Author Archive

What you need to know about Fog Computing

June 12, 2017

First, there was cloud computing – and now fog computing? No sooner has the cloud concept become clear, we have another concept to dive into, and why is it so important from a lawyer’s standpoint?

We can start by thinking about the cloud. You could envision “the cloud” as something up in the sky, but this is only part of the equation. The second part is when the data stored in the cloud is transmitted back to planet earth. Some of the problems you might expect if you took a trip to the cloud and back include the time spent in transit (latency), crashing (no explanation needed), and the quality of the trip itself. These issues are all inherent in cloud computing as well.

Segueing into fog imagery, it’s not as simple as just a cloud that’s on the ground. It actually includes cloud computing, but it’s much more than that. You might think more abstractly of fog computing as “anywhere-in-the-process” computing, but “fog computing” is probably easier to remember.

Somewhere between your device and the cloud

In reality, fog computing happens along a continuum; it’s the cycle that spans between our terrestrial computers and devices up to the cloud and back. The primary reason that this continuum exists is that not everything needs to end up in the cloud.

For example, sometimes we would prefer to have the data to be housed within our device, like a laptop, a smartphone, or a tablet. It’s possible that our devices need to talk to other devices and need this data to do so.

Occasionally, we want the data to exist somewhere between the device and the cloud. This is called edge computing. Other times, we want the data in the cloud as fast as we can get it there.

Fog computing involves cloud computing, terrestrial (device-level) computing and edge computing, and because data exists on so many different planes, this is precisely why it’s going to be important to the legal profession.

Headed for data overload

Getting back to cloud computing … the issue now is that we are sending all kinds of data up to the cloud and then back down to be processed by another device. Latency is an ongoing issue, and in reality, not everything needs to be sent to the cloud. As time goes by, the cloud itself is going to get more and more crowded, based on the fact that we are producing that much more data.

Anything with a computer in it is a culprit: our smartphones, our tablets, our wearables, and any devices in the IoT (Internet of Things) realm. We are producing so much data that the traffic is likely to produce a great deal of latency, and in some cases already does. The further the device is away from the cloud, the longer it will take to reach its destination.

In the future, this could become an issue for such things as driverless cars, who may produce so much data that sending it to the cloud would become not only impractical, but dangerous, where such latency can cause an accident, or put the public in danger. The data needs to be held closer to the device (in this case the car) in order to avoid this issue.

The IoT devices we use in our homes, smart home devices like Nest or Alexa, may “talk to” your appliances – your washer, your oven, your shower, your toothbrush – but these communications should ideally remain at the home level. Collected data could be compressed and then sent to the cloud, or only data that is out-of-the-ordinary could be sent, freeing up terabytes of space that might otherwise be monopolized by a lot of trivial data.

The Benefits of Fog Computing

To the legal profession, the benefits of cloud computing should be easy to understand.

Your data is more secure. If you aren’t transmitting a whole lot of data up and down the cloud superhighway, your data is better protected.
Your system is more reliable. With fewer trips up and down the network, there is less likelihood that the data will become corrupted, making your system more reliable.
Save energy, save the planet. Fog computing allows us to share resources closer to the edge of the system, in a horizontal rather than a vertical fashion. By sharing resources in this way, less power is required to power our devices as there is less searching by the devices for connectivity.

So, if attorneys can get their head around the fog computing concept, they can start addressing the aspects of it that will affect the issues that we face every day.

Issues that fog computing will impact

Some of the obvious issues include data security. Where is the data being sent? How and where will this data be housed?

And then there are issues of liability. Who would be responsible in case of a hack? Who is liable for damages? What about devices that are patched together – which could be as tiny as a smart toothbrush, or as big as a driverless delivery truck. In light of the data question, who is liable if there is a failure at some point along the way?

As for privacy, how can we develop confidentiality agreements when the service itself is surveillance? What will our expectations of privacy be going forward?

In the matter of contracts, they will need to be fleshed out with consideration to all players in this system, realizing that the entities that are developing these partnerships are not the same as they have been in the past.

Intellectual property law will be affected too. Consider what may happen if a party learns new things from a data set, and goes on to patent those findings? Does the party in question really own this property?

Last but not least, there is evidence. If it exists, an attorney will attempt to subpoena, and this won’t be restricted to criminal matters. Think about the ramifications that would ensue if a lawyer were to subpoena “any and all” data from a fully connected system of devices.

This article hopefully gives you lawyers a blue-sky understanding of the next generation of technology and data. Fog computing is what it’s all about, and hopefully, this will help you better prepare to deal with the low-lying data that lies ahead.

