Articles

Excerpt:

We realize that many of you are reading the title of this column and saying to yourself, “What annual technology review?” You belong to a big club. But if you are not doing an annual technology review, you are not serving your law firm well. So, let’s start with the threshold question . . .

WHY DO LAW FIRMS NEED AN ANNUAL TECHNOLOGY REVIEW?

You may have noticed that keeping up with technology is next to impossible. The authors each read an average of two hours a day and we still can’t keep up. The best advice is to be pragmatic and recognize that if you assess your technology once a year, including your cybersecurity, you’re doing much better than the average firm.

One very good reason to do an annual technology review is to control your technology budget. If you fail to review your technology costs each year and plan for an annual budget, you are very likely on your way to a “big bang” expenditure caused by your failure to plan. No law firm enjoys an abrupt and large depletion of its funds.

Annual reviews also allow you to spot software you are using that may be going out of support. It is astonishing how many lawyers are still using Windows 7, which is now out of support and therefore not receiving security updates (except for rare situations which apply largely to big firms). That makes Windows 7 unethical to use.

As you go through your annual reviews, you will undoubtedly note that your technology costs (hardware, software and IT/cybersecurity support) have increased over time. As our friend Jim Calloway is fond of saying, “Every law firm is also a technology business.” That is very true in the digital era. As Jim has also noted, older technology impedes the efficient running of your law firm – it hurts productivity, which obviously impacts your bottom line.

Read the entire article here.

Excerpt:

ABA RESOLUTION 105

 The ABA House of Delegates adopted Resolution 105 at the 2018 ABA Midyear Meeting. The resolution supports the goal of reducing mental health and substance use disorders and improving the well-being of lawyers, judges and law students. It urges stakeholders within the legal profession to consider the recommendations set out in The Path to Lawyer Well-Being: Practical Recommendations for Positive Change. The pursuit of lawyer wellness has spread rapidly through law firms, bar associations, state bars and state supreme courts.

The National Task Force on Lawyer Well-Being, assembled in August 2016 to “create a movement toward improving the health and well-being of the legal profession,” defines lawyer well-being as a “continuous process whereby lawyers seek to thrive in each of the following areas: emotional health, occupational pursuits creative or intellectual endeavors, sense of spirituality or greater purpose in life, physical health, and social connections.”

Read the entire article here.

Excerpt: The majority of lawyers don’t know a lot about artificial intelligence (AI). Everyone has heard the hype, few know the reality, and everyone groans when the words “robot lawyer” are spoken.

There may really be robot lawyers one day, but not soon.

ABA RESOLUTION 112

On August 12, 2019, the ABA House of Delegates passed Resolution 112, which states:

“RESOLVED, That the American Bar Association urges courts and lawyers to address the emerging ethical and legal issues related to the usage of artificial intelligence (“AI”) in the practice of law including: (1) bias, explainability, and transparency of automated decisions made by AI; (2) ethical and beneficial usage of AI; and (3) controls and oversight of AI and the vendors that provide AI.”

The authors are delighted to see this resolution passed. We are being shaped by artificial intelligence in ways we have not yet fully grasped. Kudos to the ABA’s SciTech Section for bringing the resolution forward and forming a working group to address these issues.

Read the entire article here.

Excerpt: We always look forward to the ABA Legal Technology Resource Center’s Annual Legal Technology Survey Report on the use of technology in the legal profession. The summary of the “Marketing and Communication” portion of the 2019 survey was recently published. It was written by our good friend Allison Shields and contains some fascinating (and worrisome) statistics.

Respondents to the 2019 Survey segment covering websites and law firm marketing were mostly solos or from smaller firms, consisting of 27% solos, 29% lawyers in firms of 2-9 lawyers, 18% from firms of 10-49 lawyers, 11% from firms of between 100-499 lawyers, 10% from firms with 500+ lawyers, and 5% from firms with 50-99 lawyers. The average age of respondents was 58 years old, with 55% of respondents identifying as 60+ years old, and another 24% between 50-59 years old. Wow, the graying of the profession is noteworthy – or do younger lawyers not participate in surveys?

Read the entire article here.

Excerpt:

WHY DO ONLY 25% OF LAW FIRMS HAVE INCIDENT RESPONSE PLANS?

One of the most striking findings of the ABA’s 2018 Legal Technology Survey Report was that only 25% of law firms had an Incident Response Plan (IRP). In a world struggling daily against cyber incidents and data breaches, that is a piteous statistic. We don’t know why so many law firm fail to create incident response plans, but it is time to come to grips with the necessity of having an Incident Response Plan. The last time we focused on this subject in an article was in 2015. It is definitely time to revisit the topic and issue a rallying cry for the adoption of IRPs.

Read the entire article here. Incident Response Plans Come of Age

Excerpt: In our line of work, we see a lot of law firms who have been breached. “Headless Chicken Mode” is our name for the reaction of those who have not prepared for a breach – they have no incident response plan. They run in circles, hysterical, with no idea what to do. Sadly, there are a lot of law firms without an incident response plan –a 2018 study by IBM Resilient and the Ponemon Institute revealed that half of all organizations described their incident response plans as informal, ad hoc, or completely non-existent.

Today, for law firms, not having a formal incident response plan is inexcusable – and unethical under these new opinions. With respect to cyberattacks, our own experience has shown:

• The faster you catch a cyberattack, the less it will cost you and the faster you can recover.
• You are no stronger than your weakest link (usually your employees).
• With a good incident response plan, preparation is 2/3 of the effort, and the remaining 1/3 is solving the problems when an attack occurs.

