TurboLaw Software News

"I wanted to write to thank you and your firm for the substantial support. I have dealt with other vendors of legal software, and TurboLaw is by far the best, both with respect to the product itself and also with respect to the technical support assistance which you provide.

"Your services and product has promoted the efficient running of my office."

Joyce G. Perocchi
North Andover, MA

New Massachusetts Data Security/Privacy Regulations and Small & Mid-Size Law Firms

March 22, 2010

What the New Massachusetts Data Security Regulations Really Mean for Small and Mid-Size Law Firms

You may have heard of the new regulations released by the Massachusetts Office of Consumer Affairs and Business Regulation – specifically, 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth (PDF link).

These regulations apply to anyone who owns or licenses certain information (so-called “personal” information) about a Massachusetts resident, but for the purposes of this discussion, we’re going to limit ourselves to how these regulations apply to law firms.

Many law firms, and especially smaller firms, don’t have an in-house IT person or technical staff, which leaves the attorney or office manager to grapple with the issues raised by these regulations – issues which in many cases go well beyond their areas of expertise. The goal of this article is to help people understand how these regulations apply to them in plain English.

Note: While we hope you find this article helpful, this isn’t meant to be a definitive guide as to what you should do to make sure your firm complies with these new regulations. This is just general advice and tips.

First, some definitions – the regulations themselves contain a far more extensive “definitions” section (see section 17.02 of the actual regulations) – so we’ll just cover the basics here.

What exactly is “personal” information? The regulations define what constitutes “personal” information – specifically, information that is personal is: A person’s first & last name (or first initial & last name) in combination with any one (or more) of the following:

Social Security number
Driver’s License Number (or other state-issued ID number)
Financial account number(s) (checking/savings account number, etc.)
Credit card number(s)

What exactly am I required to do? In general, you have to take steps which are appropriate to the size, scope, and nature of your business to protect “personal” information from unauthorized use. More or less, this means coming up with a (written) plan to make sure that the personal information you have is kept safe, keeping that plan up-to-date and making sure everyone in your firm is educated about the plan.

Section 17.04 of the regulations spells out what you have to do as far as computer security is concerned. This section is broken down into a number of topics relevant to computer security.

Secure User Authentication: This is a very technical way of saying “user names and passwords.” We’ve posted a link to an article from Microsoft on choosing strong, secure passwords before, but in general, the longer your password is, the more secure it will be. For most people, the password you need to worry about the most is the password you use to log on to your computer (that is, log on to Windows). Fortunately, Windows allows you to use very long passwords – you can even use spaces and upper & lower case letters – so you can pick very long, but easy (for you) to remember passwords. You can use entire sentences, complete with punctuation, if you want.

For example, the password (or “pass-phrase” as it’s sometimes called when it’s this long) “I grew up on my uncle’s farm in Sudbury, Massachusetts” is very long (54 characters) – which makes it very strong. (A 54 character password, using just the letters, numbers, and punctuation marks on your keyboard, has something on the order of 2.564 x 10⁹¹ possible permutations!) The benefit of a long pass-phrase like this is that its length gives it strength (it’s hard for someone else to “guess”), but the fact that it’s a plain English sentence makes it easy for you (the user) to remember. After all, a good password does you no good if you can’t remember it!

Another useful tip is that most computer systems have a limit on the number of times you can try to log on while getting the password wrong (3 or 5 are the usual number of tries you’re allowed). After you’ve tried to log on a few times, but gotten it wrong, you might be locked out – or you might have to wait a period of time before you can try again. This helps prevent people from just guessing passwords as fast as they can (usually automatically using another computer).

However, the built-in “Administrator” account in Microsoft Windows (and in other operating systems too, like Mac OS X and Linux) usually has no limit on the number of times the password can be guessed (after all, you need at least 1 account that you can’t be locked out of, so that you can log on and unlock the people who guessed wrong). It is very important to set a very strong password for the “Administrator” account. If your “Administrator” account doesn’t have a good password, then all of your other good passwords are useless, since by definition the “Administrator” account has access to everything on your computer.