Top Tips for Reducing Security Risks

June 12, 2017

Historically self-reliant in terms of their technology decisions, many law firms have been taken by surprise – their clients are suddenly auditing their security policies, protocols and questioning the tech tools that they use.

Though this interest comes as a shock to some, it shouldn’t. No law firm should think that their IT and infrastructure is insusceptible to scrutiny, but this is one of many ways that some firms have a problem fulfilling client’s expectations.

Security audits can range from a one-sheet to several pages in length, depending on the complexities of your infrastructure. The audit will take a detailed look at your configurations and architecture, running penetrative testing to discover any weaknesses, and it will also look at your on-boarding procedures, and much more.

Here is a roundup of areas that you should pay attention to now, before a client’s request lands the task on your desk:

Encryption

If you are running an on-site server, it is common to set up your file systems and operating systems not to encrypt your data. Though most law firms use secure socket layer (SSL) encryption for data in transit, encrypting static data is a relatively new concept. The client’s concern is about the ability for unauthorized people to have access to their data, and they need to be assured that it is well encrypted on your network under any circumstances.

Two-Factor Authentication

With the increasing prevalence of remote network access as well as the widespread use of mobile devices like smartphones and tablets, two-factor authentication (also known as 2FA) is now mandatory. Your clients may stipulate that any remote access should have adequate controls in place to make sure that two-factor authentication is applied.

The problem here is that most law firms, and especially lawyers, are resistant to anything that they perceive as limiting, complicated, or adding time to a process, but it’s time to let it go. With 2FA implemented, and restrictions applied to all active directory accounts, your firm instantly gains a huge upsurge in security.

Data Loss Prevention

Also known as DLP, data loss prevention is the process by which your data is protected from being disclosed, damaged or destroyed through email or removable drives or other media. Outgoing email must be monitored, and access to drive ports, USB keys, remote disks and other removable drives. These supplementary protections should serve to give your clients the reassurance that their data is protected on your local network, and that their confidential information is safe from any leakage, whether accidental or intentional.

Vulnerability Scans

Your technology is bound to change and evolve. You will no doubt need to add or remove computer hardware and software, and new employees and procedures will force you to be agile. Security threats will continue to evolve, necessitating an ongoing protocol that should include regular vulnerability checks. It is also a good idea to consider hiring a 3rd party consultant to perform an ethical hack every once in a while, just to determine if your network has any potential weak spots. Being able to anticipate these issues is critical, as once an issue becomes a problem, it’s hard to come back from it.

Disaster Recovery Plans and Backups

A Disaster Recovery Plan (DRP) and backup protocol is essential to protect your firm from any potential loss of data. If you don’t have one, you are leaving your firm susceptible to any number of threats, both natural, such as power failures, floods, fire or earthquakes, and man-made, such as deliberate, accidental or malicious destruction of systems or data. If any of these incidences were to happen, you could potentially lose all of your client files. Storing your data in the cloud prevents this type of loss, and facilitates your backup protocol. It can also help you recover more quickly from any type of loss, including security breaches, by giving you ready access to your data and applications.

Security Awareness Training

Even with the best possible policies and procedures in play, it’s always important to remember that we are human, and so are susceptible to human error, whether by mistake or through a deliberate disregard for the systems you have in place. Procedures can be bypassed or left by the wayside, directions can be misunderstood, or can slip through the cracks completely. These oversights have the potential to cause a breach in security. Your employees, including partners who may be resistant, need to be adequately trained, and these protocols regularly reinforced and upgraded to ensure your client’s security expectations are being met.

Your clients are becoming more and more selective. You could say, they have been ‘consumerized’. Not only do they demand the best legal advice, they require the firms they work with to have adequate security systems in place in order to protect their data. With every possible security tool available and within reach, there is absolutely no reason that your firm should not pass a security audit based on any one of these issues. Be proactive: put the proper controls and processes in place, educate, and reevaluate frequently. Consider what clients normally ask when they conduct their own IT and security audit, and you’ll be ready to answer the hard questions when they come.

Saving Time with Online Forms

June 12, 2017

The Law Office of Ruby L. Powers in Houston, TX, is dedicated to leveraging technology to save their practice and their clients, time and money. Primarily involved in immigration and naturalization, their office consists of three lawyers, each with a specialty in the realm of citizenship, consular law, asylum and humanitarian parole.

The region itself is high-density for the immigrant population. At approximately a million and a half individuals in need of legal assistance, this puts the area well above the national average, creating a very competitive market among the professional legal community. Firms that are able to leverage technology to their advantage have the edge, as it simplifies many processes and creates an easy way for them to collect information.

Firms save time and money with online forms

By utilizing online forms, the firm has been able to eliminate not only the time spent by clients filling out voluminous forms in the office, but it also saves a lot of time and effort for the lawyers, who are able to identify key issues prior to their first meeting with the client. By the time they meet in person for the intake appointment, the office already has a plan on how they could potentially help the client.