Read the entire article here.

We understand why lawyers have cybersecurity paralysis. They don’t understand cybersecurity, experts disagree on the best steps to take, the majority of cybersecurity measures involve spending time and money – and to top it off, the threats and defenses against those threats change daily. Here’s a brief roadmap to where you should be going.

By the Numbers: Where We Stand Today
Thanks to the ABA’s 2018 Legal Technology Survey Report, we have some solid numbers to ponder as we construct our roadmap. Looking strictly at the big picture statistics, these were the ones we found most significant.

• 23% of respondents reported that their firm had been breached at some point.
• Of those reporting that they had been breached, the percentage breached generally increased with firm size until you got to large firms – 14% were solos, 24% for firms with 2-9 and 20-49 attorneys, 42% with 50-99 attorneys, and 31% with 100+ attorneys.
• 60% reported that their firms had not experienced a data breach. It is important to note that it is extremely possible that many firms experienced a breach and never detected it.
• 9% of those breached notified clients and 14% notified law enforcement.
• Of those breached, 41% reported downtime/loss of billable hours, 40% reported consulting fees for remediation of the problems, 11% reported loss or destruction of files, and 27% reported replacement of hardware/software.
• 40% reported experiencing an infection with viruses/malware/spyware, with the greater number occurring in firms with 2-49 attorneys and the lowest in firms with 500+ attorneys.
• 34% reported having cyberinsurance coverage (the percentage is growing, but slowly).
• 24% reported using full-drive encryption, a low number in these days.
• 29% reported using encryption of email for confidential/privileged data sent to clients.

Without bombarding you with numbers, the smaller the firm, the less likely it was to have a policy covering document retention, acceptable computer use, remote access, social media, personal technology use and employee privacy.

Read the entire article here.

Excerpt: The Electronic Frontier Foundation (EFF) announced on May 20th that it had launched TOSsed Out, a new iteration of EFF’s continuing work in tracking and documenting the ways that Terms of Service (TOS) and other speech moderating rules are unevenly applied to people by online services. Sometimes, posts are deleted. Sometimes accounts are banned. For many people, the internet represents an irreplaceable forum to express their ideas, communicate with others, etc.

We have long been fans of the EFF and were delighted to hear that cybersecurity guru Bruce Schneier is leaving IBM, in part to focus on teaching cybersecurity to the next generation but in part to focus on his role as a public interest cybersecurity specialist. Since he is already on the board of the EFF, he is in a great position to be of help.

But back to TOSsed Out, which follows in the path of Onlinecensorship.org, which EFF launched in 2014 to collect reports from users in an effort to encourage social media companies to operate with greater transparency and accountability as they regulate speech. TOSsed Out will focus on the ways that people are negatively affected by these rules and their erratic enforcement.

Commercial content moderation practices negatively affects lots of folks, especially people who are marginalized. This includes black women who share their experiences of racism to sex educators whose content is deemed too explicit. TOSsed Out’s mission is to show that trying to censor social media ends up removing legal, protected speech.

Read the entire article here.

Excerpt: “We don’t believe in digital marketing. We believe in marketing in a digital world.” – Clive Sirkin, CMO of Kimberly Clark

And a digital world it is. We live in a world where three year olds have their own tablets (and operate them quite expertly, thank you very much) and people can work on a project across the globe from their kitchen table in their pajamas. While it is an exciting time, it is also a very challenging time to reach people and to stand out effectively in the crowd. Understanding Mr. Sirkin’s quote is a great first step. The basics of marketing have not changed (networking, creating/maintaining client relationships, word of mouth, etc), but the world in which we market has. It’s a fast-paced, ever-evolving digital world and lawyers must stay vigilant, educated, creative, and honest to stay in the game.

Read the entire article here.

Excerpt: There are thousands of stories of lawyers who ill-advisedly purchased technology or technology services. Let’s start with one such story – starring a very successful and highly respected lawyer who we will dub “Joe.”

Joe noted correctly that his website traffic was falling off a bit and determined that he would find a new website designer who could redo his site and take care of his search engine optimization (SEO). Off he went to a legal conference in Florida where he ran into a very personable salesman who worked for a website design/SEO company.

The salesman promised him the sun, the moon and the stars. Joe knew nothing about website design or SEO, but he really liked this fellow and he believed his promises. He signed an expensive contract and waited. It wasn’t long before his website, which had declined in Google searches under the previous vendor, absolutely hit rock bottom. Joe was losing the steady stream of clients previously provided by his website. Though we never investigated the reason, we suspect that “black hat” SEO may have been used – and that Google (which scans for prohibited SEO tactics) therefore punished Joe’s firm by dropping him in its rankings.

That’s when we got a call. Joe knew we didn’t do website design/SEO, but he knew we had a lot of knowledge about it. And by this time, his law firm was really suffering. So he contracted for a few hours of consulting work to locate a local firm (outsourcing to India for these services is usually a really bad idea).

We knew of a good local web design firm known for high quality SEO which had previously done such work for a number of law firms. We set a meeting with Joe and the web design company and attended the meeting as well. Why? We were there to ask the hard questions, to understand the technology being employed, to nail down the pricing and services offered and (always important) to act as a bulls*** filter.

The meeting went well. The firm made good on its promises and Joe’s website began soaring in the Google rankings. His stream of clients from the website increased steadily – and Joe was soon looking for new lawyers.

Read the entire article here.