News From Planet Depos

Whether you work from home or in an office building, you have invaluable information on your computer, and somewhere, someone nefarious would love to get at that information. At a time when so many work from home, it is vital to keep up with security protocols which protect company and client information. Here are some easy-to-incorporate security precautions to take to ensure your information remains safe in 2023 and beyond:

VPN – You need a Virtual Private Network (VPN) to protect all your information and activity. This is easy to download. Even if you don’t need access to company-shared drives to do your work and don’t connect to the VPN every day, you should at least occasionally connect to it, so updates can be pushed to your computer.

Phishing Scams – They’re still out there and smart people fall into them all the time. Newsflash, these little scams will never go away, because they work. But you can make sure they NEVER work on you. Remember to regard with suspicion any email appealing to your curiosity, fear or greed – “Act NOW, or forever lose out on the chance to win $5,000!” and other such baloney. Delete these emails and don’t give them a second thought. Make a habit of asking yourself four questions before clicking on any links in an email:

1. Do you recognize the name and address of the sender?
2. Is the sender sending from a personal email address when it should be a company email?
3. Is your email address listed in the to line?
4. Does the message appeal to your curiosity, fear or greed?

You can also verify any suspicious link in an email by hovering your cursor over the link to reveal the address (use your finger on a mobile device for the same result). The bottom line is to take a second look, and if it looks suspicious, just don’t click!

Passwords, People! Make yours ironclad, change it regularly, and store it in a safe place. Best practices for superior password creation include these six essentials:

1. Do include 12 or more characters in your password
2. Do follow your organization’s password policies
3. Do include both upper-case and lower-case letters
4. Don’t use a simple single word password
5. Don’t use the same password between different systems and sites
6. Don’t use keyboard sequences (e.g., “qwerty” or “hjkl;”)

The mnemonic phrase password consists of a phrase that’s easy for you to remember. Think along the lines of a favorite movie quote. For example, “You can’t go through life crying all the time. It annoys people in the movies.” (The Odd Couple, if you’re wondering.) You say the phrase out loud while typing just the first letter of each word, capitalizing at least one – Ycgtlcattiapitm. Throw in a number, say 68, for the year the film was released, and a symbol, and you’ve got a solid password – Ycgtlcatti@pitm68.

The passphrase method is a good one, too. Here you type out the whole phrase, for example, “hesagoodfellahesoneofus.” Add your number, a symbol, capitalize something, and bada bing, bada boom, you’re all set with your password – hesaGoodfella!hes1ofus.

Security Patches – These patches, regularly installed on your computer, protect your company and its systems from cyber threats. Security patches are pushed to your computer behind the scenes, but you will need to restart your computer for some of them to take effect. Restart your computer at least once a month to ensure maximum protection with security patches.

Physical Safety – Just like any other valuable, you need to keep your laptop, phone, or any device with confidential information on it safe from prying eyes and deft fingers at all times. When you are traveling, don’t leave these items in your car or hotel room unsecured. Utilize the hotel room’s safe or lock it in your luggage and put the “Do Not Disturb” sign on your door. If you’re in public, don’t leave your laptop unattended, even to grab a napkin. Remember it takes only seconds for someone to snatch your laptop and take off with it.

Security is a top concern in legal matters. Planet Depos’ systems and practices keep clients’ privileged information completely secure from the first contact through password-protected remote depos to delivery of highly confidential files. For more helpful tips, check out the Planet Depos blog. To schedule your next proceeding, contact Planet Depos at scheduling@planetdepos.com, or schedule online.

Security and confidentiality are paramount in legal matters. Even if a case matter has no protective order or confidential designation, you don’t want your clients’ information compromised in any way. It is a non-negotiable that your court reporting agency keeps your information and your clients’ information private. Remote platforms, repositories, sharing software, etc., need to be secure. Your agency should be completely transparent about security measures in place, including encryption, host platforms and the like.

Think about the most confidential files in your intellectual property matter, for example. Where would they be most vulnerable? The court reporting agency’s repository hosts all the transcripts, videos, and exhibits for every deposition and possibly through the trial. Additionally, if you are using their exhibit sharing platform, you must consider how secure that platform is, as sensitive documents containing proprietary information and even source code will be stored in and shared through the program. The dark world of virtual theft has become more and more sophisticated. Ransomware attacks have increased dramatically in the last two years, and law firms have become a target for these nefarious agents. It is more important than ever to scrutinize the security practices of your court reporting agency. All hosting platforms must have ironclad impenetrability.

