Author Archive

Are Online Intake Forms an Ethical Concern?

Attorneys are tasked with learning as much as they can about a potential client’s legal challenges as well as the client’s background.  The more information made available, the easier it is to determine if it is prudent to accept the prospect as a client.  Ethical rules bar representations if conflicts might arise.  Therefore, law firms must be aware of the legal backgrounds and even the financial ties of prospective clients.  The question is whether it is prudent to use online intake forms.

To use Intake Forms or not to use Intake Forms? That is the Question

It was not long ago when law firms relied upon inefficient paper intake forms along with lengthy client interviews to obtain the information required to perform an assessment.  The information was then transmitted to computer by way of data entry.  Unfortunately, this approach led to countless errs and chewed up a considerable amount of time and money.  Enter online intake forms.

Rather than gathering data over the phone or through in-person meetings, it is now possible to collect information through the web.  Online intake software empowers law firms to collect highly specific data in the manner they desire.  Firms can create nuanced questions, open the door for free-form responses or even let respondents choose from multiple choice options.  It has become remarkably easy to seamlessly mesh client responses with the current practice management software.

The Ethics of the Matter

Fully encrypted online intake forms adhere to the ethical standards for protecting client data.  The primary concern in the context of online intake forms is keeping client data shielded against online attacks.  After all, these intake forms have important data ranging from financial information to Social Security numbers and beyond.  Hackers are well aware of the fact that law firms have such valuable information.

It is not sensible to bypass the online intake form as any information collected through paper documents would eventually be scanned into the system anyway.  The bottom line is we have quickly converted to a digital society in which it is no longer logical to keep filing cabinets full of tangible documents.  As long as law firms that the steps necessary to prevent unauthorized access to client data, there is no reason to avoid online intake forms to properly vet clients.

How to Prevent Data Theft

Multi-factor authentication can prevent the vast majority of data breaches.  This extra level of verification goes well beyond the regular password.  From retinal scans to USB tokens, text messages to the authorized user and beyond, multi-factor authentication has myriad ways of forcing those requesting access to sensitive data to prove their identity.

It will also help to proactively patch your firm’s computer systems.  Such patches are released on a monthly basis to ensure the latest safeguards are in place.  Patch your system in a timely manner and it will be that much more difficult for hackers to access your sensitive data. Even the use of email attachment scanning tools will help guard against phishing attacks.

The moral of the story is those who are proactive with digital security should have no qualms about using online intake forms to review prospective clients.  Maintain the proper digital safeguards and you will be able to use today’s technology to its fullest extent in your quest to pinpoint the optimal clients for your firm.

You can no Longer Believe What You see Thanks to Deepfakes

It is hard to believe we are living in an era in which computer geeks can create fake video, pass it off as real and completely fool the masses.  Such phony video and pictures, referred to as deepfakes, pose quite the significant threat to individuals, companies and even national security.

The Basics of Deepfakes

Deepfakes are videos and pictures in which artificial intelligence is creatively used to replace everything from voices to faces and physical movement.  The alternative image/voice substituted for the truth is referred to as a targeted replacement.  To the surprise of many, there is no need for advanced computer skills to pull off a deep fake.  At this point, the deepfakes process is primarily automated. Those who understand the nuts and bolts of coding are capable of pulling off a successful deepfake that fools the masses.

Free software is available for download that serves as a training algorithm for artificial intelligence.  This algorithm communicates to the artificial intelligence how faces or other body parts should be swapped as well as the part of the face/body part to be specifically altered, how to compensate for movement and even how to remedy issues with blurred images.  Deepfake programs such as FaceIt, FaceSwap and GitHub run on an array of operating systems ranging from Linux to MacOS and Linux.

Identifying and Combating Deepfakes

Increasing the public’s awareness of the potential for deepfakes is essential.  People far and wide should be made aware of the fact that it is now possible to substitute images and voices through the use of artificial intelligence.  Though the private industry certainly has a role to play, deepfake experts agree government researchers and academics are the primary deepfake combatants.  The aim is to make it too difficult for malevolent individuals to generate convincing fakes that go undetected.

A couple methods have merged to pinpoint potential deepfakes.  The amplification of the color saturation in an individual’s face to reveal minor alterations is one such method.  It is also possible to track video footage for unnatural blinking.  Chromatic aberrations or subtle color variations around certain shapes in pictures also indicate the merging of photos.