Secure Access Control Measures: In general, this means that people only have access to the files & data that they actually need to get their job done. Your bookkeeper, for example, doesn’t need access to your client’s financial statements – that’s not part of his or her job. Likewise, your receptionist doesn’t need access to your firm’s financial records (unless your receptionist is also your bookkeeper of course!).

All versions of Windows since Windows 2000 provide easy ways for you to set “permissions” on files, so that you can give access to files to some users, but not to others. However, these “permissions” depend on the user who is logged onto the computer – so if you have two or more people “sharing” a computer, make sure that you have a separate user name for each of them. Otherwise, from the computer’s point of view, they are all the same person and have access to the same files.

Secure access control also means disabling or deleting user accounts for people once they no longer work for you anymore – this is something that many people forget to do, and the result is that the ex-employee now has a “back door” into your files. Even if he never intentionally uses it, the account is still around, and he may re-use his password somewhere else, and it may get stolen, and now whoever stole the password has access to your files!

Encryption of personal information sent over public networks (e.g., the Internet): For most people, this refers to email – but it can also refer to websites where you upload files or enter and save information.

Encryption is a complicated topic in itself – but you can think of it as “locking” something in a box or safe, so that no one else can open it up. In respect to email, encryption means that you lock the email before sending it, and the recipient also has to have his own copy of the “key” so that when he receives it, he can unlock the email.

The difficulty here is of course that the recipient must already have the key to unlock the email in the first place. It’s sort of a catch-22 situation – no matter what you do, you need the recipient to somehow already have the “key” before you can send encrypted email. There is no easy answer to this – other than not to send “personal” information via email in the first place. There are many different third party services which offer ways to send encrypted email – but all of them involve making the person to whom you’re sending the email have to do something “extra” to get your message. Whether this involves signing up for an account with the third party service or something else entirely, he will have to do something. (This is one of the main reasons that encrypted email – although it’s been possible for years and years – has never caught on.)

As far as email is concerned, it’s worth remembering that you only need to encrypt emails that contain “personal” information – and remember that “personal” information isn’t just someone’s name, it has to be a name and some form of ID number (SSN/License/credit card/etc.). So if you never send that sort of stuff by email, you’ll never have to encrypt your email.

If you only need to send personal information by email once in a while, you might be able to get by with one of the third party solutions for encrypted email – assuming that you let the recipient know in advance that he’s going to have to do something extra to get your file. Alternatively, you might turn to a secure website for transferring files – we’ve talked about this before here in our article on “Solving the problem of sending sensitive files by email.”

If you upload files that contain personal information to any website (or if you enter and save personal information into a website), chances are that the website already has encryption – just look for the little “lock” icon that appears in your browser when you visit that site. If the “lock” icon is there, then the connection is encrypted.

If you use a third party website which saves personal information, you also have to check with the provider of that website to make sure that the information you’re saving there is also adequately protected – basically, the people who run the website have to comply with the Massachusetts regulations just as you do.

Reasonable Monitoring: In general, this means exactly what it sounds like – take reasonable steps to monitor your computers and make sure that no unauthorized use has taken place. In other words, it means “be aware of your stuff.” Of course, what constitutes “reasonable” will depend greatly on the size and resources of your firm, but in general you’d want to have some sort of record or log of (for example) when someone tries unsuccessfully to log on several times (this might mean that someone’s trying to guess your password and log on).

Encryption of Personal Information on Laptops and other Portable Devices: This part of the regulations is required because laptops and other “portable” computers (netbooks, iPhones, Blackberries, etc.) are naturally more susceptible to being stolen, due to the fact that they are portable – you might forget your laptop somewhere, or it might be stolen, and so on. Because of this, you need to take extra precautions with the information on portable computers.

For example, if someone steals your laptop, even though you have a very good, strong password that prevents him from just logging on and reading your files, he can still just take your laptop’s hard drive out of the laptop and plug it into a different computer and read the files off of it. (The same thing goes for desktop computers as well, but since they are safe behind the locked doors of your office, it is less of a worry.)

To prevent someone from just reading the files off of your laptop’s hard drive, you need to “encrypt” the files – basically, locking them with a “key” which only you know. Fortunately, this is not very hard to do, although there are many different ways to go about doing it. We’ve talked about encrypting your client files here before, in our article on “Keeping your Client’s Data Safe.” If you use Windows, and you have a good, strong password, you can use the encryption that is built right into Windows itself (see our article for links on how to go about doing this).