What security measures should you look for? These are crucial:

• Encryption
• Strong password policies
• Multi-factor authentication
• Protective order compliance

What is encryption? Encryption converts data into a code for the purpose of prohibiting unauthorized access. You want your files protected in this manner when they are being emailed and when they are in virtual storage. Look for 256-bit AES (Advanced Encryption Standard) Encryption, which ensures high security. AES is fast, flexible, and safe. 256-bit AES is considered “military grade” encryption and is adopted by the U.S. government and other intelligence organizations worldwide. It is used in many applications as well, including VPNs (Virtual Private Network, an encrypted connection from a device to a network), enormously important in security. Are files encrypted both in transit and at rest? The answer should be yes. You want all your information fully protected.

How are the password policies? It is possible to create a strong password on your own initiative, but are you forced to create a strong password by their policy? The court reporting firm needs to prioritize security, and this will be reflected in how difficult they make it to unlock your login.

• How many characters are required?
• Do you have to include a number and special character?
• Do you need both upper- and lower-case letters in your password?
• How often do you need to update your password?

A good rule of thumb, password requirements should encompass the following:

• At least eight (8) characters
• At least one upper case letter
• At least one lower case letter
• At least one special character
• At least one numerical value

The more complex your password, the better. You should update your password periodically. Companies serious about protecting information have protocols prompting regular password updates. Planet Depos has written some helpful tips for creating solid passwords.

Multi-factor authentication gives your password extra teeth. Multi-factor authentication is sometimes referred to as two-step verification. In addition to the username and password, you need a second method to prove you are the person authorized to access the account. The initial factor is your username/password combination – something you know. The additional factor is something you have – your smartphone, for example, or an email account. When you correctly input the username and password, you’ll get a text or email with a code for you to enter, and only then can you access the account. Multi-factor authentication makes it more difficult for someone to break into your account, unless they have access to your second method of verification such as your cell phone or email. Multi-factor authentication is often only enabled for the first time you sign into an account from a new device, which you can then register to be recognized by the account in question.

The protective order is top priority. You want the order signed by all applicable parties and returned to you as quickly as possible. The order should be plainly followed, with correct designations used, and all emails appropriately labeled, transcripts redacted as needed, etc. If files need to be destroyed in the future, you should receive a response from the case manager immediately confirming receipt of the instructions, and notification when all files – transcript, video, exhibits, correspondence, and any other materials listed in the order – have been destroyed.

Security is crucial to your clients and must be strict throughout the duration of the case. All case information is valuable to your client, much of it very sensitive as well, so you need to review the systems and procedures that will be safeguarding that information. In this age of so much remote litigation, stronger infrastructure and protocols have evolved to add an extra layer of security.

Planet Depos has been supporting remote litigation with best-in-class court reporting all around the world for over a decade. Whether remote or in person, big or small case, PD reporters have the knowledge, experience, and technology to make it happen, while keeping all records safe and secure. For more tips on court reporting, remote depositions, and more, check out the PD blog. To schedule your next proceeding, contact Planet Depos at scheduling@planetdepos.com or schedule online.

Have you heard of ransomware? It is a term often in the news. Ransomware is a type of malware. For those who have heard of it but don’t know what exactly it is, malware is a type of software that is designed to disrupt, damage, or gain unauthorized access to a computer. Ransomware, in particular, is designed to spread across a network of computers and very quickly disable computers, file servers, databases, and servers within an entire company by encrypting the contents. Then a ransom is requested, typically money, to have the data unencrypted. Once ransomware spreads across a company’s network, it can bring a business to a halt.

The common method by which ransomware gets onto a computer is through phishing emails. Phishing emails are fake emails sent by hackers to trick the recipient into falling for a scam. The most common trick is to try to get the recipient to reveal personal information such as a username/password combination or other sensitive information. The emails contain malicious attachments or links to a malicious website that will install itself automatically if the attachment is opened, or link followed. Phishing emails are written in such a way that, if the recipient does not pay attention, they can fall prey. Though perpetrators are after money, paying the ransom does not always mean the hackers will decrypt your files. Many hackers will steal your data before encrypting it. Ransomware victims usually fall victim again within a year. It is very important to always pay attention to what you click – it may be a trick.

Ransomware is not new but has been recently on the rise. In 2021, 68.5% of businesses around the world fell victim to ransomware, up from 55.1% in 2018, and comprised 23% of all cyber-attacks. In the first half of 2021, victims of ransomware had paid almost $600 million to hackers according to a report released by the Treasury Department.

In the last year, law firms have seen an influx of ransomware attacks. This can be attributed to several factors, including the fact that law firms may lack adequate cybersecurity preparedness as they believe they will not be targeted by hackers. Law firms are required to keep their clients’ data confidential. Firms that may have weak security policies and networks could face legal liabilities if their clients’ data is stolen and eventually exposed. Firms can also suffer reputationally and financially if their systems are breached and more so if the data is exposed.

