YOUR ROLE IN YOUR CLIENTS' CYBERSECURITY
When attorneys' clients turn to them for help with cybersecurity, it's important they understand the best practices to reduce risk
By Bahar Ferguson
Recent surveys published by the Association of Corporate Counsel consistently show that one of the top concerns for general counsel at private companies is cybersecurity. This concern is certainly well placed, given the steady stream of alarming incidents involving the security of sensitive data. As a result, companies, big and small, are looking to their attorneys for help in establishing policies and practices that keep their information systems safe and their data secure.
But what does that specifically mean? What should lawyers be telling their clients?
As Benjamin Franklin once wisely advised, “An ounce of prevention is worth a pound of cure.” More and more, businesses look to their counsel to help devise plans for prevention.
As lawyers represent clients who run a multitude of busines enterprises, from large corporations to the smallest startup in a variety of industries, they should advise cybersecurity practices that will serve all businesses.
Documenting Cybersecurity Policies
A written policy acts as a formal guide that outlines the cybersecurity practices that a specific business follows. It is the best way for business owners and their employees to be on the same page where security matters are concerned.
Although this document will be a beneficial guide for an entire company, it should also outline departmental security policies as different departments carry out different tasks.
Lawyers should encourage their clients to draft this document to use as a starting point for their cybersecurity practices.
As businesses seek to avoid risk, lawyers should not shy away from identifying and assessing different levels of risks for their clients. A “look before you leap” approach will always save money and resources while protecting important business information.
Here are some best cybersecurity practices that can serve as a starting point for a client concerned about risk:
1. Multi-Factor Authentication. This is the use of two or more components to verify the identity of a user. In a traditional sense, multi-factor authentication has been categorized into these three things:
• A fingerprint or other form of biometric data.
• A password.
• A mobile phone or token.
When lawyers are advising their clients on cybersecurity practices, they should point out that multi-factor authentication matters because it confirms that the individual who is attempting the authentication is the one in question. This is because, even if a password has been compromised, the chances of compromising a fingerprint or biometric data are low. As this authentication mitigates the risk of a password by requiring multiple authentication, it enhances security.
Clients should know that this is one of the best ways to prevent unauthorized access. But for this cybersecurity practice to be effective, it should be used in the right way. Multi-factor authentication should be used across all ends: server logins, on-premise applications, cloud storage and private network logins.
When clients cover all bases, they will be protected against data breaches and unauthorized access. Lawyers should help their clients understand that security vulnerabilities are always changing. As such, they should review their multi-factor authentication from time to time.
2. Password Managers. Every business owner is looking for a solution that will be manageable and provide the best protection.
Enter password managers.
Strong passwords should always be the first line of defense for your clients. While adopting this method of protection is easy, remembering complicated keystroke combinations is something that most people do not do so well. When sensing this level of difficulty, team members may become lax on the passwords. The result? Security breaches.
To avoid this, lawyers should make the benefits of password managers known. For instance, Dashlane and Keeper are well-known and trusted password management apps. They are as secure as they are easy to use. They offer advanced encryption and come with an array of password change features.
The biggest advantage that comes with password managers is the fact that users can adopt the most complex passwords or different passwords for every access point without having to memorize them.
Clients who are looking to tighten their cybersecurity measures will appreciate the fast access and the ultimate protection password management affords.
3. Mobile Device Management. Due to the rise in smart technology, a majority of companies are adopting the use of smart devices for the completion of work-related tasks. Because these devices have seeped into the everyday work routine, they bring convenience in handling clients as well as their documents.
Therefore, lawyers should focus on the protection of mobile devices as a significant part of cybersecurity. Remember, if mobile phones are unprotected, they are exposed to threats like ransomware and hacking.
Mobile device management is a cybersecurity method that manages mobile devices from a remote location. While this is not a new invention (it emerged in the early 2000s), it has evolved to be compatible with the latest technology. Needless to say, it is a dependable method of protection for businesses devices.
