Internet

Good question, Tech Tipper Tom! Do you need to encrypt my legal nurse consulting business data to keep it away from prying eyes? My answer is “That depends.” If you’re using a desktop system for your legal nurse consulting business and there’s no one around but your immediate family, and if you believe you can trust them, there is no reason to encrypt the hard drive on your PC. But, if you share a desktop with your spouse and children and they have a habit of getting malware infestations, you may want to encrypt the data. If you’re a Certified Legal Nurse Consultant who uses a laptop computer only and who keeps the data on the local drive of that computer (versus on an external hard drive or server in your office) and who also travels with that computer or shares it – you may want to encrypt your data. The way I see it, even paranoids have real enemies, so if you feel you have the need to encrypt your data, you should. If you’re like me and are rolling your eyes at the thought, you don’t.

As a CLNC^® consultant who chooses to keep your information from the eyes of Internet villains and you’re running the “ultimate versions” of Windows^® Vista or Windows 7, you can use Microsoft’s BitLocker to encrypt your data. Those legal nurse consultants running XP or older versions can use a program such as TrueCrypt, a free download, to encrypt your drive or a portion thereof.

No matter what program or method you use to encrypt your data, you’ll need to keep your password or encryption key in a safe, easy-to-get-to place in order to access your files. Otherwise, you’ll be just like any other hacker trying to get to them and, if you used a strong password or effective key, you may never be able to “crack it.” If you go the encryption route, take measures to protect your password/key.

If you’re not up for learning to use an encryption program, the next best thing is to toughen up your password to the point that even you have trouble remembering it. You could try setting a BIOS password but any proper villain with access to your motherboard can reset the BIOS and bypass that security measure. In my recommendation, strong passwords are the best defense.

Keep on techin’,

Tom

That’s a pretty powerful question with many different answers. Back in June, I tweeted about a high-profile case that involved an MD who was blogging about his medical malpractice trial as the trial was in progress. I used this as an example to illustrate why Certified Legal Nurse Consultants should recommend that their attorney-clients check out social media (and the blogosphere) for postings by opposing parties (and their own parties), before and during a trial. That case ended in a substantial settlement for the plaintiff after the MD was shown to have exposed trial strategy, ridiculed the case and made generally inappropriate postings for which he was confronted during the trial.

Another MD blogged about a recently concluded medical malpractice trial. His blogging initially raised all sorts of HIPAA questions (which became a nonissue once the suit was filed and anything happening at trial became public). Just to be safe, the MD allegedly changed some of the “facts” as you can read in his disclaimer. This raises issues of what sort of information should or should not be exposed, even after a trial. Granted you can sit in a courtroom, listen to the testimony and see the evidence, but you are not privy to the thinking, reasoning and strategy decisions of the attorneys and the parties they represent. Perhaps that’s something an attorney wouldn’t want his defendant or plaintiff blogging about. Read the articles and analyses on both these cases and make your own decisions. Keep in mind that attorneys are under their own ethical restrictions that we’ll discuss below.

A famous poker player won’t appear on those poker television shows that televise a player’s hand. He doesn’t want people to see how he plays, bluffs or calls on certain hands because they could develop a strategy to beat him. Trial attorneys might feel the same way about having their strategies exposed.

That being said, let’s look at a different set of potential bloggers, the jurors and/or courtroom spectators. In our electronic age no one, and I mean no one, likes to be “off the grid.” Spectators blogging from the courtroom are the equivalent of news reporters and don’t present a problem.

Smart phones with easy Internet access like the Blackberry^® or iPhone^® have created modern day courtroom issues. Judges have always admonished jurors not to read about a case or view television trial coverage, but how many judges give jury instructions regarding blogging? Tweeting (micro-blogging) and even researching the basis of the parties’ claims raises issues during a trial. Even something as simple as texting can be problematic. Remember, jurors are supposed to make their decisions based solely on the information they receive in the courtroom – only the evidence introduced at trial. So if a juror reads a blog about the trial, that would be the same as viewing a news report about the trial or Googling the underlying claims. That sort of behavior risks prejudicing the case or raising the possibility of a mistrial. Attorneys should search social media and the blogosphere during and after trial for traces of this type of misconduct. Some people are shameless about what they post, so armed with a few keywords and content of text messages sent during a trial, it can be quite simple to discover and possibly render a juror liable for contempt.

So far we’ve discussed the plaintiffs, defendants and jurors – what about the plaintiff and defense attorneys? Any Certified Legal Nurse Consultant will remember from the Institute’s CLNC^® Certification Program that attorneys are ethically prohibited from disclosing certain confidential client communications without the client’s consent. This applies to the blogosphere both during and after trial. But what about statements made in advance of trial or while selecting the jury that might tend to influence a well-read jury pool? A few attorneys make money writing books about their high-profile clients but that’s well after the client’s gone to jail (or not). A gag order by a judge can preclude an attorney from blogging about an ongoing trial. Attorneys may use hypothetical postings as long as there is no reasonable likelihood the client or situation can be identified. With all this in mind, blogging, texting and even list serve postings will be an issue to watch (or read about).