There are several steps firms should consider to prevent such attacks.

• Enable Multi-Factor Authentication (MFA):

Multi-Factor Authentication (MFA) is a log-in that requires the individual to provide two or more verifications to gain access. It combines what the user knows, such as a password; what they have in their possession, such as a security token (keyfob, mobile application, email or text with a verification code); and who the user is (biometric verification). If one’s password is compromised, the hackers are unable to gain access without knowing the second method, which typically is in possession of the individual.

• Back up your data:

Having your data backed up is one of the best measures you can take, but backed up data can be corrupted and encrypted by ransomware as well. Some best practices include:

1. Back up with multiple versions. Back up to a solution that stores different versions so you can revert to a version that was saved from a week ago, for example.
2. Back up often. Don’t only back up once a month.
3. When backing up, follow the 3-2-1 backup rule – have 3 separate copies of your data that is stored on 2 different forms of media, with 1 copy that is stored off-site.
4. Don’t rely on cloud syncing services such as Dropbox, OneDrive, Box, etc. as your only source for backup. Because these synchronize your files right away, should your computer be encrypted with ransomware, the files in these cloud services will be encrypted as well.

• Keep software and operating systems up to date

Keeping software and operating systems up to date is important. Hackers love exploiting security flaws not only in operating systems but software as well. They write code to take advantage of these flaws and infect your computer with malware which can encrypt or steal your files, including passwords. Installing updates can fix these security flaws and help prevent unauthorized access. Installing updates not only can fix security flaws but introduce new features.

• Implement employee training on best practices

Employees at your firm are the target of these attacks. Hackers will use phishing emails as the primary method to target employees. The goal is to have them divulge personal information such as log-in information or trick them into clicking on links or opening attachments that contain malware. The malware takes advantage of unpatched security flaws in software and operating systems. Training your employees to watch out for these types of emails, to never click on strange links or open suspicious attachments, what to look for and best practices can help mitigate exposure. It is also highly recommended to conduct this training annually.

• Have a robust Information Technology (IT) infrastructure

Hackers target firms both through human attacks (phishing emails, spear phishing calls) as well as technological. Human defenses through proper training and awareness are as important as technological. Proper technological defenses include properly setup email security and protection software, firewalls, network intrusion protection devices, multi-factor authentication, and endpoint (computer) antimalware protection software.

Having a robust infrastructure in place is not enough. Firms should test backup integrity and restoration processes often and have one isolated backup so it cannot be encrypted or destroyed.

• Have a plan if you fall prey to ransomware

1. Isolate and identify the attack:

If you believe you have fallen prey to a ransomware attack, attempt to isolate the infected computing devices by disconnecting them from the network. This includes any devices such as hard drives that are connected either via a cable or a network share. This can help prevent the spread and keep other devices on your network safe.

2. Assess the attack:

Assess the damage done by the attack. This includes gathering information such as where the attack originated from, what time it started, how many devices it may have infected and how many files have been encrypted. Are any of the affected files backed up? Is the backup set infected? Has a ransom been made, and how much is it? Are you willing to pay? And be prepared to have a plan should the hackers not decrypt the files.

3. Report the attack:

Often, reporting ransomware attacks is required by law. You should check with your local and state laws. It should also be reported to the FBI’s Internet Crime Complaint Center (IC3).

4. Data recovery:

If you don’t have a safe backup, you can reach out to local law enforcement or forensic experts to see if they can find decryptors which may be able to remove the encryption on your files. There is no guarantee this would work.

If you do have a safe copy of your data, you can start the recovery process. You should first completely format and reinstall the operating system and software on the affected computing device(s) before copying your data back and putting it on your network.

5. Look at preventing another attack:

There are several things you can do to help mitigate another attack. Hackers will return if they were successful in the past. The first thing to do in thwarting another attack is to ensure your employees are properly trained using security awareness training and having annual training sessions. Next, ensure that your IT infrastructure is properly set up and that you back up your data. You can partner with cybersecurity providers for them to check your setup to ensure it is well protected.

Your computing network is as strong as your weakest link. Proper setup and training can help. The best solution for any organization is to prevent ransomware attacks in the first place.

Planet Depos has been working with law firms on highly confidential matters for over a decade. For more tips, check out the PD Blog. To schedule, contact Planet Depo at scheduling@planetdepos.com or schedule online.

