|
||||||||||||||||||||||||||||||||||||||||||||
Work Smarter, Not Harder: June 2016 Newsletter
What’s Killing Your Law Firm’s Productivity?
According to LexisNexis, the majority of non-billable hours are spent on practice management or administrative tasks. Process and workflow automation is as important for law firms as it is for any industry. Although your “product” is not tangible, it is nevertheless measurable. The “commodity” produced by attorneys is knowledge. This knowledge is often in the form of advice given, agreements achieved and documents produced. However, the value of all of these is usually measured in time. Therefore, in order to remain competitive, maximize productivity and minimize costs, attorneys must manage proactively and strategically the production of the time commodity.
Time management is where case management software can be of great benefit and provide a significant return on investment.
What if you could:
— Ensure that you never miss a deadline?
— Generate documents (and find them later) with only a couple of easy steps?
— Create billing entries from any task (documents, calendar, notes, research, etc.) with just one button?
— Quickly turn those time entries into invoices that can be sent via email for faster payment?
— Find any document, file, note, message, etc. with one global search field?
— Access all items related to a case (calendar, documents, email messages, notes, contacts, etc.) from one window?
Practice Management Applications and Document Generation Software
One key to maximizing revenue is to maximize the number of billable hours, and reduce the amount of time spent on non-billable activities. Although some of your non-billable tasks may not be related to a case, such as practice management and administration, often time is spent on case-related actions for which you would not want to bill your client, such as searching for a document, email, or notes that may not be organized as well as they should be.
At a rate of $300/hour, 10 minutes spent searching for stealth information is $50 of billable time wasted. You can easily see how this wasted time, protracted out by several cases, can result in a significant decrease in productivity and, ultimately, profitability.
The good news is that Legal Case Management and Legal Accounting software can greatly reduce your number of non-billable hours as well as maximize your production of billable time. There are several systems available that will help you accomplish all of the goals listed above, and more.
For case management we recommend Amicus (for the smaller law firm) and Time Matters (for medium to large firms). Both programs offer comprehensive, efficient case management and legal document generation to help you work more efficiently and meet deadlines.
Billing and Accounting Software for Attorneys
If you’re working long hours to increase revenue and not seeing a return, it might be time to look into a legal billing application. Thankfully there are many time and billing software options for attorneys to ensure you’re capturing all of your billable time and easily generating invoices for individual cases or en masse.
For small firms, Tabs 3 and PCLaw are complete time, billing and accounting systems with functions to meet the unique needs of legal billing and accounting. PCLaw has the added (optional) benefit of a front office module which also handles case management functions. For large law firms, Juris provides the scalability, flexibility and reporting requirements unique to firms with multiple attorneys, a large support staff and complex billing requirements. These systems provide easy methods for capturing all of your billable time and easily generating invoices either on an individual basis, or en masse.
These apps will help you capture more hours, maximize revenue and control costs with fully integrated time entry, billing, payables, receivables and management reports.
Leveraging the Cloud
Most legal applications require dedicated space on your server. That’s where Legal Workspace comes in. Our clients find that maintaining their own server’s security, upgrades, repairs, support maintenance and uptime is time-consuming and costly. With Legal Workspace, we manage your server and IT needs so you can spend more time practicing law and less time worrying about server and IT maintenance.
Our secure legal cloud is the perfect environment to host your virtual law firm. Work from anywhere using any device to maximize efficiency while on-the-go.
Legal Workspace is a complete solution created exclusively for law firms.
— Full IT management and maintenance
— Enterprise-grade security to protect against online threats
— Access Legal Workspace from anywhere using any device
— Military grade data centers located in the US
— Easy and affordable scalability as your firm grows
— Host all of your legal and business applications, no on-site servers required
Download this blog post here.
Data Breaches Cost More Than You Think
Recently 11.5 million documents containing confidential data were stolen from Mossack Fonseca, the world’s fourth-largest offshore law firm, and published online. Hackers gained access to one of the firm’s servers which allowed the hackers to steal valuable data and emails. All law firms collect and store a myriad of client and financial data making them attractive targets for cyber attackers.
High-value data including trade secrets, acquisitions and mergers and personal health information (PHI) can be leaked to the public or used maliciously. For example, a large law firm handling a merger might be targeted by someone who wants insider information in order to buy or sell stock. Not all cyber attacks target complex data — even basic client data can be targeted. For example, a small law firm might be handling a divorce and the other party works in IT and has the skills to discover what the representing attorney has planned.
While the hacking motives vary the consequences are consistently catastrophic for law firms. Data breaches erode the foundation of attorney-client privilege by exposing sensitive data solely entrusted to law firms. Therefore, securing and protecting privileged information is of the utmost importance.