Building these forms and databases, however, may be tedious and complicated to build out, and extracting the collected information may take a lot of extra work in order to compile it into a meaningful dataset. Using a form builder like JotForm can help.

Online form builders like JotForm have simplified processes and greatly reduced the cost of running a law practice, eliminating the need to print and greatly reducing the time spent wrangling information.

JotForm is easy to use for just about anybody

JotForm is an online form building application that allows users to create customized web forms without having to write a line of code. The interface is drag-and-drop for any type of field you need to create, from biographical information to text boxes for longer explanations to drop-down menus or radio buttons for set answers to certain questions.

Powers’ practice has been using JotForm for several years now, based on the recommendation of a colleague. They were in need of a simple solution to the problem of the long intake process and the many forms that were required to get the intake process started. Ideally, they wanted a solution that would enable them to be able to work remotely. JotForm allowed them to be able to cut their procedure time in half, which in turn helped them to be able to take on more new business and grow their bottom line.

Enable multiple form types to suit your specific needs

They use several forms, each for a different purpose. There is a contact form on their site, enabling potential clients to send brief messages explaining their reasons for needing legal services, and basic contact information.

Intake forms are considerably more detailed, and focus more on the client themselves, and the case in question. From this form, the firm is able to determine whether the client is a good fit for any of their services. If a consultation is scheduled, the office can let the client know what documents they need to bring in order to optimize their time spent in the office.

Online forms help you go paperless

These days, all of Powers’ intake forms are available online. This allows the firm to store an entire paper trail digitally, helping them to stay organized and giving them an added layer of security, as all data is stored in the cloud. Lawyers are immediately notified when a new form or updates are submitted, and all of their data is organized in an easy-to-use dashboard, accessible via a login portal.

Before JotForm, the firm used paper forms and email, creating multiple datasets stored in different locations. Using the service has allowed them to get better organized. Form data is then copied and pasted into Word files for storage in local case files for quick access.

Conclusion

Bottom line, whether you are using online forms for intake, or for gathering any kind of data from your clients or site visitors, a form builder can make an attorney’s life much easier. It simplifies the data collection process, and makes that information easier to access for the entire team, whether in the office or working remotely. Additionally, JotForms also allows you to create as many sub-users as you require, meaning everybody in your office can have their own access, no matter how large or small your firm may be.

Choosing Law Practice Management Software

June 12, 2017

If you are starting up a new office and purchasing a law practice management suite, or if you are considering an upgrade, or switching vendors, choosing a package that is right for you is important. Unfortunately, most of the information available in a web search is not great, so we’ve put together a checklist to help you make a smart choice that will prove itself in functionality and ROI.

1. Define your goals first.

Law firms often look at the available feature sets without having a clear understanding of what their firm really needs. Basic needs, of course, are calendar, task managers and documents, but don’t stop there: go deeper into your future plans and goals before moving forward. For instance, are you a solo firm, and do you intend to remain that way? How many staff will you need to support? Are you planning on adding remote staff? Additional attorneys? Firms that plan on hiring remote staff will have vastly different requirements than firms that share office space. Look at your fee arrangements, and document automation needs, and try to shape a vision of where your firm is going in the future. This will help you find some clarity around the features that are or will be important to you, now or in the future. Ultimately, you don’t want to have to go through this process again, so find a solution that will grow with you.

2. Find a solution that will grow with you.

Your law practice management suite should do you well for a minimum of 10 years, so spend some time thinking about where your practice is headed. In this sense, it is good to have a sense of what the future holds for technology and how this relates to your own long-term strategy. Look at current trends, how they impact your current workflow, and try to determine where it’s all headed. Nobody can predict exactly how it’s all going to work out, but it’s always good to have an idea of what you think might happen, and determine whether you’re on the same trajectory.

You might also think about creating a threat scenario using your current data and security risks. Depending on what type of law you practice, you may have an increased need for communications security and encryption; or if you are a firm that still maintains paper files, you might want to assess your fire or flood risks. It’s important to conceive a threat analysis protocol that is specific to your unique needs in order to get an idea of how each vendor can help you address certain scenarios.

3. Find out how your Advisor benefits from your business.

Having a consultant can be a huge advantage in choosing the right law practice software. A good consultant will have you thinking about the right things, and will help you determine your needs based on your business model, talking you through each scenario to ensure that you end up with the result you’re after, right down to the price you want to pay. Even if you have great confidence in your consultant, it’s always good to know how they make their money. It could be in one of the following ways: a. you pay a fee to them for their advice, b. from reseller commissions, or c. from ongoing support, training, hosting, and customization packages or contracts. While there is nothing wrong with either of these scenarios, you want to make sure that the consultant is going to bring you the best possible solution for your needs. They should be open and transparent, and be able to address any questions or concerns you might have about their recommendations. Watch for consultants who lean strongly towards or away from a particular solution (such as cloud-based software), since this may indicate that they are biased to their own preferences, and not yours.

