Server or Cloud? A law firm deliberates

We get many calls every week from law firms that are debating between the cloud and maintaining local IT resources. Yesterday, we received a call that a law firm is losing productivity because of unexpected server downtime. Concerns about data loss overwhelm the managing partners. What if the server fails?

The law firm is being proactive and looking into solutions. One option is working with their IT vendor, which wants to upgrade their server hardware. But the estimate for that project is prohibitive: $15,000 for server hardware and 40 hours of work at $175 ($7,000). On top of that, they can expect the usual costs for network upkeep that come from quarterly updates, 6 hours of work every quarter ($4,200 annually), and monthly maintenance, four hours of work each month ($8,400 annually).

The managing partners wonder: What if there’s another way to protect our data and reliably keep our firm up and running? Is there a more sustainable option to stabilize costs and eliminate downtime?

There is.

It’s the cloud.

An instant productivity boost

The law firm has an IT administrator on staff who deals with server downtime and other day-to-day tech issues. From his arrival to his departure at the office, he spends every day running around troubleshooting. What would his day look like without the hassle of damage control? He could spend his time evaluating new technology, customizing legal applications, and training new employees — all in the service of maximizing billable hours.

Other, smaller firms have a slightly different IT problem: Attorneys and staff members have to figure out what to do when technology fails. Imagine that problem disappearing. They could get back to focusing on revenue-generating activities.

Were the law firm to migrate to a cloud environment, such as Legal Workspace, the IT administrator, attorneys, and staff members could reclaim their time. Legal Workspace’s data centers have a history of more than 14 years of 100% continuous uptime.

Wasted time eliminated.

More than convenience: Safety

That concern the managing partners have about data loss if the server fails? It’s a real problem that could occur whenever you use an onsite server. Cloud solutions such as Legal Workspace have geographically redundant data centers that render data safer in the cloud than it could ever be on an onsite server. Here’s a video that illustrates the difference between server and cloud security. Legal Workspace has advanced security measures in place, such as:

• Limited physical access to servers
• Staff that’s available to react if a problem occurs
• Firewalls with sophisticated detection system
• Advanced data encryption

Using a solution like Legal Workspace also allows law firms to provide the tightest security available to their clients. For example, a firm that works with healthcare providers will need to be HIPAA compliant. Legal Workspace has a HIPAA-compliant version of its cloud environment and will even sign a business associate agreement. Other special security mandates from financial institutions and government contractors are easy for a solution such as Legal Workspace to meet and exceed.

Security concerns eliminated.

What choice would you make?

What choice do you think the law firm made? Did they plunk down $21,000+ and upgrade their onsite server, or did they jump at the chance to advance both productivity and security by switching to a cloud environment? Did they decide to eliminate downtime and stabilize costs?

The choice seems pretty clear.

Win Outside Counsel for an Insurance Giant

Winning Large Clients

When your firm handles insurance defense, you receive, send, and store highly sensitive materials. Wise law firms understand that security and compliance are critical because of the growing threat to cybersecurity. Without the proper safeguards in place, you put clients’ information at risk and jeopardize your reputation. And large insurance companies simply won’t hire you if you don’t apply the right controls and protocols to keep their data safe.

They’re right to be cautious: 80% of the largest 100 law firms have been hacked since 2011, according to the American Bar Association in 2015. Law firms are a prime target for hackers because they store large amounts of high-value, confidential data. In The Security Vulnerabilities Law Firm Hacks Create for Corporations,” which appeared in Inside Counsel in June of this year, Amanda Ciccatelli writes, “IT capability is often viewed as an administrative function, not an integrated business capability, and as a result, information security has suffered.”

The rewards of working with large corporate clients are sizeable. To get your foot in the door, you need to be aware of vulnerabilities, be able to bolster security, and meet insurance companies’ compliance requirements.

What You Can Do to Win Outside Counsel

There are ways to determine what holes you have in your security controls and how to patch them. You should, for example:

Protect and back up data and plan for recovery.

