Linked-In Chafee

We’ve written before on the importance of good password practices.  Using strong passwords, changing them frequently, and ensuring that they are not written down next to your computer (such as on the back of a desk blotter or keyboard) are all good starting points.  A recent news story points out another best practice:  namely, if you’re running for President, and have misplaced the password to your Facebook account, you are probably better off following the “lost password” protocols with the system administrator, rather than taking this approach:



Three inventions have revolutionized the practice of law in the twenty-plus I’ve been practicing:  email, the post-it note, and those services that allow you to have a conference call at any time, without operator assistance, using the organizer’s individualized passcode.  While all of these technologies present risks — we could talk about email forever, and post-it notes are great until they fall off — consider the conference call service.

Keep in mind that, once you’ve invited someone to a call, they will forever have a record of your dial-in number.  What keeps that individual from dialing-in again, even if they’re not invited, to a future call?  It’s that passcode, which can become known or, perhaps, guessed.  As such, just as it is important to select a good computer password, and change it periodically, consider the following steps towards good conference call hygiene:

1.  Be attentive to the number of “beeps,” and ask all attendees to identify themselves.  If they don’t match or if beeps occur mid-call without identification, ask the group to reconvene and circulate a new dial-in.

2.  Rotate use of passcodes, particularly for standing calls that occur the same time each week.

3.  Don’t include your “Leader” passcode in meeting invites.

4.  Where possible, review details from the call service provider identifying who joined the call.

After all, as Tommy Tutone reminds us, some numbers are difficult to forget.


You can log in anytime you like, and your data can always leave.

(Click here for appropriate musical accompaniment for this Tip.)

The Risk Tip has previously advised of the dangers of traveling with your laptop.  But, leaving it behind can pose its own risks.  What if you’re on the road with just a smartphone, and need to use a real computer or just print something?  Can you pop by your hotel business center, and log on from there?

This past week, the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center issued a warning to travelers and the hospitality industry about hotel business centers.  In particular, several hotels in the Dallas/Ft. Worth area have had their computers infected with keystroke-logging malware, which has allowed crooks to obtain personally identifiable information; log-in credentials to bank, retirement, and personal accounts; as well as other sensitive data. 

So, what to do?  As one security guru opines

The next hotel business center you visit may be completely locked down and secure, or it could be wide open and totally overrun with malware. The trouble is that there is no easy way for the average guest to know for sure. That’s why I routinely advise people not to use public computers for anything more than browsing the Web. If you’re on the road and need to print something from your email account, create a free, throwaway email address at or and use your mobile device to forward the email or file to that throwaway address, and then access the throwaway address from the public computer.

Workplace Violence


My high school English teacher, Dale Regan, was shot and killed on this day two years ago.  I had lunch with her a couple of years earlier, and will always think of her as “Ms. Regan.”  I will remember her kindness, wit, generosity, intelligence, and dedication.  Ms. Regan taught at the school for 34 years, spending the last seven as the Head of School.  

Two years ago, Ms. Regan fired one of the school’s teachers.  He came back to the school later that day with an AK-47.  He killed Ms. Regan; then himself.  

Shootings in schools and workplaces are far too common, and law firms are not immune.  Our colleagues in California will remember the 1993 shooting in San Francisco, perpetrated by a former client, who shot fourteen people — killing eight.  Others will remember the 2006 shooting in a Chicago patent law boutique, in which a disgruntled inventor targeted a firm he believed has stolen his invention, killing three people and then himself.  In 2007, a man upset about his divorce, walked into a Louisiana law firm, and shot five people. 

The victims of these shootings included staff and lawyers, visitors, clients and passers-by. 

Even with the passage of time, this kind of senselessness doesn’t make sense.  To try and do something constructive, though, here few tips from others about how to deal with such an exigency, whether it happens in an office in which you are working or visiting. 

  • Keep alert and report suspicious behavior.
  • Respond situationally:  If you can get away, run; if you’re unsure, hide; if you have no other choice, attack.
  • Call the police when and if you can.
  • Recognize that the police may not be able to immediately tell friend from foe, and will treat you as a potential assailant — so, listen carefully and follow directions.

Further advice can be found here or in the video below.  Warning:  It’s not pleasant viewing.

Just a few days ago, Norway selected a design for the memorial to mark the 2011 bombing and shooting in Norway that killed 77 men, women, and children, and injured hundreds of others.  Swedish artist Jonas Dahlberg’s design was unanimously selected by a jury, which described the memorial as follows:

His suggestion for the Sørbråten site is to make a physical incision into the landscape, which can be seen as a symbolic wound. Part of the headland will be removed and visitors will not be able to touch the names of those killed, as these will be engraved into the wall on the other side of the slice out of nature. The void that is created evokes the sense of sudden loss combined with the long-term missing and remembrance of those who perished.

