADVERTISING 7.1(f) • “Prior results do not guarantee a similar outcome” 7.1(e) JurisPage.com 27 9/8/2014 Ethics - Expectations • Cmt. 12 to 7.1 • Non-comparative characteristics are permissible statements even though not factually supported • “Hard-working” “dedicated” = yes • “Best” “hardest-working” = no • “Big $$$” “We win big” = no - expectation JurisPage.com Ethics - Astroturfing Yelp, Inc. v. McMillan Law Group, Inc. JurisPage.com Ethics - Astroturfing JurisPage.com 28 9/8/2014 Ethics - Astroturfing • Rule 7.2 – A lawyer shall not compensate or give anything of value to a person or organization to recommend or obtain employment by a client, or as a reward for having made a recommendation resulting in employment by a client JurisPage.com Ethics - Astroturfing • Rule 7.1 – (a) A lawyer or law firm shall not use or disseminate or participate in the use or dissemination of any advertisement that: (1) contains statements or claims that are false, deceptive or misleading; or (2) violates a Rule JurisPage.com Ethics - Expertise • “Specialties” – Yelp – LinkedIn (not likely an issue anymore) – NYSBA Opinion 972 (6/26/13) JurisPage.com 29 9/8/2014 Ethics - Advertising • Matter of Dannitte Mays Dickey (S.C. 2012) • Attorney made false statements on his website • Used the word “specialist” • Public reprimand JurisPage.com Ethics - Advertising • Rule 7.1(q) • “A lawyer may accept employment that results from participation in activities designed to educate the public to recognize legal problems, to make intelligent selection of counsel or to utilize available legal services.” JurisPage.com Ethics - Advertising • Rule 7.1(r) • Without affecting the right to accept employment, a lawyer may speak publicly or write for publication on legal topics so long as the lawyer does not undertake to give individual advice. JurisPage.com 30 9/8/2014 Ethics - Advertising • “Recognition of legal problems” (Cmt. 9 to 7.1) • Lawyers should encourage and participate in educational and public-relations programs concerning the legal system, with particular reference to legal problems that frequently arise. A lawyer’s participation in an educational program is ordinarily not considered to be advertising because its primary purpose is to educate and inform rather than to attract clients. JurisPage.com Ethics - URLs • 7.5 (e) – Website URL • A lawyer or law firm may utilize a domain name for an internet web site that does not include the name of the lawyer or law firm provided: (1) all pages of the web site clearly and conspicuously include the actual name of the lawyer or law firm; (2) the lawyer or law firm in no way attempts to engage in the practice of law using the domain name; (3) the domain name does not imply an ability to obtain results in a matter; JurisPage.com Ethics - URLs • Winlawyers.com vs. nycriminaldefense.com JurisPage.com 31 9/8/2014 Ethics - URLs • Cmt. 2 to 7.5 • Can always use your firm name or an abbrev. • Can use practice area (e.g. realestatelaw.com) – 1. Must have firm name on every page – 2. Can’t say “contact realestatelaw.com” unless firm name is included in the ad – 3. No implied results • E.g. no “win-your-case.com” JurisPage.com Ethics - URLs • 2003-01: Lawyers’ and Law Firms’ Selection and Advertising of Internet Domain Names – The web site bearing the domain name must clearly and conspicuously identify the actual law firm name; the domain name must not be false, deceptive or misleading; the name must not imply any special expertise or competence, or suggest a particular result; and, it must not be used in advertising as a substitute identifier of the firm. JurisPage.com Ethics - URLs • • • • • • Antonelli-Legal.com MEN-Law.com HeaneyDisabilityLaw.com NYChapter7lawyers.com NYInjuryVerdicts.com NYInjuryExperts.com JurisPage.com 32 9/8/2014 Ethics – Referral Fees • Rule 7.2 – referral fees • Totalbankruptcy.com referral fees case – 5 attorneys found to violate 7.2 (in CT) JurisPage.com Ethics – Referral Fees • Rule 7.2 – referral fees • Paying “subscription fees” for advertisements – The line: paying “per referral” • Subscription services – Martindale/Lexis, Avvo, Superlawyers, Findlaw, Totalattorneys JurisPage.com Ethics – Internet Marketing JurisPage.com 33 9/8/2014 Ethics – Internet Marketing JurisPage.com Ethics – Outsourcing Marketing • You can’t outsource ethics to your legal marketing / SEO team • Adwords, blog posts, SEO done by a thirdparty can’t violate the rules • If you outsource, make sure they know the attorney ethics rules, what