Everything You Need to Know About Virtual Law Platforms

A virtual law platform – or a law firm in the cloud – can change the way that firms go about providing excellent service to clients and keeping costs down internally. Here are the answers to some typical questions law firms have before making the change.

Migration time and effort: Not an issue

Ordinarily, migrating data from one technology to another takes a lot of time and energy. But, you don’t have to worry when it comes to moving data to the cloud.

Of course, the timeline depends on your data volume, but the process itself is usually a quick one – and it doesn’t require constant input and adjustment on your end.

Security: Data is locked up

Unless you work in a Fortune 100 law firm, it is unlikely your data security is flawless. And even if you have managed to achieve a secure environment, it probably takes a herculean effort with multiple IT consultants and/or firms working constantly to make sure nothing and no one breach your defenses. In other words, it’s a lot of work, and it costs a lot of money.

When you select a virtual law platform, such as Legal Workspace, you benefit from the kind of security those elite law firms offer, all at a fraction of the cost. Legal Workspace can offer high-level security at a reduced cost because of the scalability of its security systems.

Need to be HIPAA-compliant? That would be a major headache if you tried to do it yourself, but when you work with a company like Legal Workspace, you only need to request that security feature.

IT costs: Reduced

You may be patching up an old server, trying to put off the giant expense of a new one. Maybe you have a Microsoft Exchange 2010 server that’s coming to the end of its support lifetime – and you know you need to either invest in a new one or make a different choice.

Whatever your IT situation, your management team is likely a little bit annoyed by the way that IT spending can conflict with – and usually exceed – what’s in the budget. When you move your law firm to the cloud, suddenly IT costs become a lot more predictable and a lot less expensive.

Instead of shelling out upwards of $15,000 for a new server (and all of the additional costs that accompany such a complex project), maybe it’s time to consider using a virtual law platform with stable monthly fees as IT costs.

Workflows: Optimized

Let’s say you have everything figured out already when it comes to workflows, applications, and software you use to keep your law firm humming at peak efficiency. If you do, that’s great: Legal Workspace, or the virtual law platform of your choosing, can usually lift those working parts into the cloud. What worked before, works after.

But, if you could use a hand with improving workflows and need help finding solutions that work better, Legal Workspace’s team of experts can listen, advise, and tailor an environment that makes your law firm click. What didn’t work before, works after.

And that’s not all!

Basically everything stays the same or works better in the cloud. Convert that server closet or room into something more useful and relax. Many of the worries you experienced with on-site servers will no longer be an issue.

Migration? Not a huge time commitment. Security? Better than ever. IT costs? Stabilized and reduced. Workflows? Improved. A virtual law platform can make things easier, safer, and more efficient. Reach out today to learn more.

Data Breaches Cost More Than You Think

Recently 11.5 million documents containing confidential data were stolen from Mossack Fonseca, the world’s fourth-largest offshore law firm, and published online. Hackers gained access to one of the firm’s servers which allowed the hackers to steal valuable data and emails. All law firms collect and store a myriad of client and financial data making them attractive targets for cyber attackers.

High-value data including trade secrets, acquisitions and mergers and personal health information (PHI) can be leaked to the public or used maliciously. For example, a large law firm handling a merger might be targeted by someone who wants insider information in order to buy or sell stock. Not all cyber attacks target complex data — even basic client data can be targeted. For example, a small law firm might be handling a divorce and the other party works in IT and has the skills to discover what the representing attorney has planned.

While the hacking motives vary the consequences are consistently catastrophic for law firms. Data breaches erode the foundation of attorney-client privilege by exposing sensitive data solely entrusted to law firms. Therefore, securing and protecting privileged information is of the utmost importance.

How can you prevent a data breach?

Intrusion prevention and protection systems

Your network should have an intrusion prevention and detection system in place to monitor unusual server traffic. This system helps to identify and shut down hackers, who constantly search IP addresses looking for weaknesses. Two-factor authentication provides an extra layer of intrusion protection by requiring users to enter two forms of identification during the login process. This approach eliminates the chances that a hacker or computer program can log into a system remotely and randomly create passwords.


Law firms should look for enterprise grade firewalls to protect against malicious software and hackers. Some law firms use multiple firewalls to ensure that if one firewall fails, a backup is already in place.

Email Encryption

Hackers don’t observe attorney-client privilege, and the highest value target is a law firm’s email. Email is the easiest way for clients to send crucial documents and even medical records to attorneys. Email encryption protects data so only the sender and recipient can view email contents.

Internal and External Security Scans

Hackers are constantly evolving their techniques to circumnavigate existing security protocols to find vulnerabilities. Routine security scans are required to ensure data is constantly protected. Law firms that require ultra-security, for HIPAA or governmental compliance, must conduct internal and external security scans on an annual basis.

Data Backups

Off-site data storage is crucial in case all of the other security techniques fail or a natural disaster, theft or fire occurs. Data from ransomware attacks can be fully recovered using backup records, without paying a ransom fee to recover encrypted data.

