Is Your Firm Prepared for the Unexpected?  

The world is unpredictable. Natural disasters, such as hurricanes and tornadoes, affect wide swaths of the United States. Hackers have become increasingly adept at penetrating security shields, resulting in devastating data breaches for large companies.

Under these circumstances, how can a law firm protect its data and maintain privilege?

Data storage and accessibility

 A natural disaster may occur, but when you work with an organization like Legal Workspace, your data will be able to weather the storm. Legal Workspace stores your data in geographically diverse data centers – making it highly unlikely that a single natural disaster will affect your data integrity.

Beyond that, Legal Workspace backs up its data regularly, storing two weeks’ worth of backups. That means that if some unthinkable catastrophe were to occur, your law firm could still be up and running, and your data would be intact.

Natural disasters can wreak havoc on property, and they often force location changes on attorneys and staff, too. Some people might not be able to make it into the physical workspace. Others may be stranded across the country for longer than expected due to overbooked flights and bad weather. That doesn’t mean that your firm has to close its doors until conditions improve. Because Legal Workspace’s cloud environment is accessible from any device and from any location, your staff and attorneys can conduct business as usual.

Security requirements

 Hackers are a real and formidable threat. But, Legal Workspace provides the kind of security that most small to mid-size law firms could only dream of building themselves. For more than 20 years, Legal Workspace has been safeguarding its clients’ data from current and emerging threats.

It keeps records in accordance with state bar requirements to ensure that there is no breach of attorney-client privilege. Legal Workspace has special knowledge in this arena because it was designed specifically for law firms.

Some of the advanced security measures that Legal Workspace keeps in place include advanced data encryption, firewalls with sophisticated detection systems, and limited physical access to servers. And, if a problem ever were to occur, staff is available to react instantly. Not only that, but Legal Workspace has redundancy built into every security measure, which means that its clients’ data is constantly being monitored and protected.

Legal Workspace even has a Health Insurance Portability and Accountability Act (HIPAA)-compliant version of its cloud environment. In other words, it can comply with the tightest security restrictions required. It has worked with law firms to meet special security mandates from financial institutions and government contractors, as well.

If the unthinkable happens…

Disaster preparedness isn’t only about building emergency kits. It has increasingly come to include data protection – and any day could constitute a disaster if a hacker were to infiltrate your law firm’s files.

Legal Workspace offers the most secure, highest-rated facilities and enterprise-grade safeguards for all data storage, so, in a world where hackers can attack or natural disaster might occur at any time, its clients can have peace of mind.

 

Should Responsible Law Firms Use Cloud Storage?

Protecting privilege is one reason law firms have been hesitant to adopt using the cloud for document storage and sharing. Fears of hacking or inadvertently providing access to privileged documents have kept many firms from embracing technology that could save them time and money.

Most tech-savvy law firms have taken precautions and put protocols in place to secure client documents and communications as they’ve upgraded to cloud sharing. However, some firms have been lax in their safeguarding procedures — which means their clients were left unprotected.

Unprotected file-sharing

 You’ve likely heard of file-sharing options such as Box, Google Docs, OneDrive or Dropbox. Free cloud storage options like these allow users to access documents from any device and to share files by creating custom URLs. They’re convenient, and — when used properly — can be a secure way to share information.

A problem arises when users take shortcuts or don’t take advantage of all of the security features available in cloud storage and sharing systems. That’s what happened with Harleysville Insurance Co. v. Holding Funeral Home. Harleysville’s counsel shared privileged information via Box, using its feature that creates direct links — and they didn’t password-protect the links. That meant that anyone who had access to the link could see the files. As a result, the defendant’s counsel was able to access this information.

A Virginia magistrate recently ruled that the plaintiff’s law firm’s actions “were the cyber-world equivalent of leaving its claims files on a bench in the public square and telling its counsel where they could find it.” In other words, its failure to password-protect and otherwise secure those files waived privilege.

Use the cloud safely

 This ruling doesn’t mean that law firms should discontinue cloud usage. Rather, it emphasizes the importance of putting security measures in place to block access and uphold attorney-client privilege.

Here are some ways to keep your data in the cloud secure:

1. Require log-ins (on both sides of the fence—attorneys and clients) to gain access to shared information.

2. Keep access contained. Only permit a select few team leads to share information with additional parties.

3. Some programs have a “notify when accessed” feature. Using this feature tells the content owners how and when the information has been accessed — so if there is unauthorized access, you’ll know about it right away.

4. Put an expiration date on the shared information. It’s better to re-share the information than to let it dwell on the internet in perpetuity.

Legal Workspace recommends that law firms use document management and file-sharing programs created specifically for law firms such as iManage, NetDocs, Citrix Sharefile and Egnyte. That way, you know the technology was created with attorney-client privilege in mind.

