TB Profile: Meet Attorney J.K. Simms

When did you know you wanted to be an attorney?

While it was somewhat in the family because my grandfather was a tax attorney, I did not really know that I wanted to be an attorney until about a year after graduating from high school.

I absolutely hated high school and took a year off when I graduated because I did not know what I wanted to do, but I knew I did not want to go in to 13th grade. The time off was great and really helped me. I worked, read a lot and met a lot of people, some of whom loved their careers and others who were still trying to figure what they wanted to do.

It was during this year “off” that I knew I wanted to be an attorney. When I went to college the next year, I treated it like a job and prepared myself for law school. I knew what it would take for me to get in to law school and was steadfastly focused in college on getting there.

Years later, here I am doing something I absolutely love.

How did you choose employment law?

Two things sparked my interest.

I wrote for the Tennessee Law Review while in law school. The case note I wrote to make it on to the Law Review was an employment law case.  I found the facts of that case and the applicable law to be interesting.

Then I worked on employment-law cases my first week as a clerk at a Nashville law firm. I knew by the end of that week that I wanted this to be my area of focus. I was fortunate that the leader of the employment law practice at the firm where I began my practice attorney was a great mentor and in addition to learning from her, she really made the practice of law fun for me.

What do you enjoy most about employment law?

I am fascinated by the interpersonal dynamics and relationships at play in this area of law. So many employment law cases, at some level, are about the breakdown of a relationship or a breakdown in communications.  Each case teaches a lesson that I can pass on to my clients so that they do not find themselves in litigation.

My clients are most often the companies that want to avoid lawsuits, or at least minimize the risk of litigation, in a tricky area of the law. It’s satisfying to help my clients avoid issues or minimize risk where could have made a major mistake even though they did not intend do.  I can never guarantee my clients that they will not be sued, but I am passionate about helping them navigate this terrain so that, if they are sued, they have effectively minimized their risk and have a strong defense in litigation if it arises.

I also enjoy litigation defense.  I love taking depositions and being in court, whether it be at the trial court or appellate court level.

So my practice is a mixture of preventative medicine and triage work.

What makes a successful client engagement?

A client who trusts you.

For example, one of the worst things attorneys sometimes experience is learning something about a client for the first time in a deposition or when he or she is on the witness stand.  I want my clients to be honest about everything from the beginning. I can’t change the facts in a case, but if I know all of them I can help the client manage the situation in a way that minimizes the risk or the damage.

It is up to me to set the tone in the attorney – client relationship where the client trusts me as their advisor and counselor throughout the relationship.

What do you do when you’re not practicing law?

I have three children: a sophomore in college, a junior in high school and a fifth grader.  They are in very different life stages but my wife and I adore our kids and love spending time with them.  We love to travel and cherish those experiences with our kids.

Also, my wife and I love going to concerts. We were young parents with our first being born when I was only 22, so we’re doing later in life what most people do in their 20s. Most of the concerts we go to have a lot of people in their 20s and 30s, but we are that age at heart I guess.

In the fall, I’ll be at every University of Tennessee home football game. Go Vols!

TB’s David Cañas Running Today’s Boston Marathon

Thompson Burton Attorney David Cañas is running in today’s Boston Marathon, the fourth time he has run the iconic marathon.

We plan to follow David’s progress online at http://raceday.baa.org/individual.html. David’s race bib number is 6268. David is already on the course, having run the first 5k of the race in 22:34 and the first 10K in 46:16.

David was also one of several Nashville marathoners profiled last week by The Tennessean. His goal is to run several marathons a year.

The team at Thompson Burton is proud of David and his outstanding passion.



Five “Cyber Hygiene” Tips for Businesses and Individuals

By Thomas Ritter

At the Republican National Convention in Cleveland last year, a security company set up several public Wi-Fi hotspots around Quicken Loans Arena to see exactly how people behaved online. Thousands of users accessed these Wi-Fi hotspots; more than two-thirds had their identities exposed, 10 percent shopped on Amazon or another site and 1 percent accessed banking records.

The company did not keep any of the records. But imagine if a hacker did this.

This test proved the need for good information security, whether for your business or for you as an individual.

As an attorney specializing in information security, I counsel companies and individuals on what I call “Cyber Hygiene” — best practices to protect your data and your privacy.

Below, I have listed five cyber hygiene tips for both businesses and individuals.

Five “Cyber Hygiene” Tips for Businesses

Businesses are primarily concerned with protecting data they store, including vital proprietary information as well as customer data.