Accessibility to Images

Part of the problem with deepfakes is most people upload their personal pictures and video to Facebook, Twitter and other social media platforms without questioning whether that media will eventually be used against them.  Aside from limiting the number of pictures/videos general members of the public upload to the web, it might also help to eliminate face sets of public figures made available to the general public.  Readily available data sets featuring celebrity/politician images greatly ameliorate the challenge of generating deepfakes.

In the end, the quest to thwart deepfakes will likely boil down to a race.  If the media can alert the public that a certain photo or video is actually fake before it is accepted as fact, there won’t be much potential for mass deception.  Unfortunately, plenty of conspiracy theorists will insist the media is lying about supposed deepfakes to protect certain political figures or celebrities.  Stay tuned.  We are merely at the beginning of the deepfake era.  Things are about to get quite interesting as more and more phony pictures and videos are released to the public.

Why Every Company Should Have Mandatory Compliance Training

The Department of Justice recently issued an updated version of its guidance for the evaluation of corporate compliance programs.  This updated document is quite long and detailed.  The updated compliance training requirements includes similar material to the 2017 version along with the addition of questions prosecutors might pose when analyzing training programs.  It is no longer enough to simply train employees on compliance; it is also necessary to test employee understanding of compliance and determine if the compliance program is actually effective.

The Purpose of Compliance Training Programs

Compliance training programs must be designed to prevent and identify wrongdoing.  This is precisely why compliance training should be performed across posterity rather than a once-off at the outset of a new hire’s employment.  The moral of this story is employees should behave in a moral manner not just because it is what their employer desires; employees should behave morally as it is what they truly want to do.  However, even if you have the most effective compliance training program in existence, it will not guarantee employees do not engage in misconduct.  Let’s take a quick look at a few compliance training tips that will help maximize the impact of this training.

Compliance Training Should be Realistic

Provide employees with real life scenarios during compliance training.  This way, the training will feel more realistic than academic.  Providing realistic scenarios makes employees feel as though they are genuinely prepared for potential compliance scenarios that might arise in the future.  If your compliance training materials are unrealistic, it is only a matter of time until employees tune out the message.

Whistle Blowing Should be Encouraged

All too often, employees refuse to speak up when they know something is wrong simply because they fear repercussions.  Make it perfectly clear during compliance training that employees should speak up when aware of a compliance violation or other wrongdoing in the workplace.  Educate every employee about the process for reporting breaches of policies, codes and laws.  This way, your employees will act as a sort of internal police force that ensures co-workers follow the rules.

Be Careful When Choosing Your Compliance Training Material

Compliance training materials can be provided in a number of different forms.  From online e-learning to teaching on-site, virtual reality experiences and beyond, there are a ton of different ways to provide employees with compliance training materials.  Choose the format best for your unique compliance concerns and employees to make a truly indelible impact.

How Top-Notch Client Service can Lead to More Cases

Most attorneys are primarily concerned with winning cases, securing lucrative settlements and climbing the corporate ladder to become a partner.  Unfortunately, client service is sometimes neglected along the way.  Though client service is often overlooked, it matters a great deal.  Today’s clients are more aware of the quality of attorney services than ever before.  Make an effort to provide exemplary customer service and it really will prove to be quite the important competitive advantage for your law firm.

Consider the Client’s Point of View

Follow the golden rule of life while serving your clients and they will be that much more likely to recommend your services to others.  Take some time to think about how your clients would like to be served.  Think about what the client is going through and tailor your legal services as appropriate.  It will also help to contact clients throughout the case to see how they are doing.  This might seem like a subtlety yet it makes a big difference in the client’s perception of the quality of your services and your merit as an attorney.

Explain Your Law Firm Policies in Plain English

The initial consultation is the optimal time to explain your firm’s policies in detail.  Describe your firm’s policies in terms of returning messages, billing, case updates, etc.  Putting this information out on the table for clients to see at the outset of the process helps set their expectations appropriately.

Technology is Your Friend

Law firm customers service commences at the point of first contact.  Take advantage of contact relationship management software and it will be that much easier to streamline intake, keep in touch with clients and automate follow-ups across posterity.  Tech can also help you book client appointments through the web.  You can even use artificial intelligence (AI) to enhance your law firm’s customer service.

Return Calls Within 24 Hours

Your clients should not have to wait longer than a day to receive a message back from you.  Even if you are unsure of the exact answer to the client’s inquiry, simply touching base can mean a great deal to your clients.  Keep your clients in the loop, return their messages in a timely manner and they really will be that much more likely to recommend your law firm to others.