Data encryption, dual-authentication, administrative policies, firewalls, and intrusion detection systems can help protect data. Secure off-site back-ups are another key component to data security. If a breach still occurs, know how you’ll respond—and how quickly you can be back up and running. The American Bar Association article, Facing the Cybersecurity Threat to Your Firm, experts say that “[a]dvance planning is critical for effectively responding to a data breach, and that includes an incident response plan.”

Perform a tech review and assessment.

Since new cyberthreats emerge regularly, you should routinely assess and patch your vulnerabilities. Pay attention to audit logs, so you know who accesses what files and can see if something unusual happens.

Understand what devices attorneys and other staff use to work.

Are they using their personal Smartphones and laptops to work outside the office? Are they carrying client information on flash drives? What kinds of safeguards are in place on those devices?

Control access to information.

If an attorney isn’t working on a particular case, there’s no reason for him/her to have access to it. This precaution isn’t about attorney ethics—client confidentiality is paramount to lawyers. Rather, it’s about decreasing the number of ways that hackers can access information. Train employees and attorneys to follow security protocols. As Chris Pogue, CISO of Nuix Solutions writes, “Protecting your information is a battle that is fought by every member of your organization, from the most senior partner to the newest intern, who has access to any data of value.”

These recommendations can be used by law firms looking to increase security in order to be more attractive to any large corporation, but there are also “insurance-specific uses of technology, internal and external research capabilities, and client support databases that should be a part of a law firm’s technology resources,” according to an article written by Bob Dolinsky, CIO of Sutherland Asbill & Brennan.

Crafting a strategy and executing its steps may seem like expensive, time-consuming, and technical work. But it all depends on the avenue you take. Working with an IT firm on a project like this can end up costing tens of thousands of dollars, and the process can last months.

Faster and Less Expensive Solution

Legal Workspace can take a project like this off your hands and deliver it more quickly than you might expect. Depending on the size of your firm, it could take only a week for Legal Workspace to perform a cybersecurity audit and apply the appropriate controls for compliance with large insurance companies’ standards and with government regulations.

And, if you’re considering getting into the insurance defense game, but you’re concerned about the upfront costs of upgrading your IT to handle compliance requirements, Legal Workspace’s fees are only a fraction of the cost of working with an IT firm.

The other upshot of selecting Legal Workspace to help you get compliant is that as new threats emerge and security standards evolve, you don’t need to worry about shelling out more money: Maintenance and updates are automatically included.

There are usually a lot of hurdles a law firm has to jump in order to win the business of a large insurance company. The security and compliance hurdle doesn’t have to be the most difficult and expensive one to clear.

 

 

Everything You Need to Know About Cryptolocker & Ransomware

Cryptolocker Strikes

Buzzzzzzzz-That’s the sound of your alarm clock going off at 5AM, you have a big day ahead of you. You grab your phone, which moonlights as your alarm clock (among other things), and silence the alarm. With your phone in hand, you glance at your email — low and behold, there is the email from your client you’ve been waiting for! Quickly, your feet hit the floor, you move swiftly to your Keurig machine and brew up your morning cup while simultaneously powering on your laptop… Multitasking before 6am was not your plan, but you are very anxious to get logged in so you can open the attachment your client sent you.

Java in hand, shaking the sleep out of your eyes, you open your email, double click on that attachment you received, and you wait for it to open…. wait, why isn’t it opening? You double click it again and still nothing. Hmm, maybe the third time is the charm… double click and nothing. Frustrated, you decide to check the news and browse the web while you wait for your file to open. You open your browser and POW! What’s that noise? All of the sudden your computer is screaming at you and there is a message on your screen you have never seen before. Your computer is telling you it’s been infected with a virus meaning all of your files are locked and encrypted. To regain access to your files you need to call a strange international number and provide them with 5000 bitcoins (not dollars, yen, or pesos, but bitcoins– Bitcoins. What’s a bitcoin? Where do I get them?). Why is this happening to me? What on earth is going on?

