For hundreds of years, lawyers have regarded the original “inked” paper as the true mark of authenticity.  Photocopied documents were regarded as susceptible to forgery and/or fraud.  But the times in fact are changing.  Authenticity of paper documents can now only be verified if each page of the document is signed.  It has become much too easy for the content of the unsigned pages to be modified after the fact.  How is this possible, you ask?  Well, the newest versions of Adobe Acrobat are mostly to blame.

Adobe Acrobat’s New “Edit” Tool

For well over a decade, anyone using Adobe Acrobat (the full version, not the reader) has been able to redact a scanned document to remove sensitive information (the “Redact” tool).  For just about as long, users could also fill in forms, so they appear to have been completed on a typewriter, rather than filled in by hand (the “Typewriter” tool).  Both of these tools were highly useful for attorneys.  However, the use of either of these tools was generally noticeable in the document.  The typed text looked like it was typed in after the fact, rather than part of the original document.  The redact tool left a blank area, making it fairly obvious that something was removed.

That all changed, with the new Adobe tools introduced over the last few years.  The form-filling function of the typewriter tool was replaced with the “Fill & Sign” function, which now allows the user to complete a fill-in form and even place a signature, like a rubber stamp, on the document.  The “Redact” tool remained unchanged.  But a terribly scary tool got added.

The new “Edit” tool.  It is at the same time both amazing and terrifying.  Here’s what you can do with it:  You can open a PDF file (or scan a document into PDF) and actually edit it, as if you were using a word processor (e.g. MS Word).  Truly terrifying is that the application doesn’t just match the font, and the font size, and the color, and the formatting, but it even goes so far as to match the print quality and the background noise.  You can quite literally scan in the pages of the document you want to change, edit those pages, preserving the look and feel perfectly, reprint those pages, and send back a document that appears, on quick examination, to be the original you received.  But upon very close scrutiny, will be found to contain substantive changes.

So, what do we do now?  Well, there are three practical solutions:

Sign Every Page

If you’re going to send out contracts for counter-signature, and you insist on using paper, make sure each page contains an actual inked signature.  While Acrobat will scan and reproduce the signature beautifully, it will still be a “printed” signature, so that a quick examination of the back of each page will reveal the indentation marks from the pen, while a printed copy will not.  If you do take this approach, make sure to check each page for pen marks.

Inspect Every Word

If you’re not able to have your client execute every page, upon receipt of a counter-signed document, you must inspect every word.  While it may very well be actionable fraud for opposing counsel to edit the contract surreptitiously, before returning a counter-signed copy, the fact that you could pursue opposing counsel will not make you feel all that much better, when your client files a malpractice claim and a grievance against you, for failing to make sure the executed documents were in fact accurate.

Now I’m not suggesting that you need to manually examine each word.  Here, Adobe Acrobat and Microsoft Word are still your friends:

1. Scan in the document.
2. Use the OCR (optical character recognition) tool in Acrobat to make the document ‘readable’.
3. Export the document from Acrobat into a Word file.
4. Use the Compare tool in Word, to compare your original document with the one you received.

Now this method has a catch.  The formatting changes in the export process will make Word register quite a few changes.  However, all of those changes should be ones of format, and not of substance.  If you see your revision output show crossed out or underlined words, be cautious, as that suggests differences between the drafts.  Again, be cautious, as the formatting changes during export may confuse Word into displaying that a word or sentence of paragraph was deleted in one place, only to show it inserted an inch later.  The take-away:  if you’re going to use the “Compare” tool in Word, be sure to double-check its output before believing that any substantive changes took place.

eDocs – Problem Solved

So how do we get rid of these issues and have peace of mind?  Locked electronic documents.

How does that work?  Well, you upload your finished work product to the site as a PDF.  You tell the site the location(s) on the document where the signor(s) must initial, sign, date, populate fill-in blanks, et cetera.  You then designate who the signor(s) is/are, and who has the ability to interact with which field.  You then provide the signor(s) email address(es) and the website will ship the document for signature.