The only files you absolutely have to encrypt (as far as these regulations are concerned) are the files that contain “personal” information. However, if you have lots of files in many different programs all over your computer, you may want to encrypt the entire hard drive (using “whole-disk” encryption). The top-end editions of recent Windows versions (e.g., Windows 7) have whole-disk encryption tools built-in, or you can use a third party solution.

As far as portable devices (iPhones, Blackberries, etc.) go, there may be encryption software available, or you may be able to use a PIN/password feature of the phone itself to “lock” the phone completely so that if it’s stolen, no one can use it (without erasing the phone’s memory, which of course also erases any personal information, thus keeping it safe from unauthorized use).

Up-to-date firewalls, anti-virus, anti-malware: This section of the regulations is just formalizing what you should already have – to use a computer that’s connected to the Internet these days without some sort of firewall or anti-virus is just asking for trouble. Fortunately, all of these options are very easy to take care of.

If you have an Internet connection to your office, chances are you have some sort of “router” into which you plug your computers and which then is connected to your actual Internet connection (DSL/Cable modem, etc.). Your DSL or Cable modem may even be a router itself – this depends on your Internet provider and the manufacturer of your DSL/Cable modem. Most modern routers also act as a firewall as well, keeping the computers in your office “invisible” from the outside Internet. Some even offer more advanced filtering options – you should check the manual that came with your router to be sure.

In addition to your router, chances are your computer itself has a “software” firewall built in – all versions of Windows (since Windows XP Service Pack 2) have a firewall built in. As long as you haven’t turned it off, it should be silently doing its job, keeping outsiders from connecting to your computer.

Anti-virus and anti-malware programs are likewise easy to come by, although you need to take care with selecting a reputable vendor, as some spyware/malware disguises itself as anti-spyware or anti-malware programs – so you think you’ve installed a program to protect you, when in fact it is not doing anything but infecting your computer!

There are many well-known names as far as anti-virus programs go – and most of them are available as a “suite” of products, that includes a firewall, anti-virus, and anti-malware. Some you must pay for (and these usually include extra options, for example the ability to administer remotely the settings for all the computers in your office), while others are free. Although we tend not to recommend any one product over another, Microsoft does have an anti-virus and anti-spyware program called Microsoft Security Essentials which is both free and very effective. There are of course other products, which you can easily find both online and at your local software/office supply store.

Education and Training: The final aspect of these regulations involves both education and training. Basically, all the security in the world won’t do any good if the people using the systems aren’t educated about how it works and what they need to do to keep it working. Keep yourself and your staff informed on what proper procedures are for handling personal information in your firm so that no mistakes are made. (For example, you might prohibit your staff from copying files with personal information onto USB flash drives to take home and work on – since their home computers and the USB flash drive itself are not subject to your control and might not be secure.)

In many security breaches, the problem is often not a technical one, but instead a case of “human error.” So keep your staff informed on how personal information must be treated and you will help greatly reduce the chances of unauthorized use of personal information.

Final Thoughts: Although the new Massachusetts data security regulations may appear to be somewhat complex or demanding at first glance, many of the things mandated by these regulations are actually things you are already doing (or should be doing). Although you do have to do some extra work to keep on top of your security policy (such as writing it down and keeping it up-to-date), most of the other things you are required to do are relatively easy to accomplish.

Remember, this guide is just a guide – although it is very easy to learn how to secure your computer systems using the information found here and elsewhere; if you’re not confident that you can do it, please seek the advice or help of a competent computer technician or IT person.

Posted by: Keith M. Survell.
Keith is the head of development at TurboLaw Software and writes frequently about how to use technology (such as TurboLaw) to work smarter, faster, and more efficiently.
No Comments
Filed Under: Technology & Law

TurboLaw 2.73 Released

January 14, 2010

We are happy to announce that TurboLaw 2.73, the latest version of our popular automated document assembly software, is now available. If you have TurboLaw, the next time you open it, you should see a notice about the updated version appear in the bottom-right corner of your screen (it may take a short while to appear, depending on your Internet speed).