How can you prevent a data breach?
Intrusion prevention and protection systems
Your network should have an intrusion prevention and detection system in place to monitor unusual server traffic. This system helps to identify and shut down hackers, who constantly search IP addresses looking for weaknesses. Two-factor authentication provides an extra layer of intrusion protection by requiring users to enter two forms of identification during the login process. This approach eliminates the chances that a hacker or computer program can log into a system remotely and randomly create passwords.
Firewalls
Law firms should look for enterprise grade firewalls to protect against malicious software and hackers. Some law firms use multiple firewalls to ensure that if one firewall fails, a backup is already in place.
Email Encryption
Hackers don’t observe attorney-client privilege, and the highest value target is a law firm’s email. Email is the easiest way for clients to send crucial documents and even medical records to attorneys. Email encryption protects data so only the sender and recipient can view email contents.
Internal and External Security Scans
Hackers are constantly evolving their techniques to circumnavigate existing security protocols to find vulnerabilities. Routine security scans are required to ensure data is constantly protected. Law firms that require ultra-security, for HIPAA or governmental compliance, must conduct internal and external security scans on an annual basis.
Data Backups
Off-site data storage is crucial in case all of the other security techniques fail or a natural disaster, theft or fire occurs. Data from ransomware attacks can be fully recovered using backup records, without paying a ransom fee to recover encrypted data.
Encryption, secure data centers, authentication protocols, intrusion monitoring: Complex IT considerations can make your head spin. Even if you have an IT department or person dedicated to managing those issues, it’s tough to stay on top of the latest threats when you’re focused on building your practice. Thankfully, you have options. Legal Workspace has extensive experience securing law firms from physical and cyber threats. We worry about security. You worry about practicing law.
Owning Your Data in the Cloud
As many law firms are discovering, the cloud can be a wonderful business tool. With cloud services, lawyers on the go can access their data wherever they are, on their preferred devices. They aren’t tethered to the office or cumbersome physical servers.
Some sites even offer free storage, which may be conveniently tied to email or smartphones. Yet as tempting as iCloud, Google Drive, Dropbox, or other sites may be, lawyers need to do their research first before uploading their important, confidential, or privileged information to these types of free and low-cost services.
Many of these sites are geared toward consumers, not law firms. Such sites may lack key security provisions, and it may not be clear where the data resides or whether users surrender their ownership rights to information in that particular cloud.
When weighing whether to use a cloud provider for any type of information storage, lawyers have a responsibility to know where their data is, feel confident that it won’t be lost or stolen, and understand who truly owns it.
Who Owns the Data?
With free and low-cost services, lawyers might not even own their intellectual property after they upload it. Terms of ownership can vary across sites such as Google Drive, Dropbox, Apple’s iCloud, and Microsoft’s SkyDrive. Clicking “agree” to extremely long-winded service agreements and uploading data often means that users automatically abide by the provider’s terms. As Microsoft says on its Services Agreement page, “By using or accessing the Services, or by agreeing to these terms where the option is made available to you in the user interface, you agree to abide by this Agreement without modification by you. If you don’t agree, you may not use the Services.”
These “free” services may not cost money, but that doesn’t mean they are truly free. Consider that Google sells ads based on the data it collects, which means someone at the company is looking at the data.
Many of these sites also retain the right to determine whether data is offensive or violates copyright or intellectual property law. For example, Apple reserves the right to delete any information in iCloud that it finds objectionable.
According to Apple’s service terms: “However, Apple reserves the right at all times to determine whether Content is appropriate and in compliance with this Agreement, and may pre-screen, move, refuse, modify and/or remove Content at any time, without prior notice and in its sole discretion, if such Content is found to be in violation of this Agreement or is otherwise objectionable.”
How Secure is the Data?
Data breaches are becoming a distressingly common occurrence. When hackers can penetrate the online defenses of highly sophisticated companies and publicize their most sensitive business information, lawyers should rightfully worry about the security of consumer-grade storage. If users have questions about security features and approaches, it may be difficult to even find someone at the provider’s organization who can answer questions thoroughly and knowledgeably.
These types of storage approaches are often associated with emails that require few log-in steps. If a user has her Gmail account stored on her smartphone and accidently loses it, whoever finds the phone may have an easy time accessing all the files connected to the cloud through that email address.
Where is the Data?