Except it won’t ship the actual documents.  It will not allow the signor to download an unsigned document and manipulate it.  Instead, it provides the signor with a link to view the document on the website.  The signor can then elect to e-sign the document.  Depending on the authentication type selected and offered by the site, one of a few methods will be used to verify the signor’s identity.  The site will also record and track the IP address, MAC address and lots of other info about the signor, creating verifiable proof of who signed, when and where they signed, and most importantly, what they signed.

What you end up with is a digital copy that each party can then print form the online repository, with the online repository having clear and irrefutable records as to the content of the document.

Lots of different online solutions now exist for the e-signing of documents.  While I won’t endorse any particular website on here, anyone having further questions and looking for a recommendation for their own specific use can feel free to email me.

Law consumers are savvier now.  They are using a variety of online tools to find attorneys. 74% of potential clients use an online search to find a lawyer. 25% are using YouTube to research their legal issues before they reach you.  While people are putting technology to good use, they still want the same thing from a lawyer: your legal expertise and your reassurances.

Legal plan buyers need your legal knowledge but also crave human kindness as they work through their legal problems.  Today’s law practice requires you to have a high level of emotional intelligence to navigate successfully when the old rules don’t quite apply.

What is EQ?

Emotional intelligence is the ability to monitor one’s own and others’ feelings and emotions, to discriminate among them and use that information to guide one’s thinking and action.  Peter Salovey and John D. Mayer

Salovey and Mayer were the early pioneers in developing the field of research known as emotional intelligence or EQ. While IQ measures your intelligence, and is a static measurement, EQ skills measures your ability to manage emotions, can be taught and naturally increase as you age.

EQ has been proven to be a key factor in professional and financial success as well as happiness.

Daniel Goleman, author of Emotional Intelligence at Work, who popularized emotional intelligence in the 90s, identified four pillars of EQ:

• Self-awareness – Identifying and understanding your emotions and the emotions of others
• Self-management – Managing your emotions, adapting to change, taking the initiative
• Empathy and social awareness – Sensing the feelings of others, reading a social situation and anticipating needs
• Relationship management –  Managing conflict, fostering collaboration, inspiring others

Be EQ Strong

Good attorneys are trained in law school to ignore distracting emotion in favor of logic. Think like a lawyer. Be detached. I know many lawyers who are irritated or dismayed by their client’s seemingly irrational behavior. They fear being pulled into emotional quicksand. Hence, they take a ‘stiff armed’ approach that distances their client from them.

High EQ attorneys understand that acquiring these coping skills enable them to better serve their clients. They can understand and redirect those negative emotions so clients don’t ‘cut off their nose to spite their face’. Because of their transparency and empathy, these attorneys gain the trust of their clients and retain their satisfied clients longer. This attention builds a bond that leads to more referrals and greater financial success.  You can reap the benefits of emotional intelligence too.

4 Reasons Enhancing your EQ is A Good Move lawyer

1. You stress less. Work is easier.

When you have high EQ, you are more able to adapt to change and tolerate the ambiguity that can be part of working remotely. You can let go of issues or mistakes because you have coping mechanisms and feel positive about your competency. You have the communication and social skills as well as the confidence needed to speak up for yourself and set boundaries when necessary.

2. You connect more. Work is happier.

When you have high EQ, you are an intentional listener and more empathetic. You’re better able to identify commonalities and tactfully handle difficult topics, which builds trust.  You see the people as balanced with good and less than good qualities without judging.  People are drawn to you because they feel heard and acknowledged.

3. You have a growth mindset. Work is more fun.

When you have high EQ, you are eager to try new things. You recognize that failure is part of growth and you have a growth mindset.  You aren’t afraid of being wrong or challenged. You have the resilience to try new areas and gain new marketable skills and deeper satisfaction in your work.