The good news is that mobile device management works on a wide variety of devices and acts as a gateway for companies to implement their policies. It blocks external games and applications that may invade mobile device privacy. If a device is lost or stolen, mobile device management allows reactive actions to take place. It triggers a warning and disables the device. This ensures that data is not lost or hacked.
4. Company Policies and Restrictions. It is not uncommon for employees to carry their smartphones and tablets with them to work. But how do these devices impact security practices?
The answer to this question is simple. When employees carry their devices, they will want to connect to the company’s Wi-Fi network. What no one thinks about is the security threat this poses. Therefore, creating workplace security policies will help eradicate these threats.
For instance, employers can implement a BYOD (bring your own device) policy which provides security rules for employee-owned devices. Granted, it may be difficult for employers to protect their data while protecting employee rights. But by creating specific policies, employers can protect both company and employee interests.
Employers should detail the use of employee devices so they can understand their responsibilities. It is also impossible for employers to control what devices their employees purchase, but they can detail the list of acceptable device models, operating systems and versions that are secure.
Additionally, they can implement the use of passwords and authentication locks so that their data can remain secure.
5. Monitoring Third-Party Access to Data. It is not uncommon for businesses to work with remote or third-party contractors. While this may be a short list of people who work for short periods of time, they still get access to company data. This in itself poses a security risk and paves the way for malware and hackers to access your system.
One of the best ways to offer protection in this case is by third-party monitoring. Companies should limit the scope of access to sensitive data. This should be accompanied by one-time passwords so that malicious activities can be detected. The logic behind this is that these passwords are only provided to the remote workers to use for each login. Whoever tries to craft their own new password or multiple passwords poses a threat.
6. Partnering with a Technology Expert. Technology experts exist so that they help organizations take charge of their technical systems. They are not only helpful when setting up company hardware and software, but they can go the extra mile to ensure that the right security measures are put in place for any organization.
Remember, there are different types of technology experts including single-service experts, who only guide businesses toward a solid IT plan, and general IT contractors, who can handle any technology issue.
However, to get the best experience, lawyers should advise their clients to get guidance from technology experts who offer comprehensive services. These experts have a heightened ability to advise on a wide scope of cybersecurity capabilities, leading each company to the kind that is best suited for them.
Both large corporations and small businesses can experience a security breach. A technology expert will conduct an assessment of a business network to identify vulnerabilities and establish the right security protocols.
They also train employees to identify threats and viruses as well as dangerous malware.
The Bottom Line
When business owners have the right knowledge, then they can strengthen the breach vulnerabilities that their companies are facing. Needless to say, a simple corrupt link can allow for hacking of important files. Therefore, lawyers should be vocal when it comes to advising clients on cybersecurity matters. It is part of their job to advise their clients on the best way to conduct business and why having the right security measures in place matters.
Keeping abreast of current cybersecurity practices can be the difference between a secure business and one that might be targeted by hackers.
Bahar Ferguson is an attorney and president of Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.
Understanding the Utah law that would protect homes & assets from creditors in litigation
By Randy Hahn
Utahns love their homes and families and invest a large percentage of their assets to purchasing, updating and maintaining their homes — the center of family life. And many plan to pass along their home, savings and other assets to their children. But few Utahns are taking advantage of a Utah law that would protect their homes and assets from being taken away by creditors or litigation, leaving nothing but minimal necessities for the homeowners, dependents and heirs.
Conscientious high-net-worth people have a financial and estate plan in place, which generally includes a living trust, a will, power of attorney and a healthcare directive, in order to carry out the individual’s wishes during their life and after they have passed on. But many Utahns are missing one of the most important financial tools available to protect their assets.
Historically, under common law, individuals could not create a trust for their own benefit while also precluding their personal creditors from collecting personal liabilities from trust assets. Starting in the late 1990s, Delaware, South Dakota and Nevada legislatures changed this rule by allowing the creation of a Domestic Asset Protection Trust (DAPT). Utah followed suit in 2003, with an Asset Protection Trust statute, one of the most comprehensive personal and business asset protection laws available to people who are accumulating wealth and to business owners in Utah.