What Is CryptoLocker and Ransomware?

You’ve just fallen victim to one of the most emerging cyber attacks on the planet. The email you thought was from your client was really a “spoofed” email address from a fraudster looking to make a quick buck off the innocent and unsuspecting professional. In technical terms, it’s called ransomware. The good news is, the story painted above did not actually happen to you, but it could.

Once considered a consumer problem, ransomware has morphed to target entire networks of computers at law firms and other businesses. These entities have more to lose than the average consumer making them prime targets for cyber crimes. According to the U.S. Department of Justice, ransomware attacks have QUADRUPLED this year compared to just one year ago, averaging about 4,000 a day. Typical ransomware payments range from $500 to $1,000, according to cyber-risk data firm Cyence Inc., but some hackers have demanded as much as $30,000. Every infection is unique and equally as painful to recover from.

How do you Prevent Cryptolocker and other Ransomware Attacks?

Now, you have to be wondering what you can do to prevent this happening to you and your entire practice….. The last thing you want to do is tell your largest client that all their matter files are corrupted, infected, and useless. The best thing you can do to prevent cyber attacks from happening to you is to invest in your technology, know what you’re up against, and train your employees. We recommend starting with the basics:

Anti-Virus Software- You have a myriad of choices when it comes to Anti-Virus software. Companies such as McAfee, Trend, and Symantec offer suitable small business products. These can help catch the majority of these infections before they begin.

Look before you click- When you receive an email with an attachment, look at the sender’s address to make sure it’s coming from their actual email address. Some spoofing attacks will use an email address that’s very similar to a legit one – chris@gmaiil.com instead of chris@gmail.com. It’s easy to overlook the extra letter in the domain name. If you question the email’s validity, check with the sender to ensure they sent it. If it came from someone you don’t know, or looks phishy (pun intended), delete the email immediately.

Augment your IT infrastructure to an IT Company- Spend your valuable time practicing law not figuring out IT. Companies, like Legal Workspace, spend the time, money, and effort to implement enterprise-level protection against online attacks. You’re in business to practice law, not understand and implement corporate IT solutions. Leave that to the experts.

I’m sure you’re glad this situation did not happen to you, and so are we. The cyber world is moving at a vigorous pace that can be hard to keep up with. Employ legal technology professionals to keep up with emerging threats and cover your bases for you. Practice law, not technology — leave your cybersecurity worries to us.

10 Technology Mistakes Lawyers Make Every Day

An email arrives from an address you don’t recognize with an attachment that is marked “important.” Since it may be something urgent from a current or prospective client, you decide to open it. However, with a quick click, you could inadvertently download a virus that could hijack every file on your firm’s server.

Security is just one of the technology challenges that law firms face every day, and the threats are constantly evolving. Nearly 60% of the respondents to the International Legal Technology Association 2015 Legal Technology Purchasing Survey listed security management as their top IT challenge. That was followed by email management at 48%, information governance at 40% and risk management/compliance 33%. BYOD, cloud-related security risks and change management were all tied at 22%.

Additionally, Bloomberg reported last year that at least 80 of the largest U.S. firms by revenue have been hacked since 2011.

Lawyers need to understand how even simple errors can compromise their firms, their clients and even their livelihoods. By educating attorneys and staff alike, law firms can keep their data—and their reputations—intact and avoid the top-10 mistakes that occur at firms every day.

Clicking On Attachments From Unknown Senders

While attorneys strive to be responsive, being too quick to open every email can lead to serious consequences. This is the most common way law firms find themselves infected with viruses such as Cryptolocker. According to a report by the Wall Street Journal, more hackers will use malware to hold organizations’ data hostage in 2016 than in 2015—and there were more than 4 million samples of ransom-ware in the second quarter of 2015 alone.