4. Narrow the Field.

You should now have a better idea of what you are going to need, as well as your future goals, so at this point, it’s time to narrow your options.

While every firm is different, here are some of the high points you might want to think about:

Security – audits, standards, encryption
Mobile accessibility – smartphones, tablets, browser interface
User interface – should be easy to use and adopt
Vendor reputation – continued support is important, as is a commitment to development
Ease of migration – if you are transitioning from a different system, how easy is the process going to be?
Initial and ongoing costs – setup, training, customization, adding users, support, etc.
3rd party integrations and additional features – does it talk to other apps that you use? is this free?

5. Test Drive before you buy.

Once you’ve shortlisted a few vendors, contact them directly with any specific questions you may have about issues you have identified. Ensure you have all the answers you need before moving forward with the buy. Most vendors will offer a free trial – take them up on it. For the test-run, set up dummy accounts with made-up data, or use one of your current or past matters. During your trial period, put the software through its paces, explore the interfaces, and assess the available workflows. If you have a clearly defined vision of your firm’s long-term needs, if you know what your security issues are and what features your firm needs to have, you should be able to test all these scenarios out to ensure the software is going to do right by you.

These tips should help get you thinking about what you need to know before you start shopping for law practice management software. You can also check out the LTRC Practice Management Software Comparison from the ABA, as well as their Blueprint Advisor Tool, just to get an idea of how each vendor lines up with your needs.

Version Control Applications for Mac Users

June 12, 2017

Comparing text in documents is a daily task in the legal profession. Being able to do it quickly and easily is a bonus. Drawing a parallel to the way software developers compare source code on a page is arguably more efficient than the way most lawyers go about it, and perhaps we can take a page from their workflow to improve ours. How they do this is through a diff (which is similar to a redline) that is tracked through an application specifically purposed for version control.

These apps include Tower and SourceTree, but there are others. They provide simple editing tools that will help you revert to previous versions if you need to, or allow you to push some changes, and save others for later.

Even though what we use the app for is similar, the processes are very different from a typical legal workflow. When collaborating on a project, they don’t output comparisons as separate files, because each coder will generate their own diffs; comparisons are not output as separate files as the document changes, and they don’t worry about forgetting to turn on ‘track changes’ before starting to edit a document, because it’s just not necessary. You might even be able to skip using Word altogether, because all the basic changes you need to make can be done using the tools in your version control app.
Though this type of workflow is pretty routine for software developers, it’s not the way that lawyers normally work. Whatever document management system you use might provide you with the ability to create a comparison file using external software, but it’s not quite the same as simply opening the most recent version of a documents and seeing right away what’s different from the last version – accompanied by handy tools to manage the changes.

If you’re a Mac user, there are a few version control applications that can be applied to legal documents. They are made for software developers, but will work nicely for the task, and you’ll be able to benefit from a more intuitive process.

Here are some version comparison apps for Mac you might want to look at:

Kaleidoscope

Kaleidoscope is an app specifically for Mac users that compares text files, RTF, DOCX and plenty more, and has the added functionality of being able to compare images and folders as well. It’s super easy to use too: simply drag the files you want to compare onto its icon and it will generate a comparison. You can also search within the documents you are examining, compare more than just two documents, and easily switch between them. It costs $69.99 and comes with a 15 day trial so you can check it out first.

The following examples are apps with features that compare text, as opposed to documents. This means simply that you have to copy and paste from the source document into the app to get the analysis.

BBEdit

BBEdit is meant specifically for professional software developers, but most of its features, including text comparison, can be used for free. To make it work, you would need to create two separate text documents within the app, then copy and paste each version in to them. A few clicks later, you have your comparison.

Atom with Split-Diff

Atom is another app that is made specifically for software developers, and it’s also free. It’s also open-source, which means developers can create feature packages that add to its functionality. One of these is ‘split-diff’ allows you to view differences in text from documents that you paste in, side-by-side, which is particularly handy is you are working on a portion of a larger document – meaning you can just copy and paste the section you’re working on.

One drawback is that none of these applications allow you to save a comparison as its own unique file. Additionally, your files will look very different than how they do in your word processing app – but that may be the best part about them: They are fast, simple, and (mostly) free, and you won’t have to run a redline or a backline to see changes to your documents.