Judges, like attorneys, are ethically restricted from discussing pending or ongoing matters being litigated. So, if you think you see the judge texting from beneath the bench, let your attorney-client know. They may not want to risk the ire of a judge who’s simply discussing dinner plans, but might infer the judge wasn’t fully present during trial.

Finally, there’s you – the legal nurse consultant. As you work closely with the attorney-client and the litigation team, you’ll have inside information about the case, the parties, strategies, etc. As an agent of the attorney you are also precluded from disclosing certain confidential information. If you value your legal nurse consulting business you must refrain from tweeting and blogging about a trial in progress (“The defense expert is getting blown away – we’re moving in for the kill with my questions on SOC.”) without your attorney’s knowledge and permission. In fact, I recommend you not discuss your cases at all on the Internet. Frankly, it’s poor business practice.

Social media and blogging are emerging parts of cyberspace and both sides in the legal arena need to explore and monitor their usage. It’s a brave new world of communications and communicability for legal nurse consultants and the legal profession. If you use your mind (while others around you are losing theirs), you’ll successfully avoid any amateur mistakes.

Success Is Inside!

Other than tech factotum and chief PITA, I play one other major role in our office. As network admin for Vickie Milazzo Institute, I can make or break passwords at will. A few clicks in Active Directory (AD) and your password is now one of my choosing.

It’s a fact of admin life that you can often look around a user’s cubicle, office or toilet stall and guess their password within three tries. Sometimes it’s simple. I just look behind a photo of their spouse or pet or in a drawer for a hidden sticky note with the password that should have been memorized and not written down. That’s pretty embarrassing for the user (and even more so when I remind them that the cleaning krewe could do the same thing). If I can’t guess the password (and I’ll sometimes resort to a little social engineering while I search so it’s not that tough), I play a computer-admin joke. The joke’s set-up is to change the password in AD to a new one of my choice and then go bet the user (lunch at Chipotle maybe) that I can guess their password. Once the bet’s made, I have the user log off and then I log on with my new password. It usually shocks most users. I then force a password change so that they have to reselect a less “easy” password. They never realize that I really didn’t guess their password. My password game is almost as much fun as switching the user’s default font for one that’s upside down or backwards. (Yeah, I know – get a real life.)

My point here is that most users, and probably most legal nurse consultants (but not Certified Legal Nurse Consultants) have simple passwords and use the same password and variations of that password for almost all their log ins. This includes their gmail, Yahoo! mail and other webmail accounts, eBay, Facebook and probably Amazon.com (not to mention PayPal). Webmail accounts are one of the most lucrative sources for crooks. Why? Because once broken into, these accounts often contain email with embedded links to other financial and online banking information. If someone hacks your webmail, they can often hijack your financial data.

Knowing your email address and using well known deep-web search engines like Spokeo.com, I can track instances of your email address throughout the web. If, as part of your legal nurse consulting business or just your personal life, you write reviews on sites that use your email as the user id or login, or if you keep a public wish list, your accounts will be laid out like penny candy in a dime store. That means I can hack your shopping too, if you used that same simple password.

How do Certified Legal Nurse Consultants prevent this type of hacking? Of three possible methods, only one is easy. The hardest (the one that nobody, and I mean nobody, even admins don’t like) is to maintain hardened passwords. Hardened passwords contain at least eight characters that include upper and lower case letters, numbers and symbols. In a later blog, I’ll give some tips on creating hardened passwords. For now, don’t use anything simple like your birthday, pet’s name, social security, driver’s license number or combination of these or anything else that directly relates to you.

The next solution is the easiest and least secure. It should only be used by legal nurse consultants who have a computer dedicated to their business that does not travel. This means a homebound computer whose only risk of loss is burglary (or being tossed out when it acts up). If you’ve got one of these dedicated computers, you can use your Firefox or Internet Explorer (IE) Web browser to remember your passwords. Both browsers will prompt you to store passwords that you enter for any website. This free solution works pretty well. It’s when you forget a password that you run into trouble. Internet Explorer encrypts and stores the passwords in the Windows registry.

If you forget a password, you’ll need to purchase a program to allow you to recover the encrypted password(s). These programs vary depending upon which version of IE you’re running. I always worry about third-party programs so this is my least favorite method of password management. If you’re a Firefox user and forget a password you can easily view them by clicking Tools, Options, Security, Saved Passwords and finally Show Passwords, then Yes. This makes it a snap to find a password you can’t remember. Of course, if you can do this, so can anyone else accessing your computer.

