Technology is and will increasingly be an essential part of running a law firm. The law practice management solutions available today offer so many advantages and efficiencies over traditional practices. There are still downsides, however, and first and foremost on the minds of many attorneys is data protection and security. In particular, cloud-based software and storage solutions are the source of some of considerable concern among practitioners.
Last week in my “Legal Technology in Solo/Small Firm Practice” article, I discussed some findings of the 2018 American Bar Association Legal Technology Survey Report. I want to continue that discussion, here, focusing on security.
The New Challenges of Cybersecurity
Security is a big deal. A huge deal!
Law firms of all sizes have substantial volumes of valuable, sensitive customer data, perhaps even more so than retail, hospitality, or other customer-focused companies. We’re not just talking about client names, addresses, contact information, and payment information. As attorneys, we are involved in our clients’ intimate transactions, and client files can include:
- Confidential intellectual property;
- Personal and/or corporate financial information;
- Evidence of wrongdoing and other sensitive information; and
- Business secrets.
Confidentiality and protection of client data have always been an issue in our industry, but new technology tools are raising new security concerns. The universe of law practice management systems and tools available today offer so many advantages, but they are not entirely without risk.
And the bad news is that many law firms still lack reliable defenses against cyber threats.
Nobody Wants a Data Breach – But They Happen. All. The. Time.
In 2017, Panama-based Mossack Fonseca suffered a leak of 11.5 million files from their database that exposed information from over 210,000 client companies. The “Panama Papers” – remember that?! Recent reports found that over 80% of the largest 100 firms in the U.S. have been breached since 2011, with approximately one-sixth of those losing essential files and information in the process.
The potential impacts of a data breach are significant:
- Lawsuits from former and past clients whose data was compromised
- Regulatory enforcement actions
- Loss of clients and difficulty retaining new clients
- Potentially irreparable damage to personal and firm reputation
Among ABA Tech Report survey respondents, fewer than one fourth had experienced some form of breach. However, 66% of solo firms claim they did not suffer any loss or disruption. Quite similar to solos who responded, 65% of firms with 2-9 attorneys made the same claim. This might explain why the number is rather low for those who hold a cybersecurity insurance policy, at 27% for solos and 36% for small firms. I’m proud to tell Nicol Gersch Petterson Offices clients that I have such an insurance policy. And trust me, it’s a huge weight off my shoulders, too.
Have a Data Retention Policy
When it comes to data retention policies, the good news is that our solo and small firm colleagues are thinking about this issue! In the survey, 33% of solo practitioner respondents indicated that they had a data retention policy in place, with 51% of small firm practitioners (firms with 2-9 attorneys) claiming the same. The primary methods they use include the following:
- External Hard Drives – 58% of solo practices utilized this method, while 42% of attorneys in firms with 2-9 attorneys did also.
- Offsite Storage – 19% of solo practitioners reported using an off-site storage method and 34% of firms with 2-9 attorneys did.
- Online Backup – 39% of solo practitioners and 40% of firms with 2-9 attorneys chose an online backup program.
Online backup makes total sense to me. It’s cost-effective and convenient, and who doesn’t like that combination? Using Dropbox, Typeform, the Google Suite, and other cloud-based document management systems means I don’t have to worry much, if at all, about backing up my client and practice data. But if that weren’t enough, I also maintain local and offsite backups of every single case in order to protect client data from corruption/ accidental deletion, and my ethical obligations to maintain client files for a set period of time (depending on type of case). Of course, each practitioner needs to analyze the pros and cons of the various data retention methods to know which would work best for them and their firm. I like all three! It’s just one more way Nicol Gersch Petterson Offices utilizes legal technology to help clients stay safe and secure.
Use a Password Keeper
If you are not familiar with password management tools and systems, you might want to become so, especially if you are venturing deeper into the tech world for your practice. The premise of a password management tool is pretty simple. You guessed it: it’s a way of storing passwords. But it’s a bit more than that. It also helps you to produce new ones when the need arises, and the passwords the technology selects are 1,000 times more secure than choosing a random one yourself. My firm uses Lastpass, but there are other options out there.
If you’re not using one of these systems just yet, though, you seem to be in good company. Only 26% of solo practitioners and 9% of practitioners in firms with 2-9 attorneys reported using a password management tool. I suppose these low numbers surprise me a bit, particularly given that the number of firms claiming to have been infected with a virus, malware, or spyware is quite high: 31% of solo respondents and 48% of small firm respondents. Whatever their reason is for not taking advantage of this tool, it certainly could save a potential mess down the road if they change their mind.
Other Data Protection & Security Measures
- Use a secure client portal (my accountant does this, and I love uploading and not having to worry about financial data out on the interwebs!)
- Limit network and data access privileges to only essential persons (i.e. set a strong password, too!)
- Use multi-factor authentication (simple, easy, effective)
- Build in multiple layers of data and network security (malwarebytes is a great real-time threat protection tool, and don’t click on strange links!)
- Ensure software is always up to date (check your microsoft update schedule to make sure the latest patches are downloaded rgularly)
- Implement cybersecurity policies and ensure compliance (including with staff and employees)
- Train colleagues in cybersecurity best practices (other attorneys can always benefit from a ‘best practices’ approach)
- Routinely test your system, including the people who use it (it’s probably not economical to hire a hacker to break into my systems at this point, but I reevaluate every few months and always read up on the latest trends in tech support and security)
- Partner with only trusted vendors (who have their OWN security protocols and encryptions in place)
- Have a comprehensive cybersecurity strategy!!!
Nicol Gersch Petterson Offices, LLC: Serious about client security
I didn’t jump into my current data and security strategy without a little apprehension. OK, maybe a lot of apprehension! I put a lot of research and thought into the tools I use today (and the tools I decided not to use). And I rethink my approach all the time, in response to new software and evolving threats.
In the end, it all comes down to what works best for me and my clients. And, it should for you as well. If you want to discuss how technology can enhance your practice, please contact me. I would be happy to help!