Choosing a Legal Calendaring System? Here’s What you Need to Know

May 18, 2017

Improving your calendaring process is a great way to manage risk, and the good news is, there are plenty of software tools that can help you do just that – apps that are specific to the legal profession, and that help you to stay on top of your game. They ensure that there are no missed deadlines, and they can also help your firm streamline their workflow, resulting in improved productivity, happier clients, and will ultimately improve your cash flow.

If you are thinking about deploying a deadline calculator, do a deep dive into the provider, and make sure you understand the key features, as well as what support resources are available before you decide on who you’re going to go with. Here are some things you might want to consider:

Find out more about the team who is updating the rules

The biggest benefit of having a trustworthy rules-based calendaring solution is the access you gain to the official court rules, as well as the people who keep them up to date. Find out who owns the database, as this is a critical issue in terms of accuracy and timeliness. You want to make sure that the provider owns the source, and does not access it from a third party, as too many re-directs always slows the process down, and leaves room for error and confusion. Find out also whether the provider employs attorneys and other legal professionals on a full-time basis, individuals who have a background in rule amendments and understand the potential consequences that they have on deadline calculations.

Find out about their update process and how often it is done

in order to ensure that deadlines are never missed, it is critical that you receive notifications that have an impact on cases you are working on. Your provider should be able to tell you how frequently rules are updated, and how you and your colleagues will be notified, and how much information on the changes will be delivered, so you can assess whether there is a need to recalculate your deadline.

Find out whether your team can customize sets of rules

The system you consider should have the ability to customize your rules sets. This will allow you to hide, remove or modify certain events or sequences of events, such as if they are normally not observed, or obsolete, or if your firm has events in their normal workflow that need to be added, such as a client meeting prior to the court date.

How is the system managed? Is it collaborative?

Since most law firm these days are team-based environments, your calendaring system should reflect that. All key stakeholders should have access to the system, and it should provide for multiple levels of permissions, allowing you to control visibility for sensitive or confidential material. Being able to display events across teams, clients and matters is important. You should be able to access a birds-eye view for your whole department within a specified period, and have the ability to dive deeper to get details on a specific attorney or matter.

Take the system for a test run to make sure it’s easy to use

Though rules-based calendaring this is not a simple task, your solution should deliver an interface that is reasonably easy to use. Since many people will be contributing to it, it should be something that is won’t require a lot of training to get rolling with it.

Is it accessible enough for your needs?

Your calendar solution should integrate with the calendars your team uses every day, such as Microsoft Outlook, and also online calendars. As mobile is a necessity, it should be compatible with all mobile devices. Find out whether the system is cloud-based, and how the backup process works. To that end, find out where your data center is, whether it resides with the provider, or if it is hosted with a third party.

Find out what training and support are available to you

This is always imperative in choosing any third-party supplier for calendaring systems. Ask what your support options are, and find out if they are available 24/7, or if you have to wait until their offices open the next day. You should also find out whether they have a good caches of support articles that you can access anytime, and whether the support package is included in the price, or if it is an extra charge.

What are the reporting and tracking options?

You should be able to track changes, and find out who made them. This should be standard, as it is an absolutely imperative feature. You should also be able to export events in an adequate enough level of detail – you ought to be able to customize many variables, such as timeframes, teams, clients, and more.

What’s it going to cost, and how is it packaged?

Before you invest, you need to find out if it delivers the value that you need. You may have options as to the type of package, and sometimes you may need to pay for additional functionality, or to add a user. Some are priced by the case, some by the court, and some will have all-in subscriptions that give you access to every tool in their arsenal. Ask yourself how long you will need this tool for? how much are you or your organization going to use it? and finally, is it compliant with your professional liability insurance? Choosing an annual subscription is generally the safest way to go if this is an issue.

How stable is the company? What kind of a reputation do they have?

Companies that have been in the market longer should figure high in your selection criteria, as should the experience they have doing what they do. Having a bullet proof reputation for responsiveness, a good customer service record, and an extensive customer base are indicative of a company’s commitment to serve you better. Determine whether the provider has staying power, and if they have a customer base strong enough to support their longevity. Will it still be around in another decade or two?

Conclusion

Investing in technology is never cut-and-dried. If you are ready invest in a calendaring system that will help you streamline your workflow, become more productive, mitigate risk and help you comply with court deadlines, there are plenty of things to consider before you decide on the best provider for your needs. These are just a few – good luck!

Avoid The Ransomware Epidemic Going On Right Now

May 13, 2017

Today a massive Ransomware attack was deployed and hit a reported 99 counties around the globe. More than 75,000 businesses and government entities around the world have been affected. Ransomware is not a joke and it is something that we deal with often with non-clients who call us frantically looking for guidance. Right now your company most likely does not have protection against Ransomware, it’s a statistical fact. In this article I will explain what Ransomware is, and what your firm or company needs to do in order to prevent it. The point of this article is to educate and organize your I.T. so you never have to worry about Ransomware. Ransomware is totally avoidable if you prepare for it.

