Technology is and will increasingly be an essential part of running a law firm. The law practice management solutions available today offer so many advantages and efficiencies over traditional practices. There are still downsides, however, and first and foremost on the minds of many attorneys is data protection and security. In particular, cloud-based software and storage solutions are the source of some of considerable concern among practitioners.
Last week in my “Legal Technology in Solo/Small Firm Practice” article, I discussed some findings of the 2018 American Bar Association Legal Technology Survey Report. I want to continue that discussion, here, focusing on security.
Security is a big deal. A huge deal!
Law firms of all sizes have substantial volumes of valuable, sensitive customer data, perhaps even more so than retail, hospitality, or other customer-focused companies. We’re not just talking about client names, addresses, contact information, and payment information. As attorneys, we are involved in our clients’ intimate transactions, and client files can include:
Confidentiality and protection of client data have always been an issue in our industry, but new technology tools are raising new security concerns. The universe of law practice management systems and tools available today offer so many advantages, but they are not entirely without risk.
And the bad news is that many law firms still lack reliable defenses against cyber threats.
In 2017, Panama-based Mossack Fonseca suffered a leak of 11.5 million files from their database that exposed information from over 210,000 client companies. The “Panama Papers” – remember that?! Recent reports found that over 80% of the largest 100 firms in the U.S. have been breached since 2011, with approximately one-sixth of those losing essential files and information in the process.
The potential impacts of a data breach are significant:
Among ABA Tech Report survey respondents, fewer than one fourth had experienced some form of breach. However, 66% of solo firms claim they did not suffer any loss or disruption. Quite similar to solos who responded, 65% of firms with 2-9 attorneys made the same claim. This might explain why the number is rather low for those who hold a cybersecurity insurance policy, at 27% for solos and 36% for small firms. I’m proud to tell Colorado Lawyer Team Offices clients that I have such an insurance policy. And trust me, it’s a huge weight off my shoulders, too.
When it comes to data retention policies, the good news is that our solo and small firm colleagues are thinking about this issue! In the survey, 33% of solo practitioner respondents indicated that they had a data retention policy in place, with 51% of small firm practitioners (firms with 2-9 attorneys) claiming the same. The primary methods they use include the following:
Online backup makes total sense to me. It’s cost-effective and convenient, and who doesn’t like that combination? Using Dropbox, Typeform, the Google Suite, and other cloud-based document management systems means I don’t have to worry much, if at all, about backing up my client and practice data. But if that weren’t enough, I also maintain local and offsite backups of every single case in order to protect client data from corruption/ accidental deletion, and my ethical obligations to maintain client files for a set period of time (depending on type of case). Of course, each practitioner needs to analyze the pros and cons of the various data retention methods to know which would work best for them and their firm. I like all three! It’s just one more way Colorado Lawyer Team Offices utilizes legal technology to help clients stay safe and secure.
If you are not familiar with password management tools and systems, you might want to become so, especially if you are venturing deeper into the tech world for your practice. The premise of a password management tool is pretty simple. You guessed it: it’s a way of storing passwords. But it’s a bit more than that. It also helps you to produce new ones when the need arises, and the passwords the technology selects are 1,000 times more secure than choosing a random one yourself. My firm uses Lastpass, but there are other options out there.
If you’re not using one of these systems just yet, though, you seem to be in good company. Only 26% of solo practitioners and 9% of practitioners in firms with 2-9 attorneys reported using a password management tool. I suppose these low numbers surprise me a bit, particularly given that the number of firms claiming to have been infected with a virus, malware, or spyware is quite high: 31% of solo respondents and 48% of small firm respondents. Whatever their reason is for not taking advantage of this tool, it certainly could save a potential mess down the road if they change their mind.
I didn’t jump into my current data and security strategy without a little apprehension. OK, maybe a lot of apprehension! I put a lot of research and thought into the tools I use today (and the tools I decided not to use). And I rethink my approach all the time, in response to new software and evolving threats.
In the end, it all comes down to what works best for me and my clients. And, it should for you as well. If you want to discuss how technology can enhance your practice, please contact me. I would be happy to help!