Excerpt: More and more companies and law firms are moving to the cloud and not in a small way. BetterCloud reports that by mid-2017, large enterprises are expected to have adopted 52 Software as a Service (SaaS) applications on average. In last year’s survey, 14% of G Suite organizations and 5% of Office 365 organizations ran 100% of their IT in the cloud. It shouldn’t be a surprise that those percentages are expected to increase. By 2020, it is expected that 50% of G Suite organizations and 34% of Office 365 organizations will be running 100% of their IT in the cloud. The message is that the cloud is here to stay, but what does that mean for law firms? Should lawyers move to Google’s G Suite or Microsoft’s Office 365? This is a question we are asked more and more by audience members when we lecture – it has begun to recur so often that it finally occurred to us that it might be a useful article.
Excerpt: One of a law firm’s most critical assets is its website – and yet protecting it is a priority that is often overlooked. Reading this and you’re not in a law firm? The same rules apply, so keep reading!
A lot of lawyers simply don’t think about protecting their websites. They ask why anyone would target them, especially if they are solos or small law firms. The sad truth is that, today, the majority of attacks against websites are automated. The bad guys throw out a net looking for websites with vulnerabilities and pull in whatever insecure fish they can find – along with any data held on your website.
If you are targeted, the risk is much greater. In all likelihood, you are now facing a more sophisticated attacker with a clear agenda who is likely to have more sophisticated tools.
Excerpt: Some days are just more interesting than others. You could almost hear the mournful wailing of spooks (the CIA kind) as WikiLeaks released thousands of documents describing sophisticated software tools used by the Central Intelligence Agency to break into smartphones, computers and even Internet-connected televisions.
The New York Times reported that the documents, at first review, appeared to be authentic. The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments. The entire archive of CIA material consists of several hundred million lines of computer code according to WikiLeaks.
Initial reports overstated what the technology could do, suggesting that the encryption for popular apps such as Signal and WhatsApp had been compromised. As the details become more clear, it was noted that the apps themselves were NOT compromised. Rather, if the phone was compromised, by malware for example, encryption doesn’t do you any good since the app has to decrypt the message for you to read it, thus allowing a successful attacker to read it. The real news was that both Androids and iPhones have allegedly been compromised by the CIA and allied intelligence services, meaning that apps such as Signal and WhatsApp cannot protect your privacy.
Excerpt: Can lawyers actually manage their technology (instead of it managing them)? Can firms create and enforce policies that provide a secure environment for their users and protect client data, rather than acting like computer usage and security if the “Wild Wild West,” where anything goes?
Buying, implementing, replacing, and securing technology are huge challenges – especially when you have billable work to do. And yet, technology (and the policies that govern its usage) is the most important part of a law firm today – at least after the carbon-based units!
Excerpt: Recently, author Nelson had the pleasure of interviewing David Beech, the CEO of the professional services firm Knights in the UK. David has led the business, originally a law firm, since 2011. His vision for Knights is to become the leading regional professional services business in the UK.
The interview took place on the Legal Talk Network podcast (The Digital Edge: Lawyers and Technology) with co-host Jim Calloway, available here.
By way of introducing David, he qualified as a corporate lawyer in 1990 and in the late 90’s turned to law firm management until 2004 when he left the practice of law to raise and manage a private equity fund. He brought these skills together by leading Knights to become the first professional services firm to raise external private equity investment in June of 2012 and to become the fastest growing commercial firm in the UK.
Excerpt: Sadly, your greatest asset – your employees – are also the greatest threat to your cybersecurity. We know this because we regularly see data breaches and ransomware infections caused by click-happy employees. You also have rogue employees determined to use their own devices, go where they want on the Internet, irrespective of firm policies. When we train them, they tell us that they are scared – and you know what? That means we did our job. One of the great fallacies that employees believe is sometimes called “The IT Shepherd” – they simply have faith that the flock (employees) is protected no matter what they do by the shepherd (technology). You need to make them understand that no technological defenses are ironclad.
Excerpt: People are inherently lazy. After all, why do something today that you can put off until tomorrow? Users hate to do anything that would slow down their access to their computer or data. That means they would much rather just sit at a keyboard and start to surf the Internet instead of entering logon credentials and then entering a second factor. How many times have you been tired of the constant password changes only to resort to using one you know you’ll remember and have previously used? Didn’t feel like creating a new account so passed on that online purchase? You are not alone.
A recent study from the National Institute of Technology (NIST) found that the majority of typical computer users experience security fatigue, which leads to risky computing behavior at work and in their personal lives. Security fatigue is defined as a reluctance or weariness to deal with computer security. So what does this mean for law firms? A balanced approach is the way to go. If you make things too difficult for the users, they will find ways around the security measures.
Excerpt: Almost all law firms have an IT consultant, whether an outside consultant or in-house employee. All too often, lawyers believe that information technology wholly embraces information security. It does not. While there is a lot of crossover between the two fields, most IT providers are aware of basic security best practices – they are not actually cybersecurity specialists – though they may feel that they are!
As technology has gotten more and more complex, it has become critical to have access to folks who do a “deep dive” into security. A security specialist who is all textbook and has no practical experience with IT is no good to you. All the certifications in the world are no substitute for experience.
Excerpt: In the summer of 2016, author Simek had the pleasure of joining a Pennsylvania Bar Association panel comprised of both testifying experts and judges to explore how to find and effectively use a good expert.
It seemed to author Nelson, sitting in the audience, that she was hearing a series of rapid-fire tips so she endeavored to jot them down, in no particular order, to offer the collective wisdom of the panel. Here are some of the many valuable tips she heard…
Excerpt: That was the question I was asked to answer at the College of Law Practice Management’s 2016 Futures Conference. As part of a great legal technology panel, my answer was quick and decisive. No, it will not be.
Look how the cone of silence (check mentions of Maxwell Smart if you don’t recognize the reference) around law firm breaches has shattered in 2016 alone. It turns out that law firms, even major law firms, have been breached again and again. Do we really believe that there will be any respite from the attacks?
Law firms, by their very nature, are honey pots. If you target a corporation, you may get that corporation’s data, but probably not a lot of data from other companies. On the other hand, law firms hold the data of many individuals and corporations. That’s what makes us such an attractive target. And our security is, in general, not as good as that of major business entities – though we are getting better.