What is Ransomware?

Today’s Ransomware attack is spreading through a Windows exploit and will only affect you if your operating system is not 100% patched. Normally, Ransomware is received through fraudulent email attachments that are unknowingly executed by the end user. The email looks real and even comes from someone you may know, but the attachment which may be a word or PDF document is fake. Once opened, it executes an encryption application encrypting all your workstation documents as well as documents on your network. The end result being every document and picture becoming encrypted, unable to open. Once totally encrypted you’ll find files on your desktop with instructions on how to decrypt your files by paying a ransom. The ransom is usually 3-5 bitcoin (internet currency) which is about $4,800 – $8,000 as I write this. The USD amount per bitcoin fluctuates. Today the ransom appears to be a mere $300 per attack. Also, you have a time limit to pay. If you wait, the ransom increases and eventually terminates leaving your files inaccessible. Ransomware puts companies out of business. Today’s attack is unprecedented and this type of attack will most definitely occur more frequently.

Avoid Ransomware 100% with Cloud Technologies

No system is safe from Ransomware. The key to a successful anti-Ransomware solution is minimizing the downtime that it causes and attempting to avoid it altogether. Our clients on the cloud simply have no fear of Ransomware. Due to our advanced backup methods and customized cloud based work environment along with advanced anti-Ransomware security, if a client were to contract Ransomware, their cloud server could be shut down and restored to a prior backup within 10 minutes. That’s 10 minutes total downtime with absolutely no ransom paid.

Rekall Cloud is the ultimate anti-Ransomware tool to fight against downtime caused by Ransomware, Viruses, Malware & Spyware. In the cloud your work experience is identical to how you work right now. All you applications will work as well. You can work from anywhere, at anytime and from any device, Mac, Windows, Android, iPhone or iPad. On the cloud there is no need for office servers, maintenance, or the headaches that they bring. If your server is aging and your tired of playing the 5-year-server-upgrade-game, give us a call and avoid it all. On the cloud, you will never have to purchase office servers again.

Avoid This Ransomware Attack Right Now, Here’s How

Patch Your Operating Systems Regularly | Rekall automatically patches client operating systems automatically through the Rekall Technologies Cloud Management Console. Within this console all client devices are added and patched on a schedule automatically. Patches are pre-approved by Rekall staff and deployed out to our over 100 law firms and client devices. This service is offered to all Rekall clients both on and off the cloud, if your I.T. company is not proactively patching your systems, you must call Rekall. We do this for free as it is our standard due to it being a top priority for proactive security.

Anti-Ransomware Email Spam Filtering Services | Ransomware most commonly comes through email. Rekall offers enterprise level email spam filtering that automatically blocks harmful email and spam protecting against Viruses, Spyware, Malware & Ransomware. With over 100 law firms nationwide, Rekall blocks on average 20 Ransomware attempted emails per day. Not all spam filters block Ransomware but ours does. If yours does not, your I.T. company is not protecting you the way they should and is not keeping up with latest threats, you must call Rekall.

Anti-Ransomware Enterprise Level Firewall Services | All law firms on the Rekall Cloud are protected by Rekall’s enterprise level firewall protecting our clients against Viruses, Spyware, Malware & Ransomware. All Rekall clients having traditional I.T. setups with servers residing in the office have our Enterprise Level Firewalls protecting their data onsite as well. If you have a Sonicwall or Watchguard firewall, you are not protected against web based Ransomware attacks. You must call Rekall.

Backup Your Data in a Smart Way | DO NOT BACKUP TO A USB DRIVE ATTACHED TO YOUR WORKSTATION OR SERVER. This is typical among small firms. Ransomware will encrypt all USB devices attached to the network. A good backup will be your only saving grace if and when your firm gets hit by Ransomware. You must have a cloud backup and that backup must be an image level backup of your servers. The backup must take snapshots of the state of your server at least once a day, save it up to the cloud, and hold at least 30 days of snapshots. Restoration must be quick within an hour or 2 at the most. If you have a cloud backup that doesn’t take daily snapshots, your backup will run after Ransomware strikes and will encrypt your entire backup. The same thing will happen if you backup to USB. Ransomware will encrypt the data on the drive and that backup is now a dead backup forcing you pay the ransom.