Transparent Billing

A client provided with a bill in excess of the original quote is unlikely to share your contact information with friends, family, co-workers and others.  Alternatively, completely transparent billing has the potential to lead to multiple referrals.  Resist the temptation to tack on extra charges to billing, stick to the original quote for your legal services, honor your hourly rate as promised and you will be able to bring that many more clients into the fold.

How Law Firms can Protect Important Client Data

The space necessary to store law firm client data just keeps on growing.  From legal documents to records of client communications, case data and beyond, there is a seemingly endless amount of information to store as we transition to the next chapter of the digital age.  Even if your law firm can store all this data, it is imperative you take the next step by implementing the proper protections.  Digitization will certainly help yet going digital with all of your client data also create some issues in terms of privacy and cyber-security.

Honor Your Duty to Protect Client Data or Face the Consequences

The professional code of conduct issued by the American Bar Association mandates attorneys make reasonable efforts to prevent improper access to data as well as unauthorized disclosure of client data.  If a data breach occurs, the nightmare that follows has the potential to put your firm out of business.  Data breaches are a public relations nightmare yet they also have the potential to lead to harsh fines and even a malpractice lawsuit.  Unfortunately, plenty of law firms still rely on outdated data protection methods ranging from antiquated firewalls to weakly patched network/operating systems and outdated infrastructure.

There is also the matter of vulnerabilities stemming from employees.  Internal employees are vulnerable to malware and phishing attacks even though the proper security infrastructure might be in place.  Compromised client data will damage the firm’s reputation, force employee turnover and possibly yield a costly lawsuit.  Add in the expenses associated with downtime, subsequent repairs and restoring data and the breach of client data just might upend your law firm.  Let’s take a quick look at ways to safeguard data.

Manged Security Solutions

Establish updated firewalls, anti-virus protection and spam filters.  Such solutions monitor the network and tip you off to nasty vectors as well as already-compromised devices.  The bottom line is you need a way to regularly scan for threats.  Managed security solutions are the answer.

Plan the Response

You will also need the proper response in the event of a data breach.  Work with your tech and digital security teams to generate data protection/recovery strategies.  Develop a detailed response plan and you will not have to spend nearly as much time remedying a breach.  The best response plans incorporate a public relations angle that reduces the public fallout of the breach to preserve your law firm’s reputation.

Provide Employees With Digital Security Training

Employees should be assets as opposed to liabilities.  You can turn your team into diligent digital shields with the proper cyber security training.  The alternative is to hope and pray your team is at least somewhat tech savvy.  Be proactive, provide digital security training to your firm’s employees and you will minimize the chances of a data breach.

5 Ways to Improve the Security of Digital Payments

Nowadays, it seems like everyone pays with credit card as opposed to cash.  Online payments are certainly convenient yet they pose an inherent level of risk.  However, a business that does not offer an online payment option will inevitably fall behind the competition.  The question is how to ensure digital payments are processed in a completely safe manner.  Let’s take a look at a few tips that will enhance the safety of digital payments.

Respect the Need for Customer Data Protection

There is no reason to keep customer account data or credit card information across posterity.  Do not store customer data if it is not absolutely necessary.  If you must store data, encrypt it and keep it on a private network.  Do not provide anyone in your organization with carte blanche access to this data.  Your business needs an ongoing relationship with a third-party payment partner to guarantee payments are collected and transferred in a completely secure manner.

Recognize the Potential for Human Error

Employees tasked with handling online payments should be educated about the basics of digital security as well as cybersecurity.  These employees should understand the safety measures necessary to keep data fully secured.  From using VPNs to updating and securing software, protecting passwords and proper data storage techniques, a number of safeguards are necessary to protect client data.

Two-factor Authentication for Payments

Both parties involved in online payments should use two-factor authentication to ensure secure payments.  Two-factor authentication guards against fraudulent transactions and data loss resulting from identity theft.  Online systems taking payments as well as customers making those payments should confirm their identity through two separate methods, whether it is an email address, a phone number, password or bio-metric information.

The Issue of Compliance

All sorts of unique rules and regulations are applicable to law firms that accept digital payments.  Law firms that accept payments must comply with the standards referred to as PCI DSS.  This acronym is short for payment card industry data security standards.  It might also be necessary to rely on a third-party service to guarantee your firm is fully compliant with PCI.  Specific procedures must be established to safeguard files containing sensitive data in order to be fully PCI compliant.