Legal Workspace provides a base package with its cloud environment service and encourages clients to customize their environments to incorporate legal applications to formalize their processes and take extra steps toward protecting attorney-client privilege.

The cloud can be a safe place. Document sharing over the cloud can be secure. Law firms simply need to understand how breaches can occur and take precautions to protect all parties using the cloud.

If you have any questions about safe cloud sharing, feel free to reach out to our legal app experts here.

 

Reclaim 69 Billable Hours This Year

Everyone gets spam emails. It’s a part of life, so you deal with it. But do you realize how much time your employees spend reviewing and deleting spam emails?

The average worker receives 121 emails per day, and nearly 50 percent of those emails are spam. It takes some time to differentiate spam from the real thing—about 16 seconds per email on average—which doesn’t seem like a whole lot of time until you start doing the math:

If your employees are anything like the average worker, your employees and attorneys spend 16 minutes each day, 80 minutes each week, 5.5 hours each month, and 69.3 hours each year managing spam email. That’s over one and a half 40-hour work weeks per year spent just dealing with spam.

Worrying about spam is a waste of time and money when your staff should be concentrating on more productive and strategic initiatives, such as workflow management, assisting clients and maximizing billable hours. Free or included spam tools, such as Microsoft 365’s spam filtering, are not advanced enough to unburden your employees and protect your network.

Not just wasted time: Spam can be dangerous

Law firms store trade secrets, protected health information (PHI), and other high-value data which makes them valuable targets for cyber criminals. Some junk emails might be easily identifiable as spam, but others are more nefarious. For example, hackers have become increasingly clever when it comes to email spoofing and phishing. Both email spoofing and phishing look very much like the real thing and attempt to fool recipients into either giving away their information or downloading hazardous software.

Ransomware can be another issue for law firms if employees and attorneys aren’t properly trained to recognize malicious emails. An employee might receive an email with a seemingly benign attachment and open it—only to unleash a Cryptolocker virus in your network. The virus systematically enters and locks files on the infected computer (including network files), and the user can only regain access by sending money to the hacker, who may or may not release the information. Spam has the potential to directly compromise attorney-client privilege.

Get those hours back

Implementing the right spam solution is imperative to reclaiming billable hours and securing your law firm’s network. Technology is now available with advanced features such as opening attachments in a “sand box” to check for malware before sending the attachments to the end user’s inbox.

The time, effort, and expense it takes to set up a system for reducing junk email offsets the time, effort, and expense individuals sink into managing it on their own—and you’ll spend a lot more time, effort, and expense if a user in your firm finds itself the victim of a malicious cyber-attack.

Legal Workspace regularly implements spam solutions and provides end-user training to improve law firm efficiency and protect firms from email threats. We are serious about protecting data in a world where hackers and spam purveyors continually invent new ways to penetrate defenses. Get serious about stopping spam, and reclaim those hours back.

Reach out to Legal Workspace to learn more about spam filtering options.

Everything You Need to Know About Cryptolocker & Ransomware

Cryptolocker Strikes

Buzzzzzzzz-That’s the sound of your alarm clock going off at 5AM, you have a big day ahead of you. You grab your phone, which moonlights as your alarm clock (among other things), and silence the alarm. With your phone in hand, you glance at your email — low and behold, there is the email from your client you’ve been waiting for! Quickly, your feet hit the floor, you move swiftly to your Keurig machine and brew up your morning cup while simultaneously powering on your laptop… Multitasking before 6am was not your plan, but you are very anxious to get logged in so you can open the attachment your client sent you.

Java in hand, shaking the sleep out of your eyes, you open your email, double click on that attachment you received, and you wait for it to open…. wait, why isn’t it opening? You double click it again and still nothing. Hmm, maybe the third time is the charm… double click and nothing. Frustrated, you decide to check the news and browse the web while you wait for your file to open. You open your browser and POW! What’s that noise? All of the sudden your computer is screaming at you and there is a message on your screen you have never seen before. Your computer is telling you it’s been infected with a virus meaning all of your files are locked and encrypted. To regain access to your files you need to call a strange international number and provide them with 5000 bitcoins (not dollars, yen, or pesos, but bitcoins– Bitcoins. What’s a bitcoin? Where do I get them?). Why is this happening to me? What on earth is going on?

What Is CryptoLocker and Ransomware?

You’ve just fallen victim to one of the most emerging cyber attacks on the planet. The email you thought was from your client was really a “spoofed” email address from a fraudster looking to make a quick buck off the innocent and unsuspecting professional. In technical terms, it’s called ransomware. The good news is, the story painted above did not actually happen to you, but it could.