Save Important Data to the Server | All important data MUST be stored on the server or within the firms document management system or firm management software. In this way everyone has access to the data and the data is centrally managed. Correctly executed server backups will save your firm data in the case of Ransomware. If you work on a file locally and your firm gets hit by Ransomware but you never saved the file back to the server, you just lost that file or forced the firm to pay an entire ransom to get your one file back.

Technology Mistakes Every Attorney Makes: Part II

May 12, 2017

IT security is one of the biggest challenges that we face, every day. Even when you feel like you’ve got a handle on it, a new threat, or something that has evolved from an old one will come back to bite you. Managing IT security is probably the number one concern for most law firms, followed closely by managing email, governing information, compliance, and risk management. Closer to the bottom, but no less important, are bring-your-own-device (BYOD) issues, security risks related to cloud computing, and change management.

No matter what the concern, there are ways to avoid disaster. But we must remain diligent at all costs: what we skimp on now may give you an ulcer later on, especially if your network, or your client’s confidential data is compromised in any way.

Continuing from our first article, “Technology Mistakes Every Lawyer Makes Part I,” here are yet more simple oversights we tend to make:

Using a Proprietary Data Storage System

This is more common than you think: and since many firms are now upgrading to new-gen software and technology devices, it’s likely that if you have been using a proprietary system in the past, that you will have to start from scratch, re-entering or uploading data that can’t be automatically transferred. Big waste of time and money. Use something ubiquitous, something that is designed to scale, and you won’t have any issues. This includes investing in physical server arrays, as this model is practically extinct already.

Not Training Your Staff & Partners

Ignoring the need to train your staff just to save a few bucks can come back to bite you in the end. If a lawyer, or an employee, doesn’t know how something works, they will be resistant to using it, which makes your investment worthless. Much money is wasted on technology purchases that are supposed to make your life easier, but if nobody knows how to use it, you might as well have saved yourself the trouble. Take the time to make sure your staff knows how these solutions work, what they do, and how they are going to make their life easier.

Dealing With Your Own I.T. Issues

Some lawyers run from technology, while others embrace it. Either way, you’re going to need some help at some point. No matter how tech-savvy you are – do yourself a favor and don’t do it yourself: make sure you choose a technology partner or managed services provider who works with law firms, and is able to understand your unique needs and concerns. Having the right IT tools, and the right IT team on your side, you should be able to get what you need done in a way that makes sense to you and the way you do business.

Opting For ‘Economical’ Solutions That Don’t Completely Do the Job

The best solution is not always the cheapest. That said, the most expensive one is not always what you should be going for, either. Take the time to understand what you are investing in, and whether it’s going to do what you need it to do, if it can grow and scale along with you, and if it can handle the specific needs of the legal industry. A good billing system that is designed specifically for lawyers will be much more intuitive in accommodating issues that are specific to a law firm.

Not Taking Your Whole Firm Into Account

It’s hard to accommodate the needs of everybody – attorneys, clients, and other staff – but it is possible to choose technology tools that everybody can agree on. That means that one person should not be making the decisions on new technology and software purchases. Work closely with experts or consultants who can give you some options to consider, and make sure you know what your staff’s concerns might be before you buy. A consultant who has experience working with other law firms is often the best place to start; they will be able to give you some options, and explain the pros and cons so you won’t be in for any surprises.

Education is most certainly key. By making a point of training your staff and partners, and keeping them apprised of the potential risks involved, you can effectively stave off many rather unfortunate IT disasters.

Technology Mistakes Every Attorney Makes: Part I

May 12, 2017

It happens just about every day. You receive a message in your inbox from an unknown sender. It’s marked “urgent,” and you go ahead and open it, because maybe it’s from a new client, or someone related to a case. Unfortunately, that email contained a virus. With one click, you’ve started a chain reaction of calamity that will encrypt every file on your firm’s servers.

In 2015, Bloomberg released a study, showing that 80 of America’s largest firms have been hacked since 2011. It’s more important than ever for lawyers to understand how even the most innocuous errors can lead to disaster, compromising internal data, client data, and bringing the potential to tank the livelihoods of all concerned.

To illustrate, here’s a few of the top mistakes we lawyers make:

Opening Email Attachments From Senders You Don’t Know

Keeping Unencrypted Client Data on Your Personal Device or Laptop

Your mobile devices are just that – mobile. They are an easy target for thieves. Imagine how you would explain this to your partners, and more importantly, your clients. Avoid storing sensitive information on these devices, and always keep your device password protected. Using two-factor authentication is also a good idea, as is encryption and intrusion detection. Store sensitive documents in a secure cloud that only you and other relevant parties can access. That way, if you are a victim of theft, they won’t be able to access your data.