  • Understanding all the technology touching your network and storing your data — The first step is to develop a complete inventory of all technology that connects to your network or store’s company or customer data. The list should include devices — desktops, laptops, smartphones, etc. — as well as any third-party apps — Dropbox, a variety of android and iPhone apps, Paypal, merchant processors, etc. — your company uses. I mention third parties because so many companies are moving files “to the cloud” for cost savings and convenience purposes. I’m not saying cloud services are bad; we use them at Thompson Burton. Rather, what’s important is to understand how these third parties handle your information and the security measures they employ in doing so. Most of the time, a true understanding of what third parties are doing only comes by way of reading the incredibly monotonous and ever-boring “Terms and Conditions.”
  • Encrypting devices so they lock when people use the wrong password — Many laptops and smartphones come with built-in encryption that will prevent any unauthorized access. For someone to decrypt any of your devices, they need a required password. If the appropriate security measures are in place, a person entering the wrong password too many times will completely erase the device’s data. For example, an iPhone will erase all data after 10 failed attempts. Using this service greatly reduces the likelihood that someone can access data if the device is stolen.
  • Create an incidence response plan — I’m a firm believer in “hope for the best but plan for the worst.” A response plan ensures that everyone knows what to do to keep your business up and running if your company is the victim of a data breach or hack. The plan should account for different degrees of issues. For example, finding malware on your website is very different from stolen data, which contains customer Social Security numbers. For most companies, the decision on whether or not they need to follow data breach notification requirements specific to a victim’s state often never even occurs to them.
  • Backup data regularly and have a parallel business plan — Here’s a question: What would happen to your business if employees could not access their electronic files or connect to the company network for a week? Most businesses would struggle — and some would maybe even cease to exist. This is likely to happen if you have a serious enough data breach that requires the involvement of law enforcement. What happens if law enforcement requires your business to turn over control and access to its data and network for the entirety of the investigation? This is admittedly a worst-case scenario, but a backup of your network and its data helps circumvent this potential nightmare.
  • Have outside legal counsel on call when a breach occurs — Contacting an attorney upon the immediate realization of a breach provides you some additional protection should litigation arise. For example, an attorney’s involvement in the decision to engage a security consultant helps reduce the likelihood the consultant’s work will be discoverable in litigation. An attorney can also help you navigate the maze of federal, state and industry laws applicable to your case.

Five “Cyber Hygiene” Tips for Individuals

For individuals, the primary concern is protecting one’s privacy from hackers.

  • Stop using easy passwords and writing down your passwords — It’s impossible to live without passwords. I encourage my clients to use password software, such as LastPass or 1Password, in order to store all passwords in one place so you don’t have to try and remember all of them. You only have to remember one master password for your password software versus memorizing complicated passwords for each online account. I also recommend creating strong passwords for your email, online banking accounts and social media accounts.
  • Changing the password and login when you buy new devices for your home — Many new devices that you buy for your home connect to your Wi-Fi network. These devices have default usernames and passwords — e.g. admin and 1234 — widely known and discovered by hackers who use them to access the devices and possibly your Wi-Fi. Changing the defaults provides you with an extra level of protection.
  • Use multi-factor authentication for important data — Multi-factor authentication (MFA) is a two-step process where you log in with your password and then enter an additional code sent via text to your phone. The only way someone could break into an account with MFA enabled is by having your password and the device that receives the additional code at the same time. That is highly unlikely. I recommend using MFA if possible for the data you want to protect most, such as financial records, email, etc.
  • Know when to use and not use public Wi-Fi — Public Wi-Fi, like the example I mentioned above, is convenient but also one of the biggest threats to personal privacy and data exposure. A decent hacker can watch what you are doing on public Wi-Fi and even find ways to copy the passwords you use. It’s fine to visit news or sports websites while on public Wi-Fi, but you never want to access any website that requires more invasive information like usernames or passwords. The use of free Wi-Fi opens you up to a world of potential hacking vulnerabilities.
  • Updating software with security patches — Google, Microsoft, Apple, Facebook and all technology companies invest massive amounts of money towards the protection of their customers’ information security. Those companies cannot do their jobs if users fail to update their software with the latest security patches. It’s easy to turn on automatic updates so your devices update whenever a new patch is released.

For the best “cyber hygiene” practices and legal updates on relevant privacy and data protection topics, you can follow Thomas on twitter at twitter.com/cybersecureatty.


Twitter Feed