Since so many of us began working from home in the spring of 2020, we have been hearing how important security is. Information on VPNs, encryption, and other measures to protect data have been rolling out regularly for many months. Filters and firewalls are great, but what can you do to enhance your own personal security? Let’s start the year with some simple measures you can take to keep your information protected.

Avoid unlucky links. How often do we click on a link without a second thought? How many phishing schemes rely on this aspect of our nature? Make it a habit to double-check any link before just blithely clicking on it. You do this by simply hovering your cursor over the link to reveal the address. If on a mobile device, you can touch your finger over the URL for the same result. Take a moment to double-check the domain for suspicious information/wording. This takes just seconds and can save you a lot of time and trouble. If it looks suspicious, do not click the link.

Outsmart phishing emails. I imagine we have all received the email from John Doe stuck in Europe or some place, desperately needing our assistance, i.e., a large sum of money. This is easy to recognize for what it is. But an email that appeals to us or intrigues us may find us more gullible. Keep in mind these phishing emails typically play on our curiosity, fear, or greed. For example, an email promising you could win $5,000 in prizes if you follow this link could make you excited, but it should make you suspicious instead. Likewise, an email threatening the loss of money or access to services should set off alarm bells in your head.

There are basic tip-offs to an email you should delete. Here are four quick questions to ask yourself.

1. Do you recognize the name and address of the sender?
2. Is the sender sending from a personal email address when it should be a company email?
3. Is your email address listed in the to line?
4. Does the message appeal to your curiosity, fear, or greed?

If you’re still unsure, you can always verify the legitimacy of any link in the email as mentioned above. You can also navigate to the actual site mentioned in the email by typing the name into your web browser to see if the email truly came from that site. When in doubt, do not click any links.

Bulk up your router. If you’re working from home, make sure to take proper measures to strengthen the security of your home router. Change the default password. Use a strong Wi-Fi password (more on passwords below). Regularly install updates on your router. Enable WPA2 encryption, the strongest encryption for the home.

Beef up your passwords. This should be obvious. I personally dread creating passwords and updating them because I am terrible at remembering them and constantly find myself hunting down my brilliant, impossible-to-crack passwords.  But a strong password is essential for good security. Here are some do’s and don’ts for strong password creation.

Do:

1. Include 12 or more characters in your password
2. Follow your organization’s password policies
3. Include both upper-case and lower-case letters

Don’t:

1. Use a simple single word password
2. Use the same password between different systems and sites
3. Use keyboard sequences (e.g., “qwerty” or “hjkl;”)

If creating strong passwords is a headache for you, consider one of two methods. The mnemonic phrase password consists of an easy-for-you-to-remember phrase. Say the phrase out loud, while typing the first letter of each word. For example, the previous sentence becomes “stpolwttfloew.” The passphrase method consists of an easy-for-you-to-remember phrase, typed out, for example “I’m a lumberjack and I’m ok” or if you can’t include spaces or punctuation, “ImalumberjackandImok.” Keep in mind with either method, you may need to add numbers or special characters.

You may also consider the use of a password management app. Password managers use a single strong password to store multiple passwords for your various systems and sites. The manager can generate the passwords for you if you like. When you need one of your passwords, you enter your password into the app, which will then enter the applicable password for you, or copy to your clipboard, or display it for you to enter the info into the system.

Protecting systems and sensitive company information is crucial, particularly when highly confidential documents, source code, and protective orders are part of your daily workflow. Planet Depos has been covering such sensitive matters for over a decade, keeping confidential information secure. For more security tips, remote deposition tips or to schedule, reach out to us at 888.433.3767 or scheduling@planetdepos.com.

A lot of people are now using Zoom for the first time for their remote deposition. At Planet Depos, Zoom has been the platform of choice for mobile videoconference (MVC) for years. Understandably, law firms unfamiliar with the software have valid questions about the security features available. We at Planet Depos are fully confident in Zoom’s security, and we want to address your questions and concerns. Read on to see why Planet Depos prefers Zoom and why you can be assured of the efficacy of Zoom’s security measures.

Why does Planet Depos prefer Zoom?

Planet Depos selected Zoom deliberately, and for a few reasons. Our technicians found Zoom to provide superior quality audio and video, which is essential for any mobile videoconference. This means fewer interruptions to the deposition, a cleaner final transcript from the reporter, and a better experience overall. Zoom has recording capabilities to capture video of the deposition.

Additionally, Zoom has an easy-to-use interface (as millions of new users can attest!), which again improves the overall experience for everyone attending the remote deposition. Zoom has also proven to be reliable and the platform which performs best in MVC.

Security is as important as the features you mention. How secure is Zoom?

The enterprise version of Zoom is as secure as videoconferencing software gets. Planet Depos has the enterprise license to Zoom. The enterprise version includes enhanced security features, a sampling of which includes:

• Each meeting is encrypted with AES 256-bit algorithms
• Each meeting has a unique password and meeting ID
• Each meeting has its own unique link created to invite attendees to the meeting

Planet Depos enables all the security measures available in the enterprise version of Zoom. Additionally, like many other apps/software, Zoom is updated routinely (version 5.0 is rolling out now with a focus on security). Planet Depos vigilantly downloads the latest version with each update.

It is worth mentioning that many of the security issues reported recently about Zoom are often user error – such things as reusing meeting links, publicly posting meetings, not using passwords, and not enabling waiting rooms. With a PD Technician handling your Zoom meeting, none of these issues will arise as our technicians are trained on all aspects of Zoom security and best practices.

Is Zoom HIPAA compliant?

Yes, Zoom is HIPAA compliant when compliance is activated on your account. Zoom doesn’t access protected health information (PHI) even in supporting healthcare customers’ accounts. Mandatory settings are applied to such accounts to effectively eliminate their ability to send PHI to Zoom. Further, ALL audio, video and screen sharing data is protected and encrypted by Zoom. For detailed point-by-point information on their HIPAA compliance, check out Zoom’s guide on their HIPAA compliant accounts. Highlights include:

• All meeting data is protected with a 256-bit Advanced Encryption Standard
• All meetings are password protected
• Meetings are not listed publicly
• Meeting host can lock meetings

Meeting host can disconnect attendees and easily terminate sessions in progress

What other measures are taken to increase security of the PD MVC?

Planet Depos is working diligently to enhance security to our clients by providing not only the above protection features included with enterprise Zoom, but also offering a remote tech to host each meeting. The services of the tech offer an additional layer of security, including:

• Controlling who has access to the meeting
• Monitoring who is participating in each meeting
• Creating and monitoring private breakout rooms
• Presenting exhibits on our clients’ behalf

The Planet Depos dedicated technician, as a neutral party, ensures only approved participants attend the PD MVC. The tech can create virtual breakout rooms and assign parties to them, with the tech retaining direct control over who has access to any room. The Planet Depos technician is, of course, the consummate professional, providing the white glove service Planet Depos clients know to expect. Their expertise makes for a smooth MVC from a technical standpoint and a pleasant experience with a competent, professional, and friendly host at the helm.

Additionally, Planet Depos does not record to the Zoom cloud repository. All video recordings are stored locally, then uploaded to our secure repository and encrypted. There have been reports of hackers stealing videos from Zoom’s cloud repository. Those videos were named automatically with Zoom’s filing system, which allowed for hackers to predict the names of the files, making them easier to steal. The PD MVC avoids this issue entirely by simply not recording to Zoom’s cloud.

What if I still just don’t want to use Zoom?

If you are not comfortable using Zoom, Planet Depos will set up the mobile videoconference with the software of your choice. This is your deposition! We recommend Zoom for all the reasons outlined here, but we are happy to work with the platform you choose for your remote deposition.

Remote depositions are nothing new here at Planet Depos. With years of experience covering remote depositions all over the world, we are pleased to share this expertise with clients and help keep your caseload on track. To find out more about Zoom, remote depositions, or to schedule, visit our page on remote depositions.

For a court reporter, keeping your computer bug-free and in good health is almost as important as keeping your body healthy, so here are some things you can do to keep your computer in tip-top shape.

• Perform regular backups of your files, keeping a full and complete set of everything in the Cloud.
• Download reliable anti-malware/anti-spyware programs consistent with your operating system.
• Perform regular anti-virus/anti-spyware scans.
• Keep your security patches/updates current.
• Never click on anything your gut tells you doesn’t feel right.
• Never open an e-mail from a sender you don’t recognize.
• Never download an e-mail attachment for which you don’t know the content or purpose.
• Virus scan all executable files before running them (.BAT, .EXE , .PIF , .COM and .VBS).
• Never install any cute mouse cursor programs.
• Avoid free screensavers, wallpapers, images and music files.
• Do not click on pop-up alerts.
• Use a safe web browser.
• Keep your browser’s security up-to-date.
• Secure your browser by elevating the security level from “low” to “medium” or “high.”
• Limit pop-up windows and cookies.
• Never send personal information over the web in any manner, including via text message.
• Never fill in fields in a site that isn’t encrypted and secure.
• Change your passwords often.

In summary, if it doesn’t feel right, sound right, or look right, it probably isn’t right, so avoid it like the plague. And if you think your computer has been hit with a virus, worm, or Trojan, the U.S. Computer Readiness Team’s site may be helpful in returning your system to full and complete health.