Utah’s DAPT is a “self-settled trust,” which allows the person establishing the trust (a grantor or settlor) to fund the trust with their personal assets and also permits the grantor to benefit from the trust. A well-structured DAPT will protect those trust assets from future claims from the grantor’s creditors. The premise of the law is not to absolve a person from their financial obligations, but rather protect them in this lawsuit-happy world, from losing their home and assets to maintain the lifestyle they created for themself.
Why is a DAPT important to your personal planning? Utahns are diligent in managing their health and medical affairs with health care directives, so, why wouldn’t that person also want to add a DAPT to their estate plan in order to protect their personal and business assets, particularly if they are a doctor, lawyer, accountant, business owner or other professional at risk of lawsuits?
Up until 2003, Utah residents had to use out-of-state DAPTs to take advantage of creditor protection. Now Utahns can work with local professionals to get those same protections. Utah attorneys have written about the advantages of a DAPT but unfortunately there has not yet been wide adoption of this protection in Utah.
The year 2020 reminded Utahns that life can turn upside-down for people in an instant, and more than ever, it’s essential for everyone to get their financial and medical affairs in order. Here’s how to get started with a Utah DAPT:
1. Contact an attorney or a Utah-based bank trust expert for help to set up a Utah Asset Protection Trust. They will explain the intricacies of the law and the bank trustee can serve as the impartial trust administrator.
2. Sign an affidavit of solvency, which notifies any current creditors that the trust grantor has adequate non-trust assets to pay outstanding debts or potential creditor claims. Once a person has funded his or her trust, generally, protection against past creditors goes into effect in two years and is in effect immediately for future creditors.
3. Give notice to creditors of the trust. Giving notice expedites protection from past creditors after 120 days. Note that a Utah DAPT does not provide protection from child or spousal support.
4. Fund the trust. Utah’s DAPT can include real estate, both residences and rentals; one’s small business, financial accounts; such as bank or investment accounts; and personal property such as vehicles, tangible items and other personal assets. IRAs cannot be included, but they are already protected up to $1 million under federal law.
5. A DAPT is an irrevocable trust, but the assets or income may be distributed to benefit the grantor during the grantor’s life, even if incapacitated, and the grantor may retain the power to appoint the beneficiaries of the trust upon the grantor’s death.
Make sure the trustee is local. This is critically important, as often a Utahn’s biggest asset is his or her home, and to protect property located in Utah, including real estate or a small business, Utah law requires the trustee to be a Utah resident or trust business.
Randy Hahn is a personal trust manager at Bank of Utah and manages the bank’s personal trust department at its City Creek Banking Center in Salt Lake City. He is also a licensed attorney and is a Certified Trust and Financial Advisor (CTFA).
Documentation: Key to preventing and winning construction claims
By Kent Scott
Both practically and legally, a picture is worth a thousand words. Actually, a picture may be worth thousands of dollars. In both the construction and legal industries, attempting to resolve issues based on oral conversations can be a recipe for further conflict. This is because it is inherently difficult to determine the truth in a “he said, she said” situation. A judge, jury or owner will need to determine who seems most trustworthy. Therefore, in preventing and prevailing on construction claims, it is essential that contractors create and retain the proper documentation.
One of the most important aspects of documentation is that it is kept on a consistent and contemporaneous basis. To properly utilize construction documentation, it must be kept as a general business practice at the time an event occurs.
One of the most important construction documents is the daily log. Many foremen and superintendents dread the daily log because it is seen as a waste of time at the end of a long day. While a poorly kept daily log may be a waste of time, a properly kept daily log can be the key to avoiding liability. To do it right, a company should document the who, what, when, where and why of the day. For example, who was performing what work and for how long, who was visiting the job site and for what purpose, what obstacles or defective work arose and where did it happen, what were the weather conditions. and what conversations were had and with whom.