Once considered a consumer problem, ransomware has morphed to target entire networks of computers at law firms and other businesses. These entities have more to lose than the average consumer making them prime targets for cyber crimes. According to the U.S. Department of Justice, ransomware attacks have QUADRUPLED this year compared to just one year ago, averaging about 4,000 a day. Typical ransomware payments range from $500 to $1,000, according to cyber-risk data firm Cyence Inc., but some hackers have demanded as much as $30,000. Every infection is unique and equally as painful to recover from.

How do you Prevent Cryptolocker and other Ransomware Attacks?

Now, you have to be wondering what you can do to prevent this happening to you and your entire practice….. The last thing you want to do is tell your largest client that all their matter files are corrupted, infected, and useless. The best thing you can do to prevent cyber attacks from happening to you is to invest in your technology, know what you’re up against, and train your employees. We recommend starting with the basics:

Anti-Virus Software- You have a myriad of choices when it comes to Anti-Virus software. Companies such as McAfee, Trend, and Symantec offer suitable small business products. These can help catch the majority of these infections before they begin.

Look before you click- When you receive an email with an attachment, look at the sender’s address to make sure it’s coming from their actual email address. Some spoofing attacks will use an email address that’s very similar to a legit one – chris@gmaiil.com instead of chris@gmail.com. It’s easy to overlook the extra letter in the domain name. If you question the email’s validity, check with the sender to ensure they sent it. If it came from someone you don’t know, or looks phishy (pun intended), delete the email immediately.

Augment your IT infrastructure to an IT Company- Spend your valuable time practicing law not figuring out IT. Companies, like Legal Workspace, spend the time, money, and effort to implement enterprise-level protection against online attacks. You’re in business to practice law, not understand and implement corporate IT solutions. Leave that to the experts.

I’m sure you’re glad this situation did not happen to you, and so are we. The cyber world is moving at a vigorous pace that can be hard to keep up with. Employ legal technology professionals to keep up with emerging threats and cover your bases for you. Practice law, not technology — leave your cybersecurity worries to us.

Data Breaches Cost More Than You Think

Recently 11.5 million documents containing confidential data were stolen from Mossack Fonseca, the world’s fourth-largest offshore law firm, and published online. Hackers gained access to one of the firm’s servers which allowed the hackers to steal valuable data and emails. All law firms collect and store a myriad of client and financial data making them attractive targets for cyber attackers.

High-value data including trade secrets, acquisitions and mergers and personal health information (PHI) can be leaked to the public or used maliciously. For example, a large law firm handling a merger might be targeted by someone who wants insider information in order to buy or sell stock. Not all cyber attacks target complex data — even basic client data can be targeted. For example, a small law firm might be handling a divorce and the other party works in IT and has the skills to discover what the representing attorney has planned.

While the hacking motives vary the consequences are consistently catastrophic for law firms. Data breaches erode the foundation of attorney-client privilege by exposing sensitive data solely entrusted to law firms. Therefore, securing and protecting privileged information is of the utmost importance.

How can you prevent a data breach?

Intrusion prevention and protection systems

Your network should have an intrusion prevention and detection system in place to monitor unusual server traffic. This system helps to identify and shut down hackers, who constantly search IP addresses looking for weaknesses. Two-factor authentication provides an extra layer of intrusion protection by requiring users to enter two forms of identification during the login process. This approach eliminates the chances that a hacker or computer program can log into a system remotely and randomly create passwords.

Firewalls

Law firms should look for enterprise grade firewalls to protect against malicious software and hackers. Some law firms use multiple firewalls to ensure that if one firewall fails, a backup is already in place.

Email Encryption

Hackers don’t observe attorney-client privilege, and the highest value target is a law firm’s email. Email is the easiest way for clients to send crucial documents and even medical records to attorneys. Email encryption protects data so only the sender and recipient can view email contents.

Internal and External Security Scans

Hackers are constantly evolving their techniques to circumnavigate existing security protocols to find vulnerabilities. Routine security scans are required to ensure data is constantly protected. Law firms that require ultra-security, for HIPAA or governmental compliance, must conduct internal and external security scans on an annual basis.

Data Backups

Off-site data storage is crucial in case all of the other security techniques fail or a natural disaster, theft or fire occurs. Data from ransomware attacks can be fully recovered using backup records, without paying a ransom fee to recover encrypted data.

Encryption, secure data centers, authentication protocols, intrusion monitoring: Complex IT considerations can make your head spin. Even if you have an IT department or person dedicated to managing those issues, it’s tough to stay on top of the latest threats when you’re focused on building your practice. Thankfully, you have options. Legal Workspace has extensive experience securing law firms from physical and cyber threats. We worry about security. You worry about practicing law.