This new version features a number of changes designed to make it even easier for you to get your work done:

The TurboLaw Migration Wizard is now bundled with TurboLaw itself, to help make it even easier to move your TurboLaw data from one computer to another (as when you get a new computer or switch computers)
The registration window has been revised to allow you to try to register online again, instead of only allowing you to click it once
Text on the registration window has been re-worded to make it more clear
The Update Utility has been improved to better handle random Internet connection problems that some people encounter (especially when using wireless Internet)

As always, we continue to update TurboLaw based on feedback we hear from our customers – so if you have an idea or suggestion for TurboLaw, we’d love to hear from you!

TurboLaw Time and Billing 1.16 Released

November 19, 2009

It may not have a big red bow tied around it, but the latest release of TurboLaw Time and Billing – Version 1.16 – could be considered our “early Christmas present” to all of our users.

The biggest change in this new version is undoubtedly the incredible variety of new bill templates we’ve added.

These new templates not only give you the ability to create fantastic-looking bills, they also show just how much you can do with TurboLaw Time and Billing’s template system and a little bit of creativity.

Here is a preview of all the new bill templates (click on any image to see a larger version):

: “Atlantis”

: “Boston”

: “Woodstock”

: “Phoenix”

: “Manhattan”

: “Papyrus”

We hope you enjoy these new themes – and remember, you can always pick one of these themes and customize it further to suit your taste.

As always, your TurboLaw Time and Billing will check for updates automatically and notify you when a new update is available. Just watch for the pop-up balloon, or for this message at the bottom of your screen:

This message lets you know a new update is available.

Remember – we welcome your feedback as well, so don’t hesitate to let us know if you have any thoughts or comments about the program.

We hope you enjoy this latest version of TurboLaw Time and Billing!

Time and Billing Reports: “Aging Report”

November 16, 2009

Often, users of TurboLaw Time and Billing who are switching from another time and billing system want to pull up certain types of reports, but they only know the name of the report from their previous billing system.

To help with this, we are going to be posting a series of articles that describe step-by-step how to produce the same reports you’re used to from your old billing system in TurboLaw Time and Billing.

Displaying an “Aging Report” in TurboLaw Time and Billing

In today’s article, we’re going to show you how to display what other billing programs might call an “aging report.”

Note: you can click any of the images in this article to enlarge the picture.

Step 1: Switch to the Bills view by clicking Bills from the left-hand navigation bar.

Step 2: Using the options at the bottom of the left-hand navigation bar, choose to see bills grouped by Age.

That’s it! The bills you see are now grouped by age, so you can see at a glance how many bills are in each age category, and what the totals are for each age category. This is what some programs might call an “aging report.”

You can also print this view by clicking the File menu and choosing Print.

As always, our goal is to make TurboLaw Time and Billing as easy to use as possible – and that includes making it easy to switch to TurboLaw Time and Billing from another billing program. If you have questions about how to produce a report from your old billing program in TurboLaw Time and Billing, feel free to ask us!

Time and Billing Reports: Client Recap

November 9, 2009

How to Produce a “Client Recap” Report in TurboLaw Time and Billing

What some billing programs might call a “Client Recap,” TurboLaw Time and Billing calls “Account History.”

TurboLaw Time and Billing makes it very easy to see a “client recap” report for a particular client.

Step 1: Open the client you wish to view the recap report for.

Step 2: Click the Account History button.

That’s it! The account history window is the TurboLaw Time and Billing equivalent to a “Client Recap” report in some other billing programs. You can view the account history as either a “tree” type view (with items “grouped” into 4 main groups) or as a grid (like a check register). You can also print both views by clicking the Print button.

Time and Billing Reports: MTD or YTD billed by client or time keeper

November 2, 2009

How to Produce MTD or YTD “Billed by Client” or “Billed by Time Keeper” Reports in TurboLaw Time and Billing

In today’s article, we’re going to describe how to produce a class of reports, and not just one particular report. Specifically, we’re going to show you how to produce MTD (month-to-date) or YTD (year-to-date) “Billed by Client” or “Billed by Time Keeper” (what TurboLaw Time and Billing calls “Staff Member”) reports.