Prior to opening an email, check the email address to find out if you recognize the sender and if it is his or her correct information. Also check the subject line and body to help identify any red flags such as typos, inconsistent information or requests for access to personal or financial data. Most importantly, be sure you have robust virus protection installed that can scan attachments and warn you before you hit open.

Storing Unencrypted Client Data On A Laptop Or Mobile Device

Laptops, tablets and phones are prime targets for thieves. They contain almost anything a thief needs to harm your practice–client files, financial information, passwords and personal data. Thieves can auction off the information, use it themselves or can simply sell the device–putting your firm at risk from other unauthorized individuals.

The portable nature of laptops and mobile devices means that they are often in areas that are at a high-risk of theft–cars, restaurants, hotel rooms or subways–when compared to office-bound PCs.

In short, laptops and mobile devices are easy targets. You should avoid storing information on these devices. Instead, opt to store information in the cloud, which offers an elevated level of security including two-factor authentication, intrusion detection systems and encryption. That way, if your laptop or mobile device is stolen, they may have the hardware but not the data.

Failing To Invest In High-Quality Internet

When a new DSL provider offers a cheaper rate for internet access, it may be tempting to sign up. Cheaper isn’t always better. That is especially true now that so much data is moving to the cloud. Good quality bandwidth, such as fiber through an internet provider, will always pay off when it comes to staff productivity by eliminating connectivity issues with apps, voice calls and more.

Investing In New Systems Without Considering Security

Clients expect you to provide stellar, seamless service. But they also demand that their data stays secure every step of the way. If your systems do not include top-notch security features, the odds are high that your firm will have to rip it out and start all over again.

This can be a challenge for most lawyers, as security standards and threats are constantly evolving. For example, imagine that you implement an online solution that uses an out-of-the-box firewall. When one of your clients conducts an audit and discovers how basic your security is, they may demand that you install a new software program with enhanced security that includes intrusion detection systems, full-disc encryption and two-factor authentication.

If they do not have a security expert on staff, law firms should consider partnering with a business or consultant that specializes in protecting electronic systems and information. These experts, who are dedicated to staying abreast of technology and its threats, can ensure the highest level of protection for your operations.

Listening To “Bob From Microsoft”

Lawyers are now well aware of cyber threats and are exploring proactive ways to protect themselves. Hackers are now taking advantage of that.

The con starts with this: Someone from a tech support company may call your direct line claiming to have noticed a virus on your computer. When he or she offers to do a screen connect to fix it, you accept their help. But allowing an unverified technologist to remote into your computer is a huge mistake.

No one is ever going to call you out of the blue to fix your computer, no matter how knowledgeable they sound. If you do not recognize the person or the company, you shouldn’t let them anywhere near your computer.

Falling Prey To Proprietary Data Storage

There are hundreds of legal software applications to help you manage your firm. Sometimes trouble arises when law firms outgrow their current software and need to upgrade to an entirely new system. Different software applications format data differently (and oftentimes they have a proprietary format for doing this), which makes extracting or transferring that data out or to another program difficult.

Skimping On Training

At a time when technology plays such a large role in the success of law firms, cutting back on training to save a few dollars can cause extensive harm. Chances are that if a lawyer or a staff member doesn’t understand how programs or apps work, they will either resist using it or won’t be able to take full advantage of all of its features.

It’s like giving someone who has never driven the keys to a race car.

Take the time to fully acquaint all lawyers and staff with new solutions. Have trainers or providers explain how the solutions work, what they offer and how to leverage them in day-to-day tasks.

Handling Your Own Tech Challenges

While some attorneys shy away from technology, others embrace it. You may think you can hire one-off vendors to manage your technology infrastructure and services, but that is usually a short-sighted approach. In the long term, you will probably lose time and money and heighten your security risks. Just think of the lost billable hours, headaches and frustration that happen when you have to call your managed support provider (MSP), explain your tech troubles, and manage their timeline and budget. Choosing the right IT provider that specializes in law firms, cyber security and legal software can make all the difference. When you hand off IT to the true experts, they can handle your technology issues easily and correctly the first time.