By recording these items, the contractor is preserving a reliable source of information.
A dispute over payment is common in construction litigation. One of the best ways to resolve or prevent such disputes is to properly record and keep invoices and pay applications. Proper record-keeping maintains the trust relationship. Although it is tempting to hide cost overruns in different items within a schedule of values, such practices can and do result in a loss of the owner’s trust and can push a project into litigation. During the course of litigation, the truth will come out at the expense of the contractor. Avoid such issues by properly documenting costs and keeping those documents in an organized manner.
To resolve a dispute over delays, contractors need to be keeping and updating proper schedules. While the term “critical path method” (CPM) scheduling is common within the construction industry, many times the schedule is just a simple one-page chart without the crucial relationships between tasks. Such schedules fail to provide the information needed to move a job forward and to prove actual delays. Even if a contractor starts out with a true CPM schedule, failure to preserve the baseline schedule and periodic updates as separate files negates any benefit there would have been. If the same file is used and updated, there is no historical data to show which trade caused what delays.
Photographs and video records provide excellent evidence. No matter the type of claim, photographs and videos provide concrete proof of the status of the job at the time the photograph or video was taken. In a recent case, an owner claimed that the contractor damaged a road during the course of the construction project. Prior to beginning construction, the contractor recorded the status of the road. The contractor was then able to make a similar video at the completion of construction to affirmatively show the lack of damage.
Like most of the types of documentation discussed, recording correspondence can be a double-edged sword. While recording important conversations can be a great benefit in proving or defending against a claim, a profanity-laced email or an admission of fault can completely undermine your position. Many clients have said, “we agreed to an oral change order” or “we had an agreement,” but without a record to support those conversations, it is very difficult to prove.
When it comes to change orders, the Supreme Court of Utah has required strict conformance to contractual written notice requirements. See Meadow Valley Contractors, Inc. v. UDOT, 2011 UT 35. A good practice is to follow up conversations with an email summarizing the conversation. This gives you the ability to frame the conversation how you would like and the recipient still has the ability to correct it if necessary.
Lastly, a contractor should not over-document a job. If a contractor consistently sends vague default notices to multiple subcontractors in an attempt to cover themselves for any and all minor issues, such notices hold little weight and impacts the credibility of the party who is guilty of over-documentation. So, while it is important to keep and record the documents discussed above, a contractor should be cautious when making broad assertions of damages or default without specifics and should limit such notices to when an actual default is affecting the project.
So, as you slide down the banister of your construction project, may all the splinters go your way.
Kent Scott is an attorney at Babcock Scott & Babcock in Salt Lake City and has been involved in the prevention and resolution of construction law claims for the past forty years.
DIVORCE: Employee support programs should contain an educational element for workers facing family changes
By Diana Telfer
Before becoming a family law attorney, I worked in the business sector for 15 years. Most of my colleagues believed they successfully separated their personal and professional lives. However, studies have shown that the status of an employee’s marriage or personal relationship significantly impacts their employer.
A Minneapolis-based study by Life Innovations Inc. found that employees who are stressed in their relationships have higher absenteeism rates, which hurts a company’s overall productivity. This study also found that employees who have gone through divorce lose more than 168 hours of work time annually. A different study estimated that American businesses lost $6 billion as a result of decreased productivity from relationship and marriage difficulties. Another study found that divorce costs the nation approximately $33.3 billion annually.
The impact of divorce on business cannot be ignored. Employees struggling with their relationships need support. John F. Kennedy once said, “In a time of turbulence and change, it is more true than ever that knowledge is power.” Educating employees on their options when facing divorce is a key component of any employer support program.
A 2006 survey conducted by the Utah state courts found that 47 percent of divorce filings in Utah involve two unrepresented parties. Many couples either cannot afford an attorney or are afraid that hiring an attorney will create more conflict. The Utah court system offers an online service that allows individuals to fill out forms that, once completed, will provide all the documents needed to finalize their divorce.