The last solution is the best but requires some trust. It’s to use a password-storing program or service. If you’re a legal nurse consultant who is a PC user (Windows^® XP or Vista) there are inexpensive programs ($29.95) like Roboform. These programs encrypt and store your passwords, logins and sometimes credit card information. With the Roboform2Go upgrade you can load your information onto a USB stick and take it with you wherever you go (attorney’s offices, vacations, business travel, etc.). I’ve never been a fan of USB devices for passwords because I lose too many things (if anyone finds my Plantronics Bluetooth headset drop me an email) and I can just imagine the USB stick falling into evil hands. Mac users can use 1Password Password Manager, a $39.95 download for Macs that accomplishes many of the same functions as Roboform.

Before you buy, confirm that the programs are compatible with your most commonly used Web browser. Both offer a free, restricted version that has certain limitations but provide test drives for those of you who like to look before you leap.

For password management, any Certified Legal Nurse Consultant could do a whole lot worse than investigating and using a password manager like Roboform.

In my next blog I’ll talk more about creating hardened passwords.

Keep on techin’,

Tom

Any legal nurse consultant who owns a computer running the wonderful Windows^® operating system (OS), has, at some point been faced with the little pop-up that tells you something to the effect that “high-priority updates are available for your computer, would you like to download and install them now?” My answer is a whole-heartedly qualified “Yes! I sure would in certain situations.”

I live behind a firewall, I’ve got eight real servers, a couple of virtual ones and any number of different “legacy” (geek-speak for older) programs running across 25+ computers at any given time. Before I can do an OS update or upgrade, I’ve got to make sure it doesn’t “break” anything (geek-speak for causing an older program to no longer run correctly) causing your users, then you, much pain and grief. This update/upgrade issue is compounded by our numerous websites designed to be viewed with various versions of any number of different browsers (Safari, Firefox, Internet Explorer, etc.) running different web services to collect and transfer data. So, when Windows asks me if I want to add a new service pack to my XP operating system, or high-priority updates to my Office programs or even to upgrade to a new level of Internet Explorer, I have to step back and think about it.

However, if I was a Certified Legal Nurse Consultant running Windows XP or Windows Vista and the Office family of productivity software (talk about an oxymoron!), I’d have a different answer. As an individual user not connected into any “legacy” software and whose system is working with existing printers, scanners, etc., I would install every service pack for Windows XP and Vista that comes down the line. Service packs are upgrades to the operating system itself and usually contain fixes for other issues that have arisen since the last service pack. They’re designed to cure deficiencies in the original program and make it into something safer and more stable than the prior version. In Windows XP’s case service pack support has been discontinued and only high-priority updates will be issued in the future. Service packs are a way to upgrade to a newer and better version of your operating system (keep your Vista service packed up). If you’re worried that an existing program won’t run correctly after a patch, do a Google search before you download and install the latest version to see if the new service pack is contraindicated for your software. If not, go ahead, download and install that sucker.

Even Apple offers OS upgrades (and patches) designed for the same purpose. According to an article in The New York Times, researchers at Symantec found 26 vulnerabilities in the Mac OS X in 2008 versus 27 for Windows Vista. The takeaway? No matter what OS you’re using – keep it current.

High-priority updates are different than service packs. High-priority updates are just that – fixes for something Microsoft has deemed a high-priority problem. Believe me, if Microsoft thinks it’s high-priority, it is (or was six months ago when it was identified and Microsoft started working on a patch [geek-speak for "emergency fix"] for the issue). Download and install high-priority updates. Always. Period. End of story. Your computer won’t be completely safe, they never are, but it will be as safe as can be as long as it’s fully patched and packed up.

How do you go about setting this up? There are a couple of ways. The easiest is to go into your Windows Control Panel (Start, Settings, Control Panel or Start, Control Panel depending upon what start menu you use) and adjust your Automatic Updates to download and install updates automatically. Then, every Wednesday night, or whatever time and date you set, your computer will contact Microsoft’s servers to check for updates and it will download and install the updates automatically. This is a great way for a CLNC^® consultant to keep his/her computer up-to-date.

If you don’t trust Microsoft to do this (and not everybody should), you can open Internet Explorer and go to windowsupdate.com and follow the instructions to check your computer against the lists of the most current service packs and updates. The computer will do so on its own, just give it permission to install the necessary applets and give it some time. Without releasing any private information to Microsoft, your computer will be checked and a list of “high-priority” and “available” updates will be generated for your computer. I usually select just the “high-priority updates” and then review the list to see what Microsoft feels is high-priority. You can deselect any that you don’t think you need, and then let the computer install them. Sometimes it takes a couple of reboots but I feel much safer afterwards.

