Articles

Excerpt: Can lawyers actually manage their technology (instead of it managing them)? Can firms create and enforce policies that provide a secure environment for their users and protect client data, rather than acting like computer usage and security if the “Wild Wild West,” where anything goes?

Buying, implementing, replacing, and securing technology are huge challenges – especially when you have billable work to do. And yet, technology (and the policies that govern its usage) is the most important part of a law firm today – at least after the carbon-based units!

Read the entire article here.

Excerpt: Recently, author Nelson had the pleasure of interviewing David Beech, the CEO of the professional services firm Knights in the UK. David has led the business, originally a law firm, since 2011. His vision for Knights is to become the leading regional professional services business in the UK.

The interview took place on the Legal Talk Network podcast (The Digital Edge: Lawyers and Technology) with co-host Jim Calloway, available here.

By way of introducing David, he qualified as a corporate lawyer in 1990 and in the late 90’s turned to law firm management until 2004 when he left the practice of law to raise and manage a private equity fund. He brought these skills together by leading Knights to become the first professional services firm to raise external private equity investment in June of 2012 and to become the fastest growing commercial firm in the UK.

Read the entire article here.

 

Excerpt: Sadly, your greatest asset – your employees – are also the greatest threat to your cybersecurity. We know this because we regularly see data breaches and ransomware infections caused by click-happy employees. You also have rogue employees determined to use their own devices, go where they want on the Internet, irrespective of firm policies. When we train them, they tell us that they are scared – and you know what? That means we did our job. One of the great fallacies that employees believe is sometimes called “The IT Shepherd” – they simply have faith that the flock (employees) is protected no matter what they do by the shepherd (technology). You need to make them understand that no technological defenses are ironclad.

Read the entire article here.

Excerpt: People are inherently lazy. After all, why do something today that you can put off until tomorrow? Users hate to do anything that would slow down their access to their computer or data. That means they would much rather just sit at a keyboard and start to surf the Internet instead of entering logon credentials and then entering a second factor. How many times have you been tired of the constant password changes only to resort to using one you know you’ll remember and have previously used? Didn’t feel like creating a new account so passed on that online purchase? You are not alone.

A recent study from the National Institute of Technology (NIST) found that the majority of typical computer users experience security fatigue, which leads to risky computing behavior at work and in their personal lives. Security fatigue is defined as a reluctance or weariness to deal with computer security. So what does this mean for law firms? A balanced approach is the way to go. If you make things too difficult for the users, they will find ways around the security measures.

Read the entire article here.

Excerpt: Almost all law firms have an IT consultant, whether an outside consultant or in-house employee. All too often, lawyers believe that information technology wholly embraces information security. It does not. While there is a lot of crossover between the two fields, most IT providers are aware of basic security best practices – they are not actually cybersecurity specialists – though they may feel that they are!

As technology has gotten more and more complex, it has become critical to have access to folks who do a “deep dive” into security. A security specialist who is all textbook and has no practical experience with IT is no good to you. All the certifications in the world are no substitute for experience.

Read the entire article here.

Excerpt: In the summer of 2016, author Simek had the pleasure of joining a Pennsylvania Bar Association panel comprised of both testifying experts and judges to explore how to find and effectively use a good expert.

It seemed to author Nelson, sitting in the audience, that she was hearing a series of rapid-fire tips so she endeavored to jot them down, in no particular order, to offer the collective wisdom of the panel. Here are some of the many valuable tips she heard…

Read the entire article here.

Excerpt: That was the question I was asked to answer at the College of Law Practice Management’s 2016 Futures Conference. As part of a great legal technology panel, my answer was quick and decisive. No, it will not be.

Look how the cone of silence (check mentions of Maxwell Smart if you don’t recognize the reference) around law firm breaches has shattered in 2016 alone. It turns out that law firms, even major law firms, have been breached again and again. Do we really believe that there will be any respite from the attacks?

Law firms, by their very nature, are honey pots. If you target a corporation, you may get that corporation’s data, but probably not a lot of data from other companies. On the other hand, law firms hold the data of many individuals and corporations. That’s what makes us such an attractive target. And our security is, in general, not as good as that of major business entities – though we are getting better.

Read the entire article here.

Excerpt: For years, the authors (and many others) have been saying that law firms generally keep mum about data breaches. While we have seen a few small firms abide by data breach notification laws, the larger firms generally have not, usually hanging their hat on the “we don’t know what data was compromised” or the “we had an incident, but no evidence of an actual breach or misuse of data” excuses. In fairness, not all data breach notification laws are equal – in some cases, they may not have to disclose Whether they have told their clients is unknown, but speculation has been rising that they often have not, for fear of a mass client exodus.

Read the entire article here.

Excerpt: Cybersecurity is a hot topic these days, but what does it mean to practicing lawyers today? Essentially, cybersecurity is the protection of your information systems from theft or damage. For an attorney, that means making sure your client’s information stays confidential. Today, that includes taking steps to protect yourself from experiencing a data breach.

Are lawyers doing enough to safeguard law firm and client information? Our opinion is that many are not. Here are a few reasons we hold that opinion.

• The FBI reported at a legal technology conference in 2013 that they are seeing hundreds of law firms being increasingly targeted by hackers.
• Mandiant, now part of InfoSec giant FireEye, reported that 7% of the breaches it investigated in 2014 involved law firms.
• Another report noted that 80% of the largest 100 law firms, by revenue, had been hacked between 2011 and 2015.
• At a meeting of large firm information security experts from D.C., most admitted that they had been breached – and that they were aware from their colleagues that others had been breached as well.
• Even with the dismal record of reporting law firm data breaches, we still learn of them in the press and informally – and we will detail some of them for you.

Read the entire article here.

Excerpt: It’s hard to find statistics identifying how many people are currently running Windows 10. One thing we do know is that there were 14 million downloads within 24 hours of the release. Some estimates put the installed base at over 75 million devices. No matter what the right number is, it appears that Microsoft has added another hit operating system to its list. But is everything about Windows 10 a good thing? Not so fast. When Microsoft released Windows 10, it also updated its privacy policy. Should attorneys be concerned? The answer attorneys love to hate is…it depends. Perhaps if more people read the terms of service for software and services that they use, they would be a lot more informed as to the data vendors are collecting.

Read the entire article here.