Maintain a Safe Online System

When developing an integrated online system that accepts payments, you must guarantee the system is hosted in a secure manner.  Even if your firm is small, the security of your online system still matters a great deal.  The system hosting provider should adhere to the proper data protection practices and have all the right safeguards in place.  The site must be secured through SSL.  This acronym stands for Secure Socket Layer.  SSL ensures data exchanges between external parties and the system are properly encrypted.

The Uncertainties of Legal Billing can Diminish your Law Firm’s Bottom Line

Most attorneys are aware they have an ethical obligation to keep their fees at reasonable levels.  The Model Rules of Professional Conduct established by the American Bar Association states lawyers are not allowed to collect unreasonable fees.  The courts also mandate the obligation to provide legal services at reasonable rates.  The Supreme Court has ruled lawyers must apply billing judgment and make a concerted effort to exclude excessive, unnecessary and redundant charges/expenses.  The pressing question is what, exactly, constitutes a reasonable rate for legal services.

What is a Reasonable Legal Fee/Charge?

The vast majority of law firms have past due accounts.  Upwards of 40% of these past due accounts stem from the same clients who simply refuse to pay their legal bills.  However, plenty of clients simply dispute the law firm’s charges and fees.  These clients insist the fees for legal services are unreasonable.  Up until the past couple years, it was attorneys who determined whether legal fees were reasonable.  Nowadays, it seems as though clients are making this judgment on their own.

The Divisiveness of Hourly Billing

If you were to poll most clients, the majority would prefer to pay a flat fee for legal services as opposed to being billed by the hour.  Sadly, some attorneys fudge their billing hours to rake in the cash.  It is awfully tempting to manipulate hourly billing to one’s advantage.  If such alterations are unreasonable, trouble can arise in the form of contested and unpaid bills.

Even solvent clients capable of paying for legal services sometimes skip payment and dispute the invoice.  More and more clients are taking the initiative to argue legal fees are unnecessary or excessive.  Sadly, these disputes are often the result of poor communication between attorneys and clients.

Reasonable Billing is Mutually Beneficial

Attorneys who abide by the mantra of reasonable billing are that much more likely to retain client services across posterity.  Perhaps even more importantly, reasonable billing inspires clients to recommend the attorney’s services to friends, family, co-workers and others in their social/professional circles.  When in doubt, attorneys should avoid billing for legal work that is redundant, unnecessary and/or excessive.  If there is any question as to whether the fee in question is reasonable, it is in both parties’ interest to avoid the charge altogether.   After all, it will prove more profitable to keep a happy client in the fold than anger him or her and end up sending out one invoice after another without receiving payment.

A Quick Look at What Tax Firms Should Understand About Technology

The future is now.  Though we do not have flying cars or robotic servants as envisioned by sci-fi futurists, law firms and other professionals have myriad tech solutions available to make work that much easier and efficient.  If your firm is waiting for the tech of tomorrow to arrive, you will fall behind firms willing to make use of today’s tech advances. In fact, today’s tech has the potential to level the playing field between small tax firms and massive corporate firms that would otherwise dominate the market.

Today’s Tech

Your tax firm can leverage the latest tech by obtaining an understanding of what sort of solutions are available and how they have the potential to enhance business.  As an example, plenty of law firms still use tangible paper files as opposed to digital files.  If your firm has not yet made the shift to electronic files, you are wasting valuable time and resources.  It is also incredibly easy for digital documents to be altered and shared in a remarkably seamless manner.  Online document management solutions make it easier for colleagues and clients to rapidly exchange documents and keep those documents organized.  Shift to the cloud and you will be able to access important data as well as applications regardless of your location.  This fast and easy access minimizes your firm’s need for costly hardware.

It is Time to Automate

Tech has advanced to the point that digital data can be extracted from tangible paper through scan-and-fill tech.  Robotic process automation or RPA for short, clicks right on through interfaces to quickly translate data across programs.  It is possible RPA will soon eliminate the need for humans to perform data entry at law firms and other businesses.  However, it will take some time for law firms to hop onboard the automation train.  Beat the competition to the punch and you will free up your staff to solve more complex problems, press the flesh with clients and enhance your tax firm’s marketing.

Tools for Communicating With Clients

More and more communication channels open each day as technology continues to improve.  However, it is becoming more challenging for law firms to get clients’ attention when essential information must be retrieved.  As an example, it is nearly impossible to get someone on the phone unless several calls are made.  Plenty of clients and others ignore voicemails.  Make use of the latest communication platforms such as Skype for Business, Slack and Microsoft Teams and you just might find clients are more willing to interact with your firm’s representatives in a timely manner.