PROS: This process is inexpensive and relatively easy to complete. If the issues in the divorce are not complex or the marital estate is relatively small, this may be a viable option.
CONS: The forms are often incomplete. Too often parties include language that conflicts with the boilerplate language in the court forms. This makes the final documents confusing and difficult to enforce. Correcting such errors is more expensive than if an attorney had been retained to draft the original divorce documents.
A mediator is a specially trained individual who helps parties find a common ground and facilitates reaching a settlement. Mediators cannot represent either party or give legal advice. If a couple is not able to reach an agreement on their own, a judge will require the couple to attempt at least one round of mediation before scheduling trial. It is important to find a mediator that is adequately trained and experienced but also fits the needs of the situation. For instance, for couples wanting to maintain control over their resolution and find creative solutions, they will want a mediator who is trained in facilitative, transformative or insight mediation.
PROS: The majority of contested divorces or paternity actions resolve in mediation. If an individual is represented by an attorney, the attorney also attends mediation. Attorney-mediators or retired judges turned mediators will have the knowledge of the law and requisite training that is needed to successfully reach a resolution. Retired judges often use a more directive approach, meaning they will more readily offer their opinions, including whether a particular position will succeed or fail in court.
CONS: Unfortunately, the mediation profession is not regulated, meaning there is no association overseeing practicing mediators. Any person can claim to be a mediator even if they have no training. Non-lawyer mediators are not allowed under Utah law to draft divorce documents.
Collaborative divorce is a relatively new approach for couples to resolve their disputes respectfully — without going to court — while also working with trained professionals. The collaborative process involves a complete paradigm shift from the traditional approach to divorce or separation. Rather than focusing on what each party’s rights and obligations are under the law, settlement is negotiated based on the interests and needs of not only the couple but also their children. The essence of collaborative divorce is to offer spouses or partners the support, protection and guidance of their own attorneys, who are committed to staying out of court. Additionally, collaborative divorce allows couples the benefit of utilizing professionals, including financial specialists, divorce coaches, child specialists and other professionals, who all work together as a team in helping the couple reach their best potential outcome. Couples and their team of professionals are committed to maintaining open communication, information-sharing, complete transparency and exploring solutions that satisfy the needs and priorities of the family.
PROS: The most significant benefit of the collaborative divorce process is that the couple maintains total control throughout the process and makes the final decisions with the assistance of specially trained attorneys and other professionals, who are working as a team toward a mutually created settlement. Costs are manageable and usually less expensive than litigation because the team model is set up for the financially efficient use of experts. The timetable for finalizing the divorce is solely up to the couple.
CONS: If the couple is not able to reach an agreement, the attorneys are required to withdraw and each spouse or partner is required to retain new counsel.
Traditional litigation is the model that is most represented in the movies. When parties are unable to reach agreements on their own then a judge is required to make the final decision. In litigation, the court controls the process, which is based on an adversarial system. There are significant delays in getting hearings and a trial scheduled. If the marital estate is complicated, then separate experts will have to be hired to support the litigant’s position. If parents cannot agree on custody and parent-time, a custody evaluation may be needed. Hiring these experts is extremely expensive and often delays final resolution.
PROS: If one spouse or partner refuses to cooperate, the other spouse or partner can obtain a final resolution and is not held in limbo.
CONS: Litigation is expensive. Because of the adversarial nature of the process, the family is often traumatized. It is expensive. While parties hope to have their day in court, each party is usually upset with the final resolution and feels they have not been heard.
Recognizing that a marriage or long-term relationship is ending can be frightening. Change is hard. The unknown is unnerving. However, staying in an unhealthy relationship takes its toll not only on the individual and the family unit but also on employers. Knowing there are options that support families in transitions without the trauma of a nasty court battle can ease an employee’s stress.
Diana Telfer is a family law practitioner at Clyde Snow in Salt Lake City.