Although TurboLaw Time and Billing doesn’t let you restrict the displayed information to just a particular range of dates (e.g., YTD or MTD), you can easily export the data you see on your screen into a program such as Microsoft Excel, which is capable of very advanced data manipulation and display – including the desired MTD or YTD reports.

In general, it is possible to pull up these types of reports in Excel in just a minute or two.

Note: you can click any of the images in this article to enlarge the picture.

Step 1: From the Home screen, click the Add/Edit Work Items button to bring up the Time/Work window.

Step 2: From the Time/Work window, click the Export button and save the exported data on your computer.

Step 3: Open the file you just saved with your preferred spreadsheet program (e.g., Microsoft Excel).

Step 4: Now that you have the data in Excel, you can bring Excel’s advanced filtering and reporting tools to bear on it. Just select the columns you would like to filter by, and then click the Sort and Filter button in Excel.

(Note: these pictures are taken from Microsoft Excel 2007 – if you are using a different version or a different spreadsheet program, your options will look different. Please consult your program’s help file for how to perform the equivalent steps in your particular program.)

Step 5: Set the filtering options you would like on the columns you have selected. You can do this by clicking the little drop-down type box which appears in the heading of each column.

Above: the Date column showing the filter drop-down button

Above: the filter drop-down lets you filter dates in any way you like. In this picture, we are filtering for YTD (year-to-date).

Above: you can also filter by name. In this picture, we are filtering by client name.

That’s it! Now your data is filtered to be either MTD or YTD, as well as restricted by client or time keeper (what TurboLaw Time and Billing calls “Staff member”).

You can print this data directly from Excel, or use it to perform other manipulations on the data – for example, you might want it to sum up the Amount column.

Of course, there are no limits on what you can do to the report – Excel provides a tremendous number of tools for analyzing data such as this. The only real limit is your imagination as to what sorts of reports you’d like to see!

Time and Billing Reports: “Open Slips”

October 26, 2009

How to Produce an “Open Slips” Report in TurboLaw Time and Billing

In today’s article, we’re going to explain how to produce what some billing programs call an “open slips” report.

In TurboLaw Time and Billing, what other programs might call an “open slip” we call simply an “unbilled” item. Here’s how to see a list of unbilled items.

Note: you can click any of the images in this article to enlarge the picture.

Step 1: From the Home screen, click the Add/Edit Work Items button.

This will bring up the Time and Expenses window.

Step 2: Click the Status column to sort the items by status (billed or unbilled). You’ll have to click the column twice if you want unbilled items to appear first (the first click sorts the list alphabetically, the second click reverses the sort).

Once the list is sorted, you are looking at your report of unbilled items – in other words, the “open slips.”

You can either print this report (click the Print button) or use the Copy or Export buttons to copy the list to another program or save it as a file for further modification.

That’s it! That’s how you pull up a report of unbilled items in TurboLaw Time and Billing – what other programs might call an “open slips” report.

Pro Tip: the steps above will show unbilled items for all clients – if you want to restrict your report to the unbilled items for just one client, first open that client’s window and choose the Edit Time/Work option as shown here:

time and expenses - one person

This will display the same window, but the items shown will be only for that one client.

Time and Billing Reports: “Open Invoices”

October 19, 2009

Displaying an “Open Invoice” Report in TurboLaw Time and Billing

In today’s article, we’re going to show how to display an “Open Invoice” report in TurboLaw Time and Billing.

In TurboLaw Time and Billing, “Invoices” are called simply “Bills,” and bills can be either Open (Unpaid) or Closed (Paid). Here’s how to bring up a list of Open (Unpaid) Bills, or what other programs might call “Open Invoices.”

Note: you can click any of the images in this article to enlarge the picture.

Step 1: Switch to the Bills view by clicking Bills from the left-hand navigation bar.

Step 2: Using the options at the bottom of the left-hand navigation bar, choose to see Unpaid Bills. You can choose to group the bills in any way you want – for simplicity in this example we choose No Grouping to produce just a simple list of bills.