3 Factors to Consider When Choosing Cloud Providers

The cloud has become ubiquitous in a surprisingly short period of time.  However, most people are unaware of the differences between the public cloud and the private cloud.  It is awfully difficult to choose one type of cloud over the other when both have their own unique merits.  Do not feel bad if you have not yet mastered the nuances of the cloud.  This is a rapidly evolving technology that changes every couple years.  Here is a look at what you should consider before committing to the private or public cloud.

Understand What You are Purchasing

Take some time to to understand the difference between the private and public cloud before choosing one.  Use a private cloud and you will have a specific amount of resources available to your firm.  This approach empowers you to establish a permanent storage area for sensitive client information.  Alternatively, a public cloud allows you to tap into offline resources shared with other businesses.  Go ahead and scale your public cloud usage as necessary and you will find it is well worth the money.

Security and Compliance Concerns

Do not make a decision regarding the public or private cloud until you consider the compliance and security needs of your clients as well as client data.  From PCI DSS compliance to HIPAA and beyond, the additional security controls available through the private cloud might prove optimal for your organization.  However, if you are not overly-concerned with compliance and security, the public cloud might be best.

The public cloud presents the opportunity to access specific features as necessary at a comparably low cost.  However, the private cloud provides significantly more control, albeit at a higher price.  Consider your organization’s unique budget and growth plan before making a decision.  The cloud option you select will allow for growth while simultaneously protecting your firm’s future.

Your Cloud Decision Will Matter for Years Into the Future

Do not make a decision about the public or private cloud until you consider what your business might be like several years down the road.  The manner in which you use your data and the rate at which your business grows matter a great deal in the context of the public/private cloud decision.  Though the private cloud costs a bit more, it will ameliorate the challenges of expanding your business and storing years of client data as time progresses.  However, the public cloud might prove to be the better option if your firm serves a litany of clients and anticipates the current flow of business will continue well into the future.

Why Cybersecurity Standards are so Important for Attorneys & Legal Staff

Legal services are centered on data and knowledge.  An attorney-client relationship is the foundation that underlies the rendering of legal services.  If attorneys do not protect their clients’ data, it is only a matter of time until those clients flee to the competition.  If your law firm has not yet implemented the appropriate cybersecurity standards, it is time to add them now.

Every Attorney Should be Aware of These Threats

An array of articles have detailed the extent to which attorneys are being targeted for cyber attacks.  After all, law firms have some of the most valuable data on the planet.  Between trade secrets, healthcare data, information that moves the market and beyond, law firms have a bevy of incredibly important data.  Sadly, cyber criminals are looking for every opportunity possible to make money from highly sensitive data.  Law firm partners should take the appropriate steps toward enhancing cybersecurity.  Such a risk assessment should adhere to the standards set by the top cybersecurity authorities.

An Explanation of NIST

The National Institute of Standards and Technology or NIST for short, sets the guidelines and standards for digital security.  In fact, the United States government relies on NIST standards for cybersecurity.  NIST standards should be thought of as the best practices for digital security that can be implemented in a truly practical manner.  NIST standards are updated with regularity to ensure cybersecurity standards remain current.  The NIST SP 800 documents explain cyber-threat prevention practices down to the very last detail.  Though such standards are not required by law, every business owner including law firm partners can benefit from implementing them.

In short, NIST pinpoints systems that have highly sensitive data, separates sensitive data from data that cannot be used against the organization, limits access to sensitive data to authorized employees, encrypts data and calls for the regular monitoring of sensitive information.  Furthermore, all employees should be trained on the best practices in cybersecurity.  The final layer of security is to perform an assessment of every system’s vulnerability (or lack thereof) to hackers.  It is in your interest and your clients’ interest to implement NIST standards as soon as possible.

Do not Sacrifice Security for Efficiency

As time progresses, more law firms will implement artificial intelligence (AI) and other digital shortcuts of sorts to reduce time-consuming activities and ramp up efficiency.  However, there is a chance the implementation of tech solutions will diminish data security.  Every single application your law firm implements should comply with the best practices of cybersecurity.  Otherwise, there is the chance for improvements in efficiency to be compromised by a corresponding reduction in security.  Restrict your use of legal apps to those in full compliance with NIST or other widely accepted cybersecurity standards and it will be that much easier to maintain a truly impenetrable digital shield.