Not Investing in High-Quality, Secure Internet

Everybody loves a bargain, but that cheap DSL offer is probably not going to be better. In fact, it may not even support the amount of bandwidth you need to remain secure, and ensure 100% uptime access to your network and files. A top quality connection always pays dividends in enhanced productivity, connectivity, and quality of communications.

Installing New Systems Without Consulting an I.T. Professional

More and more, clients are demanding that their data remains secure through every step of the process. Without being able to ensure high security standards, you are not only doing your clients a disservice, you are putting your firm at risk also. Do yourself a favor and do it right the first time. Consider the fact that new threats are constantly evolving, and what worked last year may not do the job today. Choose an IT security system that self-updates, or bring in a consultant who can design a system that is relatively future-proof. Depending on how you work, your protection should be deployable from the cloud, and run quietly in the background. Other on-the-ground solutions include dual-factor authentication, and ongoing training for your staff, but there is no substitute for expertise. Even if you have an IT team, consider bringing in a specialist in IT security. These are the people who know – and they can, in turn, educate your IT team.

Falling for a Phony ‘Expert’ Ploy

If ‘Bob from Microsoft’ calls and wants to connect to your system in order to repair an issue, make sure it’s who they say they are, and who initiated the service call. Keep in mind, nobody is going to just call you out of the blue to fix your problem (if indeed you have one), so no matter how together they sound, don’t let them get anywhere near your technology.
These days, you can’t avoid technology in your practice, and why would you want to? But by avoiding these common mistakes, you’ll be making everybody’s lives so much easier, and most importantly, protecting your practice. For more on this subject, see Part II of this article.

Law Firm Security Tips to Reduce Risk

May 4, 2017

With the largely unregulated landscape of current technology in use at law firms, some practices have noticed that their clients are questioning their security protocols and controls as it pertains to their tech. Rather than be taken aback, we should perhaps expect a little client scrutiny. An audit can tell us much in the realm of assessing security architecture, as well as hiring practices, and more, all information that can be relayed to the client to put them at ease. Here are a few areas that should be of practical consideration:

Two-Factor Authentication

Two-factor authentication (aka 2FA) should be mandatory for remote access, as most law practices are now using mobile technology to a greater degree.

Many firms may initially resist this change, as they stray away from anything that causes frustration to the end user. However, with 2FA in place, and all active user accounts restricted in this way, the entire infrastructure will affect a heightened level of security. And that is a good thing.

Encryption

If you are using on-premise servers, it is common to default to a non-encrypted protocol. While encryption of data in transit using SSL (secure socket layer) is relatively recent, static data encryption is still a fairly new thing. However, clients are becoming increasingly nervous about who is able to access their data, needing assurances that their files are secure and encrypted at all times and in all locations – even where it exists on the internal network.

Data Loss Prevention (DLP)

Having DLP controls in place reduces or eliminates risk of any data being accessed, either deliberately or accidentally through email or on removable media. Outgoing emails, and access to USB ports, including removable drives of any kind should be restricted or disallowed. This will help to assure clients that their information is being protected at all costs.

Vulnerability Scans

In an ever-changing technology environment, it is necessary to adjust protocols and security measures to meet the challenges of new threats. Regular scans should be implemented, and ‘ethical hacks’ should be considered – in other words, you should think about hiring a 3^rd party specialist to probe your systems for potential vulnerabilities. If you know what you are susceptible to, the better chance you have of preventing an attack before it happens.

Backup & Disaster Recovery

A backup and disaster recovery plan (DRP) is essential in order to protect your firm from potential losses. If you don’t have one, something as simple as a power outage can quite possibly bring your practice to its knees. Migrating your stored data to the cloud is always a good idea, as you won’t have to rely on your in-house backups – handy if you can’t access your building, if there is a fire, flood, or other disaster of that type. Cloud backup can also hasten your recovery from security breaches and viruses as it will allow you instant remote access to your entire infrastructure, including all related applications.

Security Awareness Training

Even with all of the best practices in place, human error and interaction can be the root cause of a lot of issues. Security protocols and procedures may be ignored or bypassed, and if the rules change, it’s possible that some people may not find out until it’s too late. All of these scenarios can lead to a breach in security. All of your employees, including partners, no matter how resistant they may be, need to be trained on a regular basis. Security policies should be known and understood by all, and expectations should be upheld to ensure that client data sanctity is always upheld.

Get Serious About Your Network Security

Clients today are not only seeking out the best and the brightest lawyers, they are demanding that the law firms they choose have a commitment to protect the confidentiality of their data as well as their relationship with you. In this day and age of heightened technological security risks, there is no reason that your firm should fall short on any of these issues. Be prepared, remain vigilant, and put proper controls in place to ensure that your staff is well-versed on your policies. Take some time to regularly review these and other important security-related matters so that your audit delivers as few surprises as possible.