With something called the “cloud,” users should not be surprised that data can be located anywhere. Google alone operates data centers in South Carolina, Iowa, Georgia, Oklahoma, North Carolina, Oregon, Chile, Taiwan, Singapore, Finland, Belgium, Ireland, and the Netherlands. If lawyers need to find their data quickly, it may be far more time-consuming than they initially expect. If the information resides in countries with different privacy laws than the United States, lawyers may also find themselves with cross-border jurisdictional headaches.
Finding the Right Cloud Provider
While free or cheap cloud providers may seem like a bargain in the short term, they can be very costly in the long run if data is left vulnerable or lawyers have unwittingly surrendered their ownership rights to their own information. Law firms would be better off paying a little more for legal-specific cloud providers to get the security and peace of mind they need.
When looking at different cloud providers, there are several things to consider.
Thorough Security Protocols. While free and low-cost services certainly try to keep data secure, it may be difficult for lawyers, or any user, to find out exactly what protocols, firewalls, and operating systems are in place to protect information. When weighing whether to use a cloud provider for any type of information storage, lawyers have a responsibility to know where their data is, feel confident that it won’t be lost or stolen, and understand who truly owns it.
It may also be difficult for users to find out which employees have physical and virtual access to their data and what background checks have been performed on those employees.
Legal-specific Software and Infrastructure. While many of these cloud services are easy to use, they may not integrate well with the other tools and software the firm uses. This means that data may be difficult to access and merge with the other technology.
Trained and Vetted Staff. When lawyers using free cloud storage have questions, they may not know who to contact for information. It may also be difficult to determine the level of training and expertise of those they do speak with. If a lawyer has trouble getting data in the cloud, finding someone who can help could be a serious issue. There may also be little recourse if the data cannot be recovered.
Conclusion
“Free” doesn’t always equate to inexpensive. Lawyers looking for cloud storage options should be willing to pay a little more for enterprise-grade, legal-specific data storage. Otherwise, they may find out too late that they don’t truly own their data or that someone else has taken it.
Legal Workspace Poll Shows Law Firms Lacking in Cybersecurity and HIPAA Compliance Standards
Many law firms lack critical security measures that help ensure HIPAA compliance, according to a new poll from Legal Workspace, a leading provider of cloud-based work environments designed specifically for law firms.
The poll, conducted from November 2015 through January 2016, shows that only 13 percent of the 240 law firms had key technology and processes in place to support HIPAA compliance and provide secure environments. This includes items such as executed business associate agreements, email encryption, keeping and reviewing access logs and intrusion detection systems.
The poll targeted attorneys in law firms with practices that would most often fall under HIPAA regulations, including health care, elder law, insurance defense, insurance coverage, medical malpractice, personal injury and products liability.
Under the Health Insurance Portability and Accountability Act of 1996, the Omnibus Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH), lawyers qualify as business associates if they handle any work that involves “protected health information” for covered entities under HIPAA. PHI includes items such as medical history or records, laboratory results and insurance information. The designation of business associate carries a whole host of obligations and compliance measures as well as serious penalties for failing to meet those standards.
“Clearly, the level of security currently enacted by these law firms must be elevated in order to protect each law firm from noncompliance and its clients’ valuable medical information,” said Joe Kelly, founder and CEO of Legal Workspace.
Vendor Roles in HIPAA Compliance
A majority of the polled law firms indicated that they had fundamental security processes in place with vendors to support HIPAA compliance.
Sixty percent indicated that they had executed business associate agreements with all vendors that have access to their systems. Fifty-eight percent said that their off-site backup providers follow HIPAA guidelines including instituting strong processes and technology around training, documentation and access to PHI.
“The vendor role in HIPAA compliance is an often overlooked area of concern from a security point of view. Does the technician troubleshooting your practice management solution have a signed business associate agreement with your firm? Does he/she have the correct training to ensure that HIPAA-related data is safely and appropriately accessed? These questions must be asked in order to ensure that all vendor access is HIPAA compliant,” commented Joe Kelly.
Reviewing and Controlling Access to PHI
While law firms are aware of the need to control access to PHI, only 48 percent of the 240 respondents said that they maintain and review logs of all personnel who access PHI. Slightly less than that – 46 percent – said that they maintain and review logs of PHI on remote devices to ensure the devices are properly erased or destroyed when no longer needed. That means more than half of the law firms polled are not taking a critical step in PHI security and could be in violation of HIPAA.
“Creating, maintaining and reviewing logs are fundamental steps in monitoring ongoing HIPAA compliance. Difficulties arise with the amount of data available and the numerous ways attorneys can access that data, including via remote devices such as laptops, tablets or phones. All vulnerabilities must be addressed – especially on the mobile front – if law firms want to ensure continued compliance,” said Kelly.