4. You know your value. Work is more lucrative.

When you have high EQ, you know your strengths and their value to your clients and the world. You understand how your role impacts others and you have the confidence and the communication skills to convey your value to others. You also know how to connect quickly with others because of your social awareness high which leads to more clients.

Not sure about your EQ?

Determining your personal EQ is a good idea.  You know the benefits of high EQ as discussed above.  But, what are disadvantages to working with low EQ? 

Low EQ is a problem. Low EQ is linked to lower performance, lower productivity and lower earnings, per a study by Cherniss, another EQ researcher. People with low EQ are more likely to change jobs, as you might imagine, because their people skills are poor.

You might have low EQ if you are experiencing any of the six statements below as true for you.

6 signs your EQ may be low

1. You      have a tough time accepting or making change.
2. You      struggle to work in a team setting
3. You      have a hot temper
4. You      don’t know or care what others think
5. You      tend to be negative or see obstacles easily
6. You      don’t like to try new things

The best way to determine your capacity is to take an assessment such as the one found at TalentSmart. Travis Bradbury, the author of Emotional Intelligence 2.0, offers a free test with the purchase of his book.

Take the test.  No matter how emotionally smart you are there is always room for improvement. This is personal development work that should be part of your life-long learning as an attorney and a person.

I recently took the TalentSmart Assessment after being a conflict expert for 20 years.  I was pleased with my score and agreed with both the areas for improvement and the practices that were suggested.  You can take the assessment as a bonus when you purchase Emotional Intelligence 2.0

Mastering EQ is a strategic move that can only bring good things into your life and law practice. If you want to be ready for the changes to come and ensure that your work life to be easier, happier and more lucrative then I invite you to explore and enhance your emotional intelligence.

All men should strive to learn before they die what they are running from, and to, and why.  ~ James Thurber

Bio

Dina Eisenberg Esq is the award-winning Legal Ops Strategist who teaches lawyers to delegate, automate and design a law practice that fits their life. Learn more about her coursework and consulting at http://OutsourceEasier.com

As attorneys, you may regularly use a standard that the fictitious ‘reasonable person’ might demonstrate.  At my firm, we spent much of 2017 determining just how that standard translates to cyber security.  What security measures are reasonably well known, relatively easy to implement and widely available?  When it comes to a data breach, and negligence is suspected, where do we draw the line as to what protection we should have had in place?  As in many professions, attorneys using Information Technology in the course of their businesses are simply out of their element to properly consider the risks in using these products.  Most Information Technology products are a work in process, constantly changing and updating.  As the software developers address one vulnerability, another opens.  The entire landscape can change from one day to the next.

When it comes to regulations, we don’t get much relief.  Depending on the nature and location of your practice, your firm will be subject to state and/or federal regulations.  In most cases, the regulations are out of date or too generic for you to easily interpret specific actions you should be taking.  Depending on who your clients are, they may impose additional or specific restrictions on your usage and care of their data in your files.  On top of all that, you have professional standards and ethics to consider.   Just how is it possible for a small firm to merge all of this into a proper protocol for their office?  If there is a breach in your firm, there will be lots of questions asked about what you did to protect data.  Your actions may be compared to what a reasonable person (or reasonable professional person) might do.

Information Technology is commonly perceived as complex and somewhat overwhelming to many people.  The complexity leads to fear. Fear, in turn can lead to all kinds of dysfunctional behaviors.   Avoidance comes to mind as one of those behaviors.   In all seriousness, however, we do see firms successfully navigate Information Technology and Cyber Security risks successfully.  Their secret is to keep it simple.  To keep it simple, you just need to break down where your risks may lie.  My philosophy as a cyber security professional has always been to focus on the basics.  Time and again, we perform risk assessments and identify simple security measures not taken.  The basics also represent the biggest opportunities to reduce risks with the least cost and effort.  These are the low hanging fruit.  Once you’ve nailed the basics, the cost and complexity of measures you may take beyond those increase exponentially.