If you have a company-issued computer or work for a company and access various programs through a virtual private network (VPN), you’ll want to check with the IT department to see what the company policies are on updates – automatic or otherwise – before you install anything. After all, you don’t want to be the one to “break” the system! Otherwise, if you’re using your own computer – go ahead and patch and pack it up!

Keep on techin’,

Tom

Friday I came home from work, docked my computer, fired it up and went to check the movie times at the dollar theater for my big date with Vickie. Fired up Firefox – nothing. Opened up IE8 – nothing. Tried Safari – still nothing. Looked at the DSL modem and router – all seemed fine (all das blinkenlights vas blinken und flashen). My first reaction was that my end is working, it must be that the Internet is down.

Since I was in a hurry to catch up with Vickie for dinner and a movie I didn’t have time to adequately diagnose the problem. Now, I can go a month without cable television. I only watch “The Weather Channel” anyway (it brings my blood pressure down getting “Locals on the 8s”). But the prospect of a weekend without the Internet terrified me. How would I know what was on eBay, what the Octomom was up to and how was I going to download the latest LOLcat in my Fam-spam?

All through dinner and Star Trek I thought about the problem. Was it limited to my computer? Did I have a cable pulled out? Had I paid the bill? Was there any construction on the street yesterday that could have cut my lifeline to Google? Was the Internet really down (there wasn’t anything on the radio about it) or was it something even more sinister?

I put it out of my mind and managed to have a fitful night’s sleep. The next morning, after a cup of healthy green tea to stimulate my mental processes (well process anyway), I attacked the problem fresh. First, I rebooted my computer. Still nada. Second, I fired up Vickie’s computer and, while it was booting, checked all the cables running into my dock/port replicator – all were in place and my network connection light was blinking properly. Third, I looked in the system tray in the bottom right of my screen to see if my LAN (local area network) connection was functioning – LAN was okay.

Fourth, I checked Vickie’s computer – no Internet there either. Problem duplicated so I know it’s not isolated to my computer alone (good news – maybe).

Next I called AT&T to hear the Internet outage report. No problems in my local area. Even though AT&T gave me a clean bill of health, I called them back, punched through all the voice-prompt systems and finally talked to Elvis from Bangalore. Elvis (who’s actually a really nice guy in Toronto who can’t pronounce “Toronto” in Canadian), tells me that he is showing a strong signal going to my router. In other words, it’s not AT&T’s fault I can’t get online, it’s me.

“So,” I ask Elvis, “what’s the next logical step?” He tells me it’s easy – just reboot my modem and router and see if that’s the issue. That’s what I was hoping not to hear; that’s the dirty job, involving crawling under the desk through a passel of dust bunnies to check all the cables on my DSL modem and my router. Elvis wasn’t up to it (but he did offer to stay on the line until the issue was resolved) so someone else had to do it. Vickie was still downstairs drinking healthy green tea oblivious to the impending disaster that would befall us if I couldn’t get the Internet back on. The job fell to me. Everything else had tested negative, it was time to tuck my red cape into my shorts, take Elvis’s advice and pull the plugs.

First, I unplugged the router then unplugged the DSL modem. Das blinkenlights are no longer blinken. I waited a minute to allow any dynamic memory to clear itself out. Once everything was still (not blinken) I took a deep breath, plugged the DSL modem back in and let it fire up (start blinken). Then I plugged the router back in and let it acquire a signal from the modem (and start blinken). Next, still holding my breath, I walked back to my computer, fired up the browser and…Yahoo! It’s back! I started breathing again, thanked Elvis profusely and got on with my day. I also have a WAP – a wireless access point (to give me wireless in the backyard) plugged into the router so I rebooted that too just for good measure.

What’s the takeaway for the Certified Legal Nurse Consultant? When your Internet is unavailable, don’t call your computer manufacturer’s help line. Instead follow these steps:

1) If you have a second computer sharing your network, see if it can connect to the Internet (I know, I didn’t do that first).

2) Reboot your computer to make sure it’s picked up any connections.

3) Check your physical network connections (your LAN) to your computer (skip if you’re connecting wirelessly).

4) Call your Internet service provider (ISP) to see if there are any network outages affecting your area.

5) Reboot/restart your cable or DSL modem and any router/hubs and/or WAPs you have plugged into that modem.

Internet outages are rare – the issue is usually something simple, so attack the problem in a logical order and you should get a simple and fast resolution.

Here’s another takeaway – if you’ve gone to VoIP (voice over internet protocol) for your legal nurse consulting business your phone calls are going through your Internet connection. This means that when your Internet is down you’ll need a cell phone or a landline to report the problem!

Keep on techin’,

Tom