Need to Enhance Cybersecurity
Less than half of the polled law firms have adopted key technologies that support an enhanced level of cybersecurity. Forty-five percent said that they have set up encryption for all email including the email server, while the remaining 55 percent said that they have not set it up or are not aware if it is set up. Likewise, 39 percent said they have implemented two-factor authentication, and 45 percent have an infrastructure that includes intrusion detection systems. However, this means a majority of the law firms polled may be lacking these elements that support a heightened level of cybersecurity.
“The technology normally associated with HIPAA compliance can often be viewed as a burden by law firms when it comes to research, budget and execution. The easiest path to HIPAA compliance from a technology perspective is often to work with providers that offer technology that meets HIPAA standards,” shared Kelly.
Legal Workspace will exhibit in booth number 423 during Legaltech New York, February 2-4. The media and attendees are invited to visit the booth for a demonstration of the Legal Workspace HIPAA Compliant Edition. The solution, the latest addition to the company’s product line which includes its secure standard edition, allows small and medium law firms considered business associates by the HIPAA Omnibus Final Rule to meet the necessary security regulations by offering a HIPAA Business Associate Agreement.
Q4 Newsletter: The Latest from Your Law Office in the Cloud
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Legal Workspace Ranks as Leading Solution for Practice Management in the Cloud
Legal Workspace, a leading provider of cloud-based work environments designed specifically for law firms, today announced that it has been voted as a “Best Practice Management in the Cloud” solution in the Texas Lawyer Business Department’s “Texas’ Best 2015.”
The poll, in its sixth year, calculates the votes of hundreds of lawyers as they select the best of legal service and technology providers.
“It is truly an honor to be recognized as a preferred cloud-based legal technology solution,” said Joe Kelly, founder and CEO of Legal Workspace. “Law firms interested in adding efficiency and stronger security are increasingly moving to the cloud. Our experience with office and legal-specific software enables lawyers to easily log in to their cloud-based desktop and have every solution they need to operate efficiently and productively.”
“Legal Workspace was exactly what we were looking for,” said Randall Doctor, founder of the Doctor Law Group. “All we had to do was select the software we wanted and Legal Workspace handled everything from there.”
In addition to partnering with leading legal software providers, Legal Workspace also recently announced the launch of the Legal Workspace HIPAA Compliant Edition. The solution enables law firms considered business associates by the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule to meet the necessary security regulations by offering an HIPAA Business Associate Agreement.
Visit the Texas’ Best 2015 report to view the complete results.
9 Data Security Questions You Should Ask Your IT Provider
Wondering how secure your data is? Ask your Cloud, SaaS, or existing IT provider these nine questions to make sure it’s protected. Their answers could mean peace of mind—or they could mean that your future will hold a data breach, data loss, or a cumbersome recovery process after a disaster.
-
Do you have an intrusion prevention/detection system?
An intrusion prevention or detection system senses strange traffic on your server. Hackers continually scan IP addresses, searching for vulnerabilities. An intrusion or detection system recognizes when they’re attempting to break in and cuts off their access.
Occasionally, a user can inadvertently mimic the signs that an intruder is attempting to break in. For example, someone might enter the wrong passcode into a Smartphone, and cause a glitch to occur where the phone tries repeatedly to log into the system. Does your provider have round-the-clock security staff to restore access in case something like that happens?
-
Do you support two-factor authentication?
Two-factor authentication requires two components for an attorney to log in. This type of authentication makes it impossible for a person or an automated system to log in to a computer by remote and start guessing passwords.
Here’s one example of two-factor authentication: When a user logs in to his or her system, a mobile application confirms that the user is trying to log in. The user cannot log in to the system until the user has confirmed his/her identity on the mobile device.
-
What government/industry security standards has your environment been tested for?
Any law firm with clients who store, transmit or access protected health information must be HIPAA-compliant. Depending on the sensitivity level of your data, your cloud, SaaS, or IT provider should maintain an environment that meets the security standards you need. It’s also necessary for any business that accepts credit card payments to be PCI-compliant.
-
What type of firewall are you using?
The answer you should hear from your provider is: an enterprise-grade firewall that is routinely patched. An even better answer would be that the provider has more than one of those firewalls in place. That way, if one firewall fails, there’s another present to act as back-up.
-
Are the employees who have access to my information data-certified? Do they have certification on security procedures?
This is an important question to have answered because who can access your data (and their level of experience and expertise) could mean the difference between mishandled information and security. Administrators that have access to clients’ data should have information security certifications, specialized training, and execute non-disclosure agreements.
-
Do any third-party providers have access to your hosted environment?
Let’s say that there’s a problem with an application hosted on your environment. What protocol does your cloud, SaaS, or IT provider follow? Does it allow the application vendor onto the virtual server? If so, that gives a third party access to all of your data, which puts it at risk and violates the HIPAA standard.
-
Does the cloud, SaaS, or IT provider support encryption of data on the server, including email?
Email is an often overlooked factor in data security. For it to be completely secure, it should be encrypted—even when it rests or is in transit. This is the most common security vulnerability because constructing the appropriate security measures is difficult for a typical IT department to do; it’s a complex process that requires a high level of expertise.
-
Do you routinely perform internal and external security scans to seek vulnerabilities?
A provider might believe that they’ve set up a secure environment—but technology is constantly changing, which means that the ways in which intruders attack are constantly changing.
To make certain that your data is protected, your provider should be performing security scans regularly. These scans are required for both PCI and HIPAA compliance; to be HIPAA-compliant, both an internal and external security scan need to be performed at least once a year.
-
Does your provider have a secondary site for data storage?
What happens if all of the redundancy fails and a major disaster strikes? If something, such as a theft or a fire, were to happen at your location, are your disc back-ups replicated offsite? Many organizations omit that step. And, even if you do store back-ups at a secondary location, is that location secure? Do only your provider’s employees have access to the data at that location—or can a third party access it as well?
If your data is replicated and secure, how long will it take you to get back up and running? It could be hours. It could be days.
Constant protection
Redundancy is built into every security measure at Legal Workspace. That means clients’ data is constantly being monitored and protected.
Legal Workspace’s HIPAA Compliant Edition (HCE) achieves the highest level of data security because it is both PCI- and HIPAA-compliant. Employees are all HIPAA-certified and have additional information security certifications. They’re the only people that have access to your data: third party vendors aren’t permitted to access Legal Workspace’s environment.
There’s no need for attorneys to be concerned about email vulnerability; Legal Workspace encrypts email in transit and in your inbox. And, clients’ data gets backed up to a second data center, which means that you could be back up and running within minutes in the aftermath of a disaster.
It’s very difficult for a small—or even a medium-sized—law firm to build a solution that answers all of these questions appropriately. . . working with an expert in data security and cloud services for law firms, like Legal Workspace, will give your law firm the highest level of security at a fraction of the cost to do it on-site. Keep your data secure and protected by making sure the best safeguards are in place.
Colorado Legal Tech Expo
This years Colorado Legal and Technology Expo was held at the Warwick Hotel on August 21st. The expo featured the latest in technology innovations and Legal Workspace was a presenting sponsor featuring a presentation on security and the cloud. Our team was also there exhibiting and providing information on cloud services for law firms. We want to thank all the attendees who stopped by our booth and attended the presentation.
To recap our presentation, we covered multiple factors to consider when choosing a local or private cloud, but the main focus was security. One of the biggest threats to a law practice is the lack of understanding where the risks exist and not knowing the right technology to use to protect your firm. Having the right security measurements implemented is especially important for HIPAA compliant hosting. By utilizing proper legal IT cloud expertise your firm can ensure data security and compliance is in place, resulting in increased productivity, profitability and more billable hours.
Legal & Technology Expo – Denver
Joe Kelly, Founder and CEO of Legal Workspace, to Speak at the 2015 Colorado Legal and Technology Expo
Legal Workspace, a leading provider of cloud-based work environments designed specifically for law firms, today announced that its founder and CEO Joe Kelly will be a featured presenter at the Colorado Legal and Technology Expo in Denver, Colo., on Aug. 21.
The expo, presented by the Colorado Bar Association, shares the latest in trends, legal services and technology that can help attorneys improve their law firms’ efficiencies. A resource for solos, small firms, larger firms, and legal departments, it provides hands-on practical information that can result in an increase in billings, greater operational flexibility and cost savings. The program also offers CLE presentations on key technology topics presented by leading attorneys who live and breathe technology in their practice.
Kelly’s presentation, scheduled for Aug. 21 at 3 p.m. MT, will focus on the convergence of the cloud and security. He will discuss how the expectations are changing for attorneys when it comes to keeping their clients’ data confidential. This includes explaining key security concepts such as physical and technical security, disaster recovery, firewalls, Intrusion Detection and Prevention systems, compliance, encryption and more.
What: Cloud and security presentation by Joe Kelly at the Colorado Legal and Technology Expo
When: Aug. 21, 2015
Time: 3-3:30 p.m. MT
Where: Warwick Hotel, 1776 Grant Street, Denver, CO 80203
RSVP: