They say that change is the only real constant. And the changes in the practice of law are increasing with alacrity these days, especially with regard to technology and innovation.
According to Doug Hafford, CEO of Afinety, a legal technology consultancy based in Encino, CA, technology is a key issue in which most law firms are significantly lagging. Clients these days are demanding increased use of technology to protect them, their IP and confidential information. And they are seeking more efficient results on their matters. In addition, Doug points out that technology can assist a firm to run more smoothly, dynamically, and profitably.
Small and mid-sized law firms increasingly find themselves competing with large firms with vast IT budgets. One of the key ways these firms can compete is to use quality technology. The smaller firm can often surpass the man power edge of the larger firm through the efficiencies and capabilities of high value IT solutions.
According to Doug, the most important and savvy technologies to consider consist of the following five broad concepts:
Law firms need to allow their attorneys to work remotely in a secure and safe environment.
Utilizing this type of technology effectively requires a high level of security because of the ever-increasing sophistication of malware, robots and other types of attacks. This both solves the tether to the office and allows the firm to hire outside of its geographic area. More and more full-time remote users are the norm rather than the exception.
Once implemented and secured, the lawyer can work from anywhere using a wide variety of devices. In home and remote offices, courtrooms and even during travel, an attorney can not only stay in touch but accomplish real work while outside the office.
Ransomware has co-opted many law firm’s database, documents or financial records. These bad actors can extort the firm and threaten to destroy the information if they are not paid an amount to an off-shore account or some other untraceable location. Law firms can avoid this problem by first using preventative measures to keep obvious phishing attacks from ever reaching the user. Mimecast, for example, offers “targeted threat protection” which effectively stops phishing, the source of most ransomware. Keeping in mind that nothing is perfect, it is extremely important to train users to recognize fake emails quickly and easily.
One prevalent scam comes in the form of an email to an assistant, paralegal or associate. An email arrives on this person’s desk presumably from the managing partner, practice group leader or and executive committee member. It hotly requests that the recipient wire or transfer funds to an account immediately to pay for some well-defined scam. These emails seem so real because they appear to come from within the law firm itself. Many staff members have been duped into sending a large amount of funds to a fictitious address or place.
Numerous firms now have outside consultants who can provide training. For example, some of Afinety’s client take part in Afinety University, which provides this, among other types of common training for law firm staff.
Single Pane Software
Firms need a “single pane of glass” in which they can see everything they need. Many firms have applications that do not talk to each other. Some firms have their information and data so widely scattered an attorney might have to talk to Ralph to find one type of information or wait until Mia returns from vacation to get access to obtain other data. Does this sound familiar?
There are many solutions available today, such as Prolaw which offers that “single pane of glass” that can provide the user any information they need, simply by knowing something about the client or matter.
There are of course others, such as AbacusLaw, TABS with Practice Master and some web-based software such as CLIO. Often these packages can integrate time and billing, accounting, client relationship management, case management, calendaring and docketing among many other features.
Clients, and not just large corporations, are more than a little concerned about data breeches, and rightly so. They have, and may continue, to catastrophically sue their law firm if there is a significant data breech. And we are seeing more and more of these lawsuits over time.
When firms do business with financial institutions such as banks, investment firms or insurance providers, these large organizations require their legal counsel to undergo an annual security audit. These audits are often difficult, if not impossible, to pass without significant investment in security technologies. Many firms have turned to the Cloud to solve this since the large cloud providers such as Amazon Web Services (or AWS) and Microsoft Azure offer highly secure, massively redundant platforms on which to house a law firm’s network.
These providers have the security certifications and offer features such as In-Motion and At Rest encryption, Multi-factor authentication, redundant power, internet and storage as well as strong physical security suites. When choosing this option, it is important to select a provider who knows the legal industry and utilizes these highly sophisticated cloud platforms. This combination provides the finest security in the world, and the peace of mind that the firm’s data is encrypted and safe from any sort of maleficence.
Proper Disaster Recovery Planning
Even if your law firm has Cloud back up, if your firm is exploited or becomes a victim of ransomware, it can be devastating. Disaster Recover is about much more than getting your data back. Here are some considerations.
Recovery Point Objective (RPO): If your firm is infected, how much data will be lost if you are forced to restore an older backup? Common on premises backup solutions often have an RPO of 24 or 48 hours of lost work. A Cloud network, for example, might offer an RPO of one to two hours! So, if a ransomware attack happens how much data will you lose?
Recovery Time Objective (RTO): Often firms find the cost of Cloud Backup to be prohibitive, so they choose to limit what is stored there. Keeping this in mind, should an attack happen, or if the firm’s office becomes unavailable, how long will it take to get back to full operation? For on premises networks, these times are often in the neighborhood of several days to more than a week.
Who Does What?: As important as owning technology is, your staff and the firm per se must have a detailed and in-place responsibility plan. If something happens, who does what and when? How does the firm communicate internally and to its clients? A law firm that can’t communicate or demonstrates a lack of planning can easily be vaporized without a rather simple emergency plan. Planning is key to solving this puzzle, just as much as technology.
Overall however, being prepared is crucial because it is not a matter of will it happen, but most likely when.
Will your firm embrace these new technologies and safety precautions or continue to resist? The time of law firms looking in the rearview mirror at the way they have always done things has vanished like smoke into the air.
[Merry Neitlich is managing partner of EM Consultants located in Irvine, CA. She can be reached at merry@EMconsults.org or 949-260- 0936.]