According to tech expert Sharon Nelson’s blog, Heartbleed is a bug in OpenSSL, but it has been there at least two years and is not easily exploitable. It is currently estimated that the bug affects as many as two-thirds of computer servers. These servers are working on fixing the bug, so it’s key not to change your password until after you confirm they’ve applied the fix. To help you with this, there are websites keeping track of patched sites and those that are still exposed. Of the many websites keeping track, check CNET and Mashable. If you don’t already have a password manager, Heartbleed should motivate you to get one. Some good password managers are LastPass, Roboform, and 1Password.
Dubbed the “Heartbleed Bug,” it’s been around for perhaps two years, but was just recently discovered. It has been called “as bad as it is possible for a security flaw to be.” The bug undermines the security of thousands of websites that use the popular security software OpenSSL (signified by the “https” in a URL or that little lock icon). Unfortunately, experts believe it can render your PC, phone, email server and other services vulnerable also. Since the extent of the damage is still being assessed, keep informed by searching “heartbleed” in Google News regularly. You can start by reading What Lawyers Need to Know About the Heartbleed Bug and Mashable website’s how-to article http://mashable.com/2014/04/09/heartbleed-what-to-do/.
It’s finally here – Microsoft has released Office for iPad! You can now download the Microsoft Office app suite, which includes Word, Excel, and PowerPoint for iPad, in Apple’s App Store. While it’s free to download these apps, the free version only allows you to view documents. You must subscribe to Office 365 Home (about $99/year) to edit or create documents. However, the free apps DO allow you to show PowerPoint presentations on the iPad which is great for lawyers who use their iPads in the courtroom! Click here for a detailed review of the new Microsoft Office for iPad.
Law firms continue to be a major target for phishing scams – phony emails that try to trick users into revealing passwords or credit card info by appearing to be from a legit source like Microsoft, Gmail, or your bank. There’s even a Netflix phishing scam going around. While you may feel confident that you could easily spot these types of scams, it’s important to stay alert because phishing scams are becoming more sophisticated. Protect yourself and your firm by downloading software updates and patches, using antivirus tools on computers and mobile devices, and making sure all staff are trained to recognize phishing scams. For more tips on protecting your firm from phishing scams, click here.
LinkedIn is the most popular social media tool among lawyers. As with other social media profiles, it’s important to secure your account with a strong password and consider limiting the amount of profile information visible to the public. Click here for details on changing your privacy settings to limit the amount of personal info in your LinkedIn account that others can view. As for security, even the strongest password is not unhackable. Using two-factor authentication for your LinkedIn account (and other accounts, like Gmail) will give you an extra layer of account security. When you enable this feature, LinkedIn will require a code sent to your phone if you try to log in from an unknown device or computer. Follow these simple instructions for turning on this additional layer of security for LinkedIn. Also, take a look at this list of popular services -like Gmail, Yahoo! Mail, and Facebook - that give you the option of enabling two-factor authentication. The list includes instructions on how to enable two-factor authentication for each service.