It is a stunningly beautiful and haunting design. 


Merry New Year

As the year comes to a close, we are inundated with articles and news stories about the “Best of 2013”– best videos, best sports moments, best movies, best songs, etc. But asking us to pick the year’s best Risk Tips is a little like asking a parent to pick their favorite child. And at the end of the day (or year) it’s not about which Tip had the best clip, it’s the lessons learned. So, in no particular order, here are some of the takeaways from this year’s Tips:

*Confidentiality: Remember the Harry Potter lawyer who spilled JK Rowling’s alter ego to his wife’s best friend? Rowling’s lawsuit against the firm was settled for an undisclosed amount.
*Dishonesty: Let’s not forget the big firm lawyer who was disciplined for submitting fake expense reports to his firm.
*Scams: No matter how many times we warn people about unsolicited emails from a foreign country, from a legitimate company that checks out, but whose CEO inexplicably uses a gmail account, and having splling mitstakes and not well grmmer, those email scams keep coming.
*Data security: Change passwords often, make them strong, and keep your head (or at least your documents) out of the Clouds.
*Civility: Be nice, even when your adversary calls you a Jerk . . .or when someone maligns the Steve Martin classic.

Ok, who are we kidding; of course it’s about which clip is the best. And while we can’t pick the best Tips of 2013, you, our loyal readers, can. Let us know your top choice.

Lastly, click on the attached for a New Year’s greeting from OGC.

Code 0-0-0, Destruct 0

We’ve touched on this topic before, but it’s worth revisiting.  As a Star Trek fan, I vividly remember the drama, extreme close ups, and even actual passwords that could be used to engage The Enterprise’s self-destruct mechanism. 

I don’t remember asking, at the time, whether it made any logical sense that The Enterprise even had a self-destruct mechanism.  Other spacecraft did, of course.  Further, self-destruct ability often comes in handy.  The thing that really bugged me was that the code was so damn simple. 

Well, if you believe everything you read on the internet, it turns out that our nuclear launch codes were even simpler:  “[D]uring the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.”  As has been pointed out elsewhere, important things should be secured with more vigor than your luggage locks. 

The same goes for the password you use for your computer to safeguards your clients’ secrets:  Make it tough; change it often; and don’t write it down right next to the keyboard!

Hello, Security? Merry Christmas.


Ah, the holidays.  Two sure signs of the season around here.  First, I decorate by placing on my desk two cherished (and damaged) Christmas ornaments that somehow found their way to my office.  Second, a beloved firm administrator sends out her annual seasonal reminder on safety issues to all our staff.  With her permission, The Risk Tip is pleased to republish below.  Seasonally-appropriate, risk-conscious greetings to all!   


Office thieves take advantage of opportunities and, if you remove the opportunity, you greatly reduce the chances of being victimized.  REMEMBER: Your office or work area is not a bank vault; it is only as safe as you make it!

Properly secure PDAs, cell phones, and laptop computers, i.e., if the office has a lock on the door, secure the door.  If the office does  not have a lock, place the laptop and other peripherals in a locked drawer.

Remove from public view and secure unattended purses, wallets and coats which provide attractive invitations to a would-be thief.

Place personal valuables in the office in a locked cabinet or a drawer when you leave the office.

If you have excess cash in your possession, don’t talk about it because someone could overhear your conversation.

Also, do not leave your credit cards unattended.  Always secure credit cards in a locked drawer or another secure location.

STAY ALERT!  Office thieves are most active at opening, closing and lunch hours, when the maximum traffic flow occurs.

BE WARY of suspicious persons.  “May I help you?” will often be sufficient to deter a potential intruder.  Thieves do not want to be confronted or identified.  Following your own instincts is critical:  If there is ever any doubt or you don’t feel right about an outsider in your office, hallway or restroom, immediately call the appropriate party in your office or building security.


Do not carry an excessive number of credit cards — plan ahead.  Carry credit cards and checks separately from cash; keep the numbers of all credit cards in a safe place should they be lost or stolen.  One quick way to accomplish this is to simply make copies of them.

Shop with friends or family if possible — there is SAFETY in numbers.

Carry your most expensive purchase closest to your body when walking.  Carrying too many packages at one time will make you an easy target.

Have packages delivered to your home if possible.

Be aware of persons who are standing or following too closely.  If this occurs, while you are walking, cross the street immediately.  Find a police officer and inform him/her of your suspicions.  When using public transportation let the driver or conductor know of any suspicious behavior.  In a store or office building, contact the manager.  Remember: A  trained professional is better equipped to handle a potentially dangerous situation.

Park your car in a garage or on a well-lit street.  Always check underneath it, then in the back seat and on the floors before opening the door to make sure no one is hiding and waiting for you.

Lock your purchases in the trunk of your car.  Never leave packages on the back seat or in a visible location.  If you are going to continue to shop, move your vehicle to another parking location after you have placed all packages in the trunk.  Thieves wait and watch for opportunities.

Take well-traveled, well-lit routes.  Don’t use short cuts through alleys or walkways between buildings. 

Leave only your ignition/valet key with a parking lot attendant — never leave your trunk or house keys.  Carry an extra set of keys in case your keys are lost or stolen.

Use caution when using ATM banking machines.  Always consider the time of day and location.  Never write your PIN number on your card or carry it with you.  Choose a PIN number that is NOT your birthday or part of your social security number, in case your wallet or purse is lost or stolen.  Never exit with cash in your hand from the ATM and never count your money on the street or in public view.

Be alert in crowded places.  Pickpockets’ favorite places are revolving doors, crowded stores, elevators, public transportation and bus stops at rush hours.  Thieves often work in pairs — one will bump into you while another picks your pocket or purse.

Use caution when using public restrooms.  Never leave your packages, coat briefcase or purse outside the stall.  If you use a hook or shelf in a stall, make certain someone cannot reach over or under and take your belongings.

Guard your purse.  Do not carry your wallet in your back pocket.  Consider using a “tummy pack” — they are effective in deterring pick pocketing.


Use timers to randomly set-off lights to give your home a lived-in look.

Playing a radio talk show station will give the illusion that someone is home.  This is very inexpensive, but an effective safeguard and should be used anytime when no one is at home.

Dirty Rotten Scoundrels

In Dirty Rotten Scoundrels, Michael Caine and Steve Martin play con artists who team up to induce the wealthy and gullible to part with their fortunes.  As this clip demonstrates, their methods, though not overly sophisticated, were often quite effective. 

It’s not so funny, though, when you are victimized by a real dirty rotten scoundrel.  And these days, there is no shortage of scams targeting lawyers.  Unfortunately, there is no shortage of lawyers who fall prey to these scams.

 While most everyone by now is pretty hip to the emails from the benevolent Nigerian prince offering to share his vast inheritance, or Lord Black, the English barrister desperately in need of assistance filing a bail application, some of the scams are less obvious.  One tried and true scam is the email from a foreign CEO who seeks a lawyer to assist with debt collection or a transaction. After a brief communication, the lawyer is informed that the adverse party has sent a settlement check.  The unsuspecting lawyer then deposits the money and wires the proceeds to his “client,” only to later discover that the check was phony.  Of course, his firm’s money that he just wired out is not. 

 How do you spot one of these scams?  Here are some red flags that will tell you whether an unsolicited email is a phony:

 *They come from what purport to be foreign companies (or individuals) seeking an attorney in the United States;
*The names of the companies and individuals are legit — but the emails are sent from a gmail, yahoo or similar domain;
*The emails identify no referral source;
*They grammar be bad;
*They promise lots of money for little work. 

If you receive one of these email, it’s best to just delete it.  Your time is better spent eating apple sauce with a corked fork.

What Do Loose Lips Sink?

Lawyers keep secrets for a living.  That means avoiding disclosure of confidential information in elevators, airplanes, hotels, courthouse hallways, and even in our own offices when visitors are present.  It also means holding your liquor.  It’s basic stuff. 

Protecting a law firm’s electronic data and systems is a more complicated — and more expensive — undertaking.  Did you know that law firms identify and analyze hundreds of thousands of security-related “hack” events each day?  Did you know that more than half of all attacks may be linked to organized crime?  Did you know that intellectual property is valuable?  (Okay, you knew that one.)  As you would expect, a law firm’s information security team has to be constantly vigilant. 

You can help out the security gurus.  Here are two easy things you can do that can make a big difference:

 1.  Don’t click on things you don’t know.  Don’t click on unknown links in strange emails.  Don’t accept “friend” requests from people you don’t know.  Don’t assume that email purportedly from your credit card company, which doesn’t have your work email address, is genuine. 

 2.  Upgrade your passwords.  You may have seen Rupert Murdoch testify as part of the UK hacking scandal, so you changed the default voicemail on your mobile phone, right?  But, have you also changed your password to something more complicated than “Passw0rd12” when your last password was “Passw0rd11”?  The on-line comic strip XKCD has an interesting take on this: