Technology Resources for New Attorneys
Published on Mar 03, 2016
A technology primer for anyone who wants to know about law firm digital security. Created for an IP Paralegal CLE.
MORE DECKS TO EXPLORE
PRESENTATION OUTLINE
Joyce Brafford
Practice Management Advisor
jbrafford@ncbar.org
Photo by Neal.
Law Firm Digital Security
- Passwords
- Virus Protection
- Backups
- Network Security
- Employee Access Protocols
- IT Policy
Your job as a custodian of sensitive information is to make sure that you build a digital fort. Consider your security from the perspective of an invading army. Where are your weak points? Are any of your fellow soldiers easily duped into a trap? Is all lost if your fort is destroyed? Do you have a plan rebuild the fort, and protect the treasure if you're invaded or damaged?
Photo by Stefan Geens
Passwords
- Key to your digital information
- Encrypted vs. Unencrypted
- Passphrases
- Multiple Passwords
Photo by David Gallard (Mr Guep)
Encryption
Encryption is a method of storing your digital files that requires a password to decipher them. Without the password, the data is pretty useless. It's nearly impossible to decrypt something without the password, and most bad actors don't have the resources to decrypt all your files. Plainly speaking, encryption is one of your best defenders against stolen data.
You don't have to store information in an encrypted format, but it should, at the very least be password protected.
You don't have to store information in an encrypted format, but it should, at the very least be password protected.
Passphrase
When selecting a password, it's important to remember that it should be complex. Numbers, punctuation, capitalization all matter. But if you want a really great password, use a passphrase. It can be an old address, a song lyric, anything that is memorable to you. You can even go really crazy and change 5s to 'S's, and 'B's to '8's. Be as cryptographically inclined as you like.
Photo by beautyredefined
Multiple Passwords
One way to seriously damage your security profile is to use the same password over and over. Yes, we all do it, but we really shouldn't. Every login you use should be unique and complex. Suddenly it feels like we're never going to be able to remember all those complex passwords, and we're going to have to constantly reset logins. Don't worry. This is where the next slide comes in handy.
Photo by Sam UL
Password Managers
- Create New Passwords
- Manage Your Passwords
- Alert You to Overly Used Passwords
A password manager can store all your passwords. You access it using one master password. There are different types of password managers available to you, but ideally you should select one that will track all your passwords, auto populate, create new passwords and alert when you're using a password too frequently.
I really like Lastpass and 1Password. Google will also manage passwords for you, but won't generate new passwords or let you know when a password is overused.
I really like Lastpass and 1Password. Google will also manage passwords for you, but won't generate new passwords or let you know when a password is overused.
Photo by rpongsaj
Create
Most password managers that create new passwords will give you the option of setting your own password, or letting the system generate one for you. If the system generates one, you can set the complexity level. I like an auto-generated set of numbers, letters and symbols in the 12-16 character range.
The downside is that I have to use my password manager if I want to access any of my saved sites (of I can just reset the password). That means I need to use a browser extension and use the app or mobile browser the program recommends.
The downside is that I have to use my password manager if I want to access any of my saved sites (of I can just reset the password). That means I need to use a browser extension and use the app or mobile browser the program recommends.
Photo by · · · — — — · · ·
Virus Protection
- No Longer Enough
- Stay Current
- Use Well Tested Programs
No Longer Enough
- Too many new viruses to rely on software. It you installed it today, it'd be old tomorrow.
- Many attacks come from social media, cloud software and mobile phones. You can have the most secure computer in the world, and your data would still be at risk
Stay Current- You have an obligation to your clients to know what risks there are to their data, and how those risks evolve over time. 10 years ago we never would have thought that someone could steal credit card numbers from big stores like Target and Home Depot. We wouldn't have thought a malicious program could hold data for ransom. Pay attention to security risks, and take active steps to avoid them. Your virus protection is not enough by itself.
Use Well tested programs- this is not the time to go the cheap route. Save money somewhere else, and buy good, popular, well known anti-virus software.
- Too many new viruses to rely on software. It you installed it today, it'd be old tomorrow.
- Many attacks come from social media, cloud software and mobile phones. You can have the most secure computer in the world, and your data would still be at risk
Stay Current- You have an obligation to your clients to know what risks there are to their data, and how those risks evolve over time. 10 years ago we never would have thought that someone could steal credit card numbers from big stores like Target and Home Depot. We wouldn't have thought a malicious program could hold data for ransom. Pay attention to security risks, and take active steps to avoid them. Your virus protection is not enough by itself.
Use Well tested programs- this is not the time to go the cheap route. Save money somewhere else, and buy good, popular, well known anti-virus software.