Choosing Solutions Based On Cost, Not Effectiveness

The cheapest solution is not always the one that pays off. Your firm needs to take the time to understand the features of new technology and how your attorneys and staff will use it. Only then can you thoroughly weigh the pros and cons of each new tool. For example, many firms use non-legal-specific software for bookkeeping. It may be cheap, but a good billing and accounting software program designed for law firms is a better choice since it can accommodate specific issues firms face when tracking timekeepers’ hours.

Not Taking A Holistic Approach To Technology

When selecting different technology tools and systems, you must consider the needs of everyone, including attorneys, staff and clients. Only then can you select tools that will help meet everyone’s goals. That means you, or any other individual attorney, may not be the best person to make decisions on new software purchases.

You should work with experts who are familiar with many different types of software and know how to line up a firm’s needs and goals. Experts can bring a completely different, and more encompassing, point of view to the technology selection process as well as a keen eye for helpful and powerful integrations.

In today’s world, it’s impossible to avoid incorporating technology throughout the practice. Clients won’t accept that approach, and younger attorneys wouldn’t want to. By avoiding a few common mistakes, you can make technology work to your advantage, not let it hamper or harm your practice.

Data Breaches Cost More Than You Think

Recently 11.5 million documents containing confidential data were stolen from Mossack Fonseca, the world’s fourth-largest offshore law firm, and published online. Hackers gained access to one of the firm’s servers which allowed the hackers to steal valuable data and emails. All law firms collect and store a myriad of client and financial data making them attractive targets for cyber attackers.

High-value data including trade secrets, acquisitions and mergers and personal health information (PHI) can be leaked to the public or used maliciously. For example, a large law firm handling a merger might be targeted by someone who wants insider information in order to buy or sell stock. Not all cyber attacks target complex data — even basic client data can be targeted. For example, a small law firm might be handling a divorce and the other party works in IT and has the skills to discover what the representing attorney has planned.

While the hacking motives vary the consequences are consistently catastrophic for law firms. Data breaches erode the foundation of attorney-client privilege by exposing sensitive data solely entrusted to law firms. Therefore, securing and protecting privileged information is of the utmost importance.

How can you prevent a data breach?

Intrusion prevention and protection systems

Your network should have an intrusion prevention and detection system in place to monitor unusual server traffic. This system helps to identify and shut down hackers, who constantly search IP addresses looking for weaknesses. Two-factor authentication provides an extra layer of intrusion protection by requiring users to enter two forms of identification during the login process. This approach eliminates the chances that a hacker or computer program can log into a system remotely and randomly create passwords.

Firewalls

Law firms should look for enterprise grade firewalls to protect against malicious software and hackers. Some law firms use multiple firewalls to ensure that if one firewall fails, a backup is already in place.

Email Encryption

Hackers don’t observe attorney-client privilege, and the highest value target is a law firm’s email. Email is the easiest way for clients to send crucial documents and even medical records to attorneys. Email encryption protects data so only the sender and recipient can view email contents.

Internal and External Security Scans

Hackers are constantly evolving their techniques to circumnavigate existing security protocols to find vulnerabilities. Routine security scans are required to ensure data is constantly protected. Law firms that require ultra-security, for HIPAA or governmental compliance, must conduct internal and external security scans on an annual basis.

Data Backups

Off-site data storage is crucial in case all of the other security techniques fail or a natural disaster, theft or fire occurs. Data from ransomware attacks can be fully recovered using backup records, without paying a ransom fee to recover encrypted data.

Encryption, secure data centers, authentication protocols, intrusion monitoring: Complex IT considerations can make your head spin. Even if you have an IT department or person dedicated to managing those issues, it’s tough to stay on top of the latest threats when you’re focused on building your practice. Thankfully, you have options. Legal Workspace has extensive experience securing law firms from physical and cyber threats. We worry about security. You worry about practicing law.