Encryption, secure data centers, authentication protocols, intrusion monitoring: Complex IT considerations can make your head spin. Even if you have an IT department or person dedicated to managing those issues, it’s tough to stay on top of the latest threats when you’re focused on building your practice. Thankfully, you have options. Legal Workspace has extensive experience securing law firms from physical and cyber threats. We worry about security. You worry about practicing law.


9 Data Security Questions You Should Ask Your IT Provider

Wondering how secure your data is? Ask your Cloud, SaaS, or existing IT provider these nine questions to make sure it’s protected. Their answers could mean peace of mind—or they could mean that your future will hold a data breach, data loss, or a cumbersome recovery process after a disaster.

  1. Do you have an intrusion prevention/detection system?

An intrusion prevention or detection system senses strange traffic on your server. Hackers continually scan IP addresses, searching for vulnerabilities. An intrusion or detection system recognizes when they’re attempting to break in and cuts off their access.

Occasionally, a user can inadvertently mimic the signs that an intruder is attempting to break in. For example, someone might enter the wrong passcode into a Smartphone, and cause a glitch to occur where the phone tries repeatedly to log into the system. Does your provider have round-the-clock security staff to restore access in case something like that happens?

  1. Do you support two-factor authentication?

Two-factor authentication requires two components for an attorney to log in. This type of authentication makes it impossible for a person or an automated system to log in to a computer by remote and start guessing passwords.

Here’s one example of two-factor authentication: When a user logs in to his or her system, a mobile application confirms that the user is trying to log in. The user cannot log in to the system until the user has confirmed his/her identity on the mobile device.

  1. What government/industry security standards has your environment been tested for?

Any law firm with clients who store, transmit or access protected health information must be HIPAA-compliant. Depending on the sensitivity level of your data, your cloud, SaaS, or IT provider should maintain an environment that meets the security standards you need. It’s also necessary for any business that accepts credit card payments to be PCI-compliant.

  1. What type of firewall are you using?

The answer you should hear from your provider is: an enterprise-grade firewall that is routinely patched. An even better answer would be that the provider has more than one of those firewalls in place. That way, if one firewall fails, there’s another present to act as back-up.

  1. Are the employees who have access to my information data-certified? Do they have certification on security procedures?

This is an important question to have answered because who can access your data (and their level of experience and expertise) could mean the difference between mishandled information and security. Administrators that have access to clients’ data should have information security certifications, specialized training, and execute non-disclosure agreements.

  1. Do any third-party providers have access to your hosted environment?

Let’s say that there’s a problem with an application hosted on your environment. What protocol does your cloud, SaaS, or IT provider follow? Does it allow the application vendor onto the virtual server? If so, that gives a third party access to all of your data, which puts it at risk and violates the HIPAA standard.

  1. Does the cloud, SaaS, or IT provider support encryption of data on the server, including email?

Email is an often overlooked factor in data security. For it to be completely secure, it should be encrypted—even when it rests or is in transit. This is the most common security vulnerability because constructing the appropriate security measures is difficult for a typical IT department to do; it’s a complex process that requires a high level of expertise.

  1. Do you routinely perform internal and external security scans to seek vulnerabilities?

A provider might believe that they’ve set up a secure environment—but technology is constantly changing, which means that the ways in which intruders attack are constantly changing.

To make certain that your data is protected, your provider should be performing security scans regularly. These scans are required for both PCI and HIPAA compliance; to be HIPAA-compliant, both an internal and external security scan need to be performed at least once a year.

  1. Does your provider have a secondary site for data storage?

What happens if all of the redundancy fails and a major disaster strikes? If something, such as a theft or a fire, were to happen at your location, are your disc back-ups replicated offsite? Many organizations omit that step. And, even if you do store back-ups at a secondary location, is that location secure? Do only your provider’s employees have access to the data at that location—or can a third party access it as well?

If your data is replicated and secure, how long will it take you to get back up and running? It could be hours. It could be days.

Constant protection

Redundancy is built into every security measure at Legal Workspace. That means clients’ data is constantly being monitored and protected.

Legal Workspace’s HIPAA Compliant Edition (HCE) achieves the highest level of data security because it is both PCI- and HIPAA-compliant. Employees are all HIPAA-certified and have additional information security certifications. They’re the only people that have access to your data: third party vendors aren’t permitted to access Legal Workspace’s environment.

There’s no need for attorneys to be concerned about email vulnerability; Legal Workspace encrypts email in transit and in your inbox. And, clients’ data gets backed up to a second data center, which means that you could be back up and running within minutes in the aftermath of a disaster.

It’s very difficult for a small—or even a medium-sized—law firm to build a solution that answers all of these questions appropriately. . . working with an expert in data security and cloud services for law firms, like Legal Workspace, will give your law firm the highest level of security at a fraction of the cost to do it on-site. Keep your data secure and protected by making sure the best safeguards are in place.