Photo by Robbert van der Steeg
Backup
- Always worth the extra effort if you need it
- Back up entire system or just selected files
- Local copy, cloud copy, and restore options
Creating a backup of your data is one of the most important security precautions you can take. We all fail to backup our data regularly enough, and we fail to backup all of it. Think of all the data you create on a daily, weekly, monthly, and yearly basis. All the emails you send, the pictures you take, the documents you write, the music you download, the movies you watch, the books you read.. the list goes on. Consider how much of your digital life happens on your phone. Are you backing that up? Are you backing up your personal and work computer? Are you backing up your tablet?
Chances are you have room for improvement. We all do. Just remember that taking the time to create a backup is always worth it should you ever need it.
Chances are you have room for improvement. We all do. Just remember that taking the time to create a backup is always worth it should you ever need it.
Photo by godog
Selected Backup
There are couple different ways to interpret the word "backup." The most common form of backup is to choose certain files, and have a third party vendor store them in digital, retrievable copy for you. Generally, you store files in a specific folder on your computer, and your vendor syncs that folder to a folder on a server in some other part of the world. This is generally very inexpensive, and sometimes free or included as a part of a suite of services from a vendor.
This is a good option for client files. Even if you have a full system backup in place, having an organized place for just client files gives you, and your clients, some additional, easy security.
Good vendors are Dropbox for Business, Box.com, and Sharefile.
This is a good option for client files. Even if you have a full system backup in place, having an organized place for just client files gives you, and your clients, some additional, easy security.
Good vendors are Dropbox for Business, Box.com, and Sharefile.
Photo by Daniel Y. Go
Full System Backup
In addition to backing up specific files, it's also a good idea to completely backup your system. This happens in a variety of ways. If you have a stand alone computer, you need to back it up using a reliable product like Mozy or Crashplan. Both are great, but both will slow your system way down if you have a lackluster internet connection.
If your computer is connected to a server, your backup process is different. If you have a server in a closet somewhere in your office, you'll either have a second server that backs up the first, or you'll have a backup copy on a virtual, cloud server. Azure and Carbonite are both good options.
If your computer is connected to a server, your backup process is different. If you have a server in a closet somewhere in your office, you'll either have a second server that backs up the first, or you'll have a backup copy on a virtual, cloud server. Azure and Carbonite are both good options.
Photo by Microsoft Sweden
Network Security
- Know Your Infrastructure
- Understand Critical Access Points
- Monitor Usage and Attacks
Network security begins with an understanding of what is in, and out of your network. Think about all the connected devices you have in your office, and all the wires or wireless networks that connect them. Some of them may be only temporarily be a part of your network, like your smart phone. Nevertheless, you use that phone to conduct your business during the work day. There are some pieces of your network that are virtual, and are managed by a third party, like your online storage/backup. Your network is the way you move, store, and access data. You need to know how you are granted access, who else can access it, and who has tried to access it without permission.
Photo by yaph
What is Your Network?
Your network infrastructure consists of your internet network, wireless access points, router, modem, computers, printers, faxes, and any other connected devices. As a business, you should also have software that monitors your network, and allows you to run reports to see who's been on the network, what they've been doing, and who (what devices) have tried unsuccessfully to access your network. There are several good vendors out there to help you build a solid infrastructure for your data. For routers, wireless access points, and network monitoring, Cisco is a great solution. For high speed internet, many business choose TWC. For your VoIP Phones, consider RingCentral and Grasshopper.
Photo by Stuck in Customs
Access Points
Access points are any "door" that can be used to gain entrance to your network. In your office, a person can gain entry by getting on your wifi. Are your critical network components blocked off? Do you have separate wifi networks for employees and guests? Do you use passwords, and do you change them regularly?
What about virtual access points? Anyone connected to your network needs to use appropriate security. If an employee with main network access opens a malicious email, your whole system can be affected. It's worth it to invest in programs that can firewall individual computers from the network.
What about virtual access points? Anyone connected to your network needs to use appropriate security. If an employee with main network access opens a malicious email, your whole system can be affected. It's worth it to invest in programs that can firewall individual computers from the network.
Photo by BrunoDelzant
Network Monitoring
Consider network monitoring systems to be crossing guards or hall monitors. They will tell you who has been on your network, who is using the most bandwidth, which sites are the most popular, and if your system has been attacked.
Some systems will even help prevent the spread of malware. If you're looking for a great system monitor, take a look at Cisco.
Some systems will even help prevent the spread of malware. If you're looking for a great system monitor, take a look at Cisco.
Photo by wackystuff
Employee Access Protocol
Having written protocols for your employees is one of the most important, and most oft overlooked security measures. Your IT protocols for employees will determine what kinds of information your employees can access, when they have access, and when access will be denied.
Make sure all your employees have access to your written policy, and that they follow the rules. Part of your policy and protocol document will be an audit schedule. Regularly audit your systems to catch weaknesses or violations.
Your employee IT policy and protocol document will include minimum security requirements for each workstation, restricted websites, remote access policy, personal device policies, and access terminiation policies.
