, , , , , , , , , , , , , , , , , , , , , ,

Dorothy Secol, CLA

By: Dorothy Secol, CLA (Guest Blogger)

If you’ve ever had a personal e-mail account hacked or an account compromised, we’re sure you can appreciate this post. If you haven’t – lucky you – and we bet you know someone who has fallen victim to a cyber-hacker. (Count the TPS Founder in on this one – she did a short, imaginary stint in Spain, compliments of a cyber-hacker! What a pain.) Heed Dorothy’s advice on how to protect your passwords and don’t let it happen to you!

In today’s electronic world, a username/ID and password combination is the most common means of identification and authentication of users who are authorized to access e-mail systems, subscriptions, services and accounts and other access points or resources in almost every law office.

Most firms leave it up to their staff members to implement their own best password policies and practices. Most users have passwords that are easy to remember; they use them for every account, or worse, jot them down on post-its and place them around their workstations.

Password-cracking software has greatly improved as technology has improved. By automatically trying all possible combinations of keyboard characters, “crackers” can now locate passwords in hours where it used to take weeks. With online access today to almost every business and personal resource imaginable, it is easy to accumulate hundreds of subscriptions and accounts, each requiring authentication and identification, typically through the use of a combination user IDs and passwords. Keeping track of the various log-ins required to gain access to these accounts can be a nightmare.

What to do? There are several guidelines for creating strong passwords based on The U.S. Department of Defense Password Management Guideline, (http://www.itl.nist.gov/fipspubs/app-e.htm):

1. Use a unique password for every account. It is tempting to use the same password for all accounts, however, it is not a good practice because it creates a single point of failure that puts all your accounts at risk.

2. Don’t write down your passwords. Passwords are typically eight characters in length, the longer the better, up to sixteen characters.

3. Passwords should be replaced periodically, typically every 90 – 180 days.

4. Passwords should contain a mix of characters from all four dimensions, uppercase, lowercase, numbers and special characters.

While you may be scratching your head and saying “how am I going to do this?,” You will be happy to know there is password management software out there to make life easier for you. One of the best is RoboForm which you can download free for personal use or as a trial version for business and government use and purchase for less than $50.00 (www.roboform.com). RoboForm is an add-on toolbar for Windows that works for Internet Explorer and many other popular web browsers, including Mozilla Firefox and Netscape. RoboForm is protected by a master password that automatically memorizes passwords, logs into Web sites and fills in Web Forms. It also generates random passwords based on custom criteria that you can configure.

You will never again have to memorize passwords or log-ins. Additional features include password encryption, protection against keyloggers (hardware or software programs that log the keystrokes entered on a PC) and phishing (attempts by intruders to fraudulently acquire user names, passwords and credit card details).

There is a free portable version, RoboForm2Go which runs from a USB flash drive, solving the problem of using PCs at other workstations or on public PCs.

Other notable password management programs include:

1. Password Dragon (www.pasworddragon.com)

2. Password Manager (www.largesoftware.com)

3. MyPasswordManager (www.mypasswordmenager.com)

4. Billeo Toolbar (www.billeo.com)

If you have concern for your internet security, check with your firm’s IT administrator to find out if you can install a trial version of one of the above programs.

Dorothy Secol, CLA has worked in the legal profession for over 35 years and has been a freelance paralegal since 1982.  She maintains an office in Allenhurst, New Jersey, doing business as Dorothy Secol, CLA.    Dorothy is a graduate of Monmouth University, West Long Branch, New Jersey.

Ms. Secol is a member of the National Association of Legal Assistants (NALA) and received her CLA status in 1978.  In addition, she is a former trustee of the Central Jersey Paralegal Association and a former Vice-President and trustee of Legal Assistants Association of New Jersey. She is also an associate member of the New Jersey State Bar Association and a former Co-Chair of that Committee.  She is also a member of the Real Property and Probate Section and the Foreclosure Committee.  Ms. Secol serves on the Paralegal Advisory Boards of Brookdale Community College and Ocean County College and is a mediator for the Ocean Township, Allenhurst and Deal Municipal Courts appointed by the New Jersey Superior Court.

Ms. Secol is the author of Starting and Managing Your Own Business: A Freelancing Guide for Paralegals, published by Aspen Publishing Co.  and has written articles for the ANew Jersey Law Journal,@ and ANew Jersey Lawyer.@  In addition, Ms. Secol was a petitioner in the case of In re Opinion 24 of the Committee on the Unauthorized Practice of Law, 128 N.J. 114 (1992).  The case validated the fact that Athere is no distinguishable difference between an in-house and freelance paralegal working under the direct supervision of an attorney.

Ms. Secol has presented seminars on real estate procedure, probate procedure and law office management as well as how to set up a business as a freelance paralegal. For contact information, see www.dorothysecolcla.com.

 A special thanks to Dorothy for sharing these tips with us.

We’ll see you on “Fun” Friday! It’s time to get those fabulous high heels laid out – I can see the weekend from here…