they can / can’t do JurisPage.com Ethics - Retention • Rule 7.1 (k) • Retain computer-based advertisements for 1 year • Retain website redesigns for at least 90 days JurisPage.com 34 9/8/2014 Ethics - Judges • • • • Don’t tweet during a trial, you’ll regret it Friending judges is tricky… Don’t blog about a pending case or judge Rules 3.5, 3.6, 8.1, 8.4, 8.5 JurisPage.com Ethics - Judges • Rule 3.5 (a) • A lawyer shall not: • (1) seek to or cause another person to influence a judge, official or employee of a tribunal by means prohibited by law . . . JurisPage.com Ethics - Judges • Rule 3.6 • No extrajudicial statements the lawyer “knows or reasonably should know” will be publicly disseminated and can prejudice the matter JurisPage.com 35 9/8/2014 Ethics - Judges • Rule 8.1 • No false statements concerning the quality, integrity, or conduct of judges JurisPage.com Ethics - Judges • Rule 8.4 (d) • A lawyer shall not: . . . engage in conduct that is prejudicial to the administration of justice JurisPage.com Ethics - Judges • Rule 8.5 • (a) A lawyer shall not knowingly make a false statement of fact concerning the qualifications, conduct or integrity of a judge or other adjudicatory officer or of a candidate for election or appointment to judicial office. JurisPage.com 36 9/8/2014 Ethics - Judges • Don’t write a blog post about a judge • NY lawyer suspended for 5 years • Attorney wrote a blog post to campaign for the attorney’s client who was imprisoned after being held in contempt by the judge • The blog named the judge, tried to create a campaign to pressure the judge to free the client JurisPage.com Ethics - Judges • Domville v. State (Fla. Jan. 2012) • Judge friend requested a prosecutor in the case JurisPage.com Ethics - Judges • Chace v. Loisel (Fla. Jan. 2014) • Judge friend requested a litigant in an ongoing case JurisPage.com 37 9/8/2014 Ethics - Judges • Matter of Terry (N.C. 2009) • Attorney messaged judge on Facebook regarding a pending case JurisPage.com Ethics - Judges • Florida State Bar v. Conway (Fla. 2008) • Blog criticizing judge as “unfair witch” • Public reprimand JurisPage.com Ethics - Judges Las Vegas substitute judge sacked JurisPage.com 38 9/8/2014 JurisPage.com References • http://jurispage.com/category/ethics/ JurisPage.com Thank You Andrew Cabasso Phone: (800) 863-7603 Email: andrew@jurispage.com Twitter: @andycabasso Blog: jurispage.com/blog Web: jurispage.com Slides available at slideshare.com/jurispage Free SEO for Lawyers eBook available at jurispage.com/ebook JurisPage.com 39 Andrew Cabasso (631) 606-0052 | andrew@jurispage.com Experience JurisPage New York, NY, January 2013 – Present Founder Provide internet marketing services to small and medium-sized law firms, including mobile-ready website design, SEO, Adwords campaign management. Publish a blog at jurispage.com/blog covering topics related to law firm website design, search engine optimization, internet marketing, legal tech startups, and law practice management. Selected Publications JurisPage Blog, JURISPAGE, jurispage.com/blog (2013-Present) Pay Per Click Marketing for Lawyers (September 2014) Cloud Case Management Software Comparison, JURISPAGE, http://jurispage.com/2014/practice-management-reviews/law-firmpractice-and-case-management-software-comparison-chart/ (April 2014) How to Pick an Ethical Domain Name, BROOKLYN BARRISTER, available at http://www.brooklynbar.org/wpcontent/uploads/01-12_Barrister_01_2014.pdf (Jan. 2014) Get New Law Firm Clients, SLIDESHARE, slideshare.net/jurispage (August 2013) Search Engine Optimization for Lawyers: Utilize SEO to Get New Clients Today, AMAZON, available at http://www.amazon.com/Search-Engine-Optimization-Lawyers-Utilize-ebook/dp/B00BMTX1JA (February 2013) Piercing Pennoyer with the Sword of a Thousand Truths: Jurisdictional Issues in the Virtual World, 22 Fordham Intell. Prop. Media & Ent. L. J. 383 (2012) Speaking Engagements Google Hangouts for Lawyers, WEBINAR (August 2014) How to Bring in New Clients via the Web with Online Marketing, WEBINAR (July 2014) Social Media and Website Tips for Lawyers, LIVE CLE (April 2014) Your Law Firm’s Internet Presence, LIVE CLE (March 2014) Tech Tips for Attorneys: Your Firm’s Internet Presence, LIVE CLE (January 2014) Bar Admissions New York, New Jersey Memberships and Committees New York County Lawyers Association Young Lawyers Section (2013-Present) Brooklyn Bar Association Young Lawyers Section (2013-Present) New York City Bar Information Technology Committee (2013-2014)