The list you see will be all of your open (unpaid) bills – that is to say, all of your “open invoices.” You can print this list by clicking the File menu and choosing Print.

That’s it! That’s how you bring up what other billing programs would call an “Open Invoices” report in TurboLaw Time and Billing.

Webinar: How to Run a Paperless Law Office

September 28, 2009

Ernie the Attorney writes today about an upcoming webinar of his titled “How to Run a Paperless Law Office.”

“Lawyers are increasingly challenged to track information that’s growing at unprecedented rates. The rise of digital information has only increased that challenge. We are learning that processing information stored in paper is costly, cumbersome and inefficient. The solution is to switch to a paperless practice, which is challenging—but not as challenging as trying to manage both paper and digital information.”

If you’ve ever thought about trying to cut back on the amount of paper used in your law office, you may want to attend this (free!) webinar.

For more information and to sign up for the webinar, visit Ernie the Attorney’s site.

TurboLaw 2.72 Released

September 14, 2009

As always, we are happy to announce the release of the latest version of TurboLaw – Version 2.72. This new version introduces some new features as well as some improvements that will make TurboLaw even easier to use. Here’s a list of all the new features and changes, as well as a brief explanation:

Easier Registration - the registration process has been streamlined by replacing the multiple registration option buttons with a single button which simply says “Click here to register.” Since every copy of TurboLaw must be registered, and you must also re-register when you get a new computer, we try to make this process as simple and streamlined as possible.
Recent Update History - the TurboLaw Update Utility will now keep a record of all the updates (new or changed documents) it has downloaded, so that you can see what has been updated previously, rather than just in the current session. This is useful if you want to see if, for example, your TurboLaw downloaded a new version of a form that came out last week.
Safer “Alternate Case Folder” Option - previously, it was possible to select folders using the “Alternate Case Folder” option that would cause problems for TurboLaw – for example, the infamous 4160 error. Now, TurboLaw will warn you when you attempt to use a folder that might cause trouble later on.
Update Timeouts - a small number of users of TurboLaw were reporting that the Update Utility was occasionally (and randomly) “timing out” when trying to download updates, even though their Internet connection was fine. This new version of TurboLaw includes enhancements to prevent this problem from happening.

Although this is a (relatively) minor update, we do encourage all TurboLaw users to download and install this update.

If you have automatic updates turned on in TurboLaw, you will be notified about this update. If you don’t have automatic updates turned on, you will have to check for updates manually by clicking the Update menu in TurboLaw and choosing Check for Updates.

This window will appear on your screen when a new TurboLaw Update is available.

As always, please don’t hesitate to contact us if you have any trouble getting this latest update, or if you have any questions or comments. We welcome your feedback!

TurboLaw Software

TurboLaw Software News

New Massachusetts Data Security/Privacy Regulations and Small & Mid-Size Law Firms

TurboLaw 2.73 Released

TurboLaw Time and Billing 1.16 Released

Time and Billing Reports: “Aging Report”

Displaying an “Aging Report” in TurboLaw Time and Billing

Time and Billing Reports: Client Recap

How to Produce a “Client Recap” Report in TurboLaw Time and Billing

Time and Billing Reports: MTD or YTD billed by client or time keeper

How to Produce MTD or YTD “Billed by Client” or “Billed by Time Keeper” Reports in TurboLaw Time and Billing

Time and Billing Reports: “Open Slips”

How to Produce an “Open Slips” Report in TurboLaw Time and Billing

Time and Billing Reports: “Open Invoices”

Displaying an “Open Invoice” Report in TurboLaw Time and Billing

Webinar: How to Run a Paperless Law Office

TurboLaw 2.72 Released

Subscribe

Categories

Archives

Legal Blogs

TurboLaw Software News

Displaying an “Aging Report” in TurboLaw Time and Billing

How to Produce a “Client Recap” Report in TurboLaw Time and Billing

How to Produce MTD or YTD “Billed by Client” or “Billed by Time Keeper” Reports in TurboLaw Time and Billing

How to Produce an “Open Slips” Report in TurboLaw Time and Billing

Displaying an “Open Invoice” Report in TurboLaw Time and Billing

Subscribe

Categories

Tags

Archives

Legal Blogs