I had another topic for this column when I received a call from my editor telling me she had received a suspicious e-mail from me. As I explained to her what probably happened, it occurred to me that many lawyers also might benefit from understanding how viruses and worms work and how best to protect their computers.

Between news of terrorist attacks and threats, we've had a major black-out and several virulent attacks of computer viruses and worms. The Aug. 14 blackout was more wide-spread than those in the Northeast in 1965 and 1977. It also had a greater impact on the U.S. economy. The earlier blackouts occurred when law offices relied on electronic or electric typewriters rather than personal computers. Larger firms had word processing departments that used expensive, dedicated word processors to grind out larger documents. Few offices had access to fax technology even though it had been around since just after the turn of the 20th century and no one outside academia had e-mail. This summer's blackout made us more aware than ever of our total dependence on technology.

While we can't control the impact of large-scale power outages on our homes and businesses, we can take smaller steps to lessen their consequences. Many larger firms and buildings now are looking into purchasing backup generators to power their offices in the event of another power failure. The cost of this option may be beyond the budget of smaller firms.

The next best alternative is battery-backup units connected to key office components. An uninterrupted power supply (commonly called a UPS) will cost several hundred dollars more than a power strip but includes a battery that, depending on the unit, can keep a computer going 10 to 30 minutes after power is halted. The purpose is to al-low enough time to properly shut down programs and turn off the computer rather than having it turned off for you. Most of the better UPSes can be configured to close programs and then shut down.

Databases such as billing and case management programs are particularly vulnerable to data corruption when closed improperly. As the power started to fail on the 14th, my UPS began beeping. Knowing that New York City had been blacked out, we shut down our server and desktop computers and called it a day. We were actually one of the luckiest in that we never really lost power - those few beeps of the UPS were as close as we came!

Charged up

One lesson many of us learned after Sept. 11's terrorist attacks was to ensure any devices that run on battery are kept fully charged. When not in use, I keep my laptop computer plugged in, my cell phone connected to the charger and my Palm Pilot in its recharging cradle. If I had something I had to do during a blackout, these devices are backups.

And don't forget about the "low-tech" emergency supplies while pre-paring for the next potential catastrophe. A colleague told me about the client who was in his 10th-floor office in New York City when the power went out. No one had a flashlight to help them descend the stairs. Luckily, the client keeps a small flashlight attached to his keychain. Make sure there's proper emergency equipment for the office and staff such as flashlights, batteries, water, first aid equipment, etc. Develop a checklist for disasters, including having someone regularly bring a tape backup of the server to a remote location. Consider both expected and unexpected events, and plan with the idea that each time you leave your office, you might not be able to return for an extended time.

As the second anniversary of Sept. 11 approaches, the other lesson to consider is contingency planning in terms of people. Make sure more than one person knows how to perform each critical task and work toward documenting systems and procedures. Have a game plan including how to reach one another and work remotely if needed.

Viruses and worms

The other way to protect information accumulated over the years is to ensure against viruses and worms. A computer virus is a program that attaches itself to an existing file to be distributed to other computers. A worm doesn't connect itself to a file.

While it was called a virus, the SoBig.F bug that has been deluging computers with tons of messages in the past few weeks is technically a worm. Blaster and Welchia, which also have been making the rounds, also are worms. While very disruptive and frustrating, none of these causes severe damage such as deleting files from the computers they infect. Rather, SoBig.F began with an e-mail attachment that if opened infected that computer (if not properly protected) and instructed it to communicate with one of 20 other computers where a mystery program had been planted.

Reminiscent of whodunit stories, the New York Times described an international hunt for the 20 targeted computers that involved the FBI, many internet service providers, the Department of Homeland Security and law enforcement agencies worldwide. Before dangerous instructions could be disseminated by the 20 targets, the agencies successfully disconnected most of the targets. Apparently, part of the goal of the writers of this worm was to overload the internet by having thousands of infected computers trying to connect to the 20 targets.

The SoBig.F worm was spread quickly through e-mail messages with subject lines like "Thank you!" "Wicked Screensaver," "Re: Details," or "That Movie". Recipients of these messages couldn't infect their computer unless they opened the attachment. If the attachment was opened on a computer without sufficient virus protection, the worm looked at the names and addresses in the e-mail address book and sent messages from some of those recipients to other e-mail addresses. The idea was to make the incoming e-mail with these innocuous subjects initially appear to be from acquaintances and therefore more likely to be opened.

So, my editor happened to get an infected e-mail from someone who happened to have my e-mail address in his or her address book. The volume of incoming infected messages at some large companies forced them to shut down their systems. I know that a day or two after the first messages started appearing along with my legitimate e-mail, I was getting about 500 incoming messages associated with the virus. It got to be so time consuming to delete the bogus e-mail that I changed some of the rules managing my e-mail to filter out the SoBig.F messages.

Protection

What can be done to protect computers from virus and worm infections? Offices with a server should have a hardware-based firewall. These devices from companies like Soho cost about $500 and literally erect a wall to protect computers from intruders.

Regular full backups taken off-site protect against a variety of disaster scenarios and should always be part of the protection plan. Home computers that are not part of a network or those that have direct access to the internet should have a software-based firewall such as offered free from ZoneLabs.

Next, ensure every computer in the office is protected by anti-virus software and regularly gets the most current definitions. Network-based anti-virus programs such as the Norton Corporate Edition make virus protection a low-maintenance task by regularly updating the network definitions and sending them to each workstation rather than relying on individual users to update their own virus definition files.

Educate your staff about how to identify "bad" e-mail before it causes damage. One of the best sites to check for hoaxes is sarc.com. Here you can type in a phrase such as "wicked screensaver" and see whether it's a real virus or worm, or merely an annoyance. Symantec.com also is a good resource to see whether an incoming e-mail is a danger or a hoax.

A hoax is an e-mail that sounds legitimate enough that you want to share it. For example, one that seems to make the rounds occasionally starts, "A friend of mine got this information from someone at IBM …" One of my other favorites advises you to delete esoteric files that are part of the Windows operating system. Before acting on these, double-check them at a reliable website to be sure they are good advice.

End run

The writers of these viruses, along with marketers who send spam messages, have gotten more clever over time. Users formerly could set up a rule or filter in their e-mail program to automatically delete any messages that included, for example, the word "viagra" in the subject; now it's purposely misspelled to get past the easy filters.

Creators of the SoBig.F worm were equally clever. While it was easy to create a rule that rejected any incoming e-mail with the subject, "Wicked Screensaver," it's not smart to automatically delete messages with the subject "Thank You." Consequently, even though I set up rules to reject obvious virus-laden messages, I'm still deleting a fair number.

If you're in doubt about any of these messages, just delete them. Most people know to expect answers to their e-mail within a day or two, and if they don't get a response and it's important enough, you hope your clients and colleagues will either re-send or pick up the telephone.


Carol L. Schlein is president of Law Office Systems in Montclair, a training and consulting firm specializing in law firm automation. She was named Technolawyer's legal consultant of the year for 2003. Previous columns are on her company website, losinc.com. For information about her quarterly meetings for Time Matters users, check the website or e-mail info@losinc.com. Schlein formerly chaired the Computer and Technology Division of the ABA Law Practice Management Section.

Questions for Carol L. Schlein on law office technology may be faxed to New Jersey Lawyer at (732) 650-7010, e-mailed to news@njlnews.com or mailed to "Law Technology Questions," New Jersey Lawyer, Edison Square, 2035 Lincoln Highway, Suite 3005, Edison, N.J. 08817.