Make sure all your employees have access to your written policy, and that they follow the rules. Part of your policy and protocol document will be an audit schedule. Regularly audit your systems to catch weaknesses or violations.
Your employee IT policy and protocol document will include minimum security requirements for each workstation, restricted websites, remote access policy, personal device policies, and access terminiation policies.
Photo by Doug Kline
IT Policy
Your IT policy, like your employee protocol manual, is only as good as the effort you put into making it comprehensive, and following the rules laid out therein. Your IT policy should include things like your computer replacement schedule, your download policy and restrictions, your personal device policy, your data storage policy, your back up policy, file naming conventions, and a list of actions that will result in termination or discipline.
Photo by drumminhands
Necessary Software
Photo by Jack Amick
Practice Management Software
Practice Management Software handles your client contacts, your calendar, your documents, your case notes, your time & billing, your invoicing, your phone calls, and potentially much more.
Not every lawyer uses practice management software, but it's a really good investment. You should consider how much your time is worth, the amount of time you can save using a practice management system, and see if it makes sense for your office. In 99% of all the consults I've handled, PM software was a good decision.
Not every lawyer uses practice management software, but it's a really good investment. You should consider how much your time is worth, the amount of time you can save using a practice management system, and see if it makes sense for your office. In 99% of all the consults I've handled, PM software was a good decision.
Photo by Gwenaël Piaser
Rule 1.6
A lawyer shall not reveal information acquired during the professional relationship with a client unless the client gives informed consent.
2011 FEO 6
A lawyer may contract with a vendor of software as a service, provided the lawyer used reasonable care to safeguard confidential client information
Matter Management
Your matters/ cases/ issues/ Whatever You Chose to Call Them, need to be organized in a way that makes sense to your brain. For most people, that means that you organize your cases by the issue at hand, give it a matter number, and link it to a particular client. This is the way the majority of practice management solutions work. You can look up a case by number, issue, or client. There are separate "files" for the clients and the matter. You can add notes and documents to either file.
For each matter there is a calendar. Many PM solutions have a built in work-flow feature which allows you to input a type of matter, a triggering event, and some basic information. The Work Flow will populate your calendar with important deadlines and tasks associated with that matter.
For each matter there is a calendar. Many PM solutions have a built in work-flow feature which allows you to input a type of matter, a triggering event, and some basic information. The Work Flow will populate your calendar with important deadlines and tasks associated with that matter.
Photo by dfb
Document Management
You're going to produce and receive a lot of documents as a lawyer, It's important that you have a way to create and store them that makes sense. Most practice management solutions have a built in document management solution.
Document management is a way to create documents that have common text, and storing those documents in a way that they are easy to find.
You want a solution that has templates that you can populate with information you collect from your clients. This is one of the biggest time saving applications of practice management software.
Document management is a way to create documents that have common text, and storing those documents in a way that they are easy to find.
You want a solution that has templates that you can populate with information you collect from your clients. This is one of the biggest time saving applications of practice management software.
Photo by ShironekoEuro
Time & Billing
Another critical feature of any practice management solution is time and billing. I recommend that you use a program that is extremely flexible in the way you are allowed to bill. You want a customizable billable hour, and flat rates, but you also want percentage structures, retainers, shared billing, and other common solutions. Ideally, your provider will provide regular updates, which include new billing solutions, as the market demands.
In your time and billing function, you want to be able to keep a clear view of what each client owes, has paid, unbilled work, and their IOLTA amount. DO NOT USE STANDARD SMALL BUSINESS ACCOUNTING SOFTWARE TO MANAGE INDIVIDUAL IOLTA SUMS. Some law firms can make that solution work, but don't try it when you can use solutions that are designed to work properly.
In your time and billing function, you want to be able to keep a clear view of what each client owes, has paid, unbilled work, and their IOLTA amount. DO NOT USE STANDARD SMALL BUSINESS ACCOUNTING SOFTWARE TO MANAGE INDIVIDUAL IOLTA SUMS. Some law firms can make that solution work, but don't try it when you can use solutions that are designed to work properly.
Photo by Isaac Torrontera
Client Communication
As with all things in your law office, if you use software to facilitate client communication, you must use reasonable care to protect their information. You can certainly use modern tools to make client communication easier, but research your options.
If you want to use email, make sure that you have the option to send secure, encrypted emails. If you want to use video calls with a web app, make sure it's secure.
One of the easiest ways to ensure that you can send and receive documents and information to and from your clients is to make use of a client portal.
If you want to use email, make sure that you have the option to send secure, encrypted emails. If you want to use video calls with a web app, make sure it's secure.
One of the easiest ways to ensure that you can send and receive documents and information to and from your clients is to make use of a client portal.
Photo by Maurits Verbiest
Questions?
Photo by matt hutchinson
Joyce Brafford
jbrafford@ncbar.org
Photo by Jeremy Brooks