What’s the secret?  The secret is to nail the basics.  As a small firm, nailing the basics will most likely buy you compliance with state and federal regulations, contracts you have with your clients and meet or exceed professional ethical standards.  The basics also go on par with what a reasonable person would do to protect data entrusted to them.  The basics break down into categories of People, Process and Technology measures.   The key to getting them right is to first address the Process part, then implement technology and training to manifest your process vision.

Keep in mind that your success lies in staying true to the concept of keeping it simple.  Take the Process part.  We see a lot of clients break their workflow down in to 1 or 2 pages of what to do and similarly, what not to do.   That sounds simple and mostly is.   From a process perspective, a basic tenant is to contain your data inside your control at all times.  Absent a directive from the partners, employees will use what they must in order to get the job done.   In assessments I do, I routinely see client data scattered between office servers, local computers, laptops, employee personal mobile devices and the ubiquitous Dropbox or one-drive accounts.   Cloud technology has simply amplified the chaos in these cases by giving employees more places to stash data.   Here’s a simple policy you can put in place to contain, control and protect client data in this situation.  ‘All files must be stored in your company DropBox folders.  A company DropBox account has been provisioned for your use when working with internal company documents or client case files.  You will receive training on file and folder structure usage and naming conventions.’  With these 4 lines, you’ve solved a mess of leaked data and reduced your exposure to losing or accidently disclosing client data.   You’ve also gone a long way towards solving the backup and disaster recovery question.  By placing files in the company DropBox, you not only contain your data, but you back it up as well.

There are, of course, more risks you may face in implementing this policy.  Let’s refine this a bit.  We still have the risk that the DropBox files may be accessed from by unauthorized device from an un-authorized location.   To expand on the policy, you can and should keep a lid on where the DropBox files are accessed.  Here’s another example.  ‘All employees must secure their respective DropBox account by using a strong password enabling 2-factor authentication in their security settings.  Employees may not access their company DropBox from home or personal computers or mobile devices. All access is logged.’  We are really cooking with fire now.  We have seven lines in our policy, and we’ve already contained our data, backed it up and made it easy for employees to find the files they need to do their job quickly and efficiently.

A reasonable person may ask at this point, what happens to all of the DropBox files cached on computers, and are they safe?  That’s a good question.  We should answer that by locking them up.  ‘Computers and mobile devices used to access the company DropBox must be encrypted.  Windows computers must have the BitLocker feature enabled.  Mac computers similarly must have the FileVault feature enabled.  You will receive training on how to enable these features.  Backup encryption keys are to be stored in the company DropBox.’  With just a few straightforward and easy to follow policy guidelines, you’ve ensured that all of your client data is encrypted when at rest and when in transit within the confines of your firm’s practice.  There’s more to come on data in transit.

Documents are the core, tangible work products of your firm.  Similarly, email is the glue that’s going to mesh your firm with its clients and others.  The thing about email, however, is that it can be extremely unsecure if not used with intention and process.  A standard email, when traveling between you and its recipient is like a postcard riding in trucks and passing through postal facilities.  At any point, it may be subject to disclosure or loss.  It may be copied and archived on one of the waypoints.   Let’s consider a policy example that can address this.  ‘You will receive a firm-specific email account for use in conducting the firm’s business.  You must use this account for all firm business conducted over email. Under no circumstances may you use a personal email account for conducting company business.  Mail containing sensitive content must be encrypted when sent.  You will receive training on how to use the company email system and how to send and receive encrypted messages.’  With those few lines, you’ve now contained email communications to your firm’s designated mail system and arranged for encryption of data in transit.  

Can you guess where we are going next?  A reasonable person might be concerned about email being stored in unsafe locations or, god forbid, on personal mobile devices.  Let’s deal with that.  ‘Employees may access their company email from computers at the office only.  Under no circumstances may employees connect or cache company email on their personal mobile devices.  Company mobile devices used for access to email must have a passcode lock and encryption enabled.  You must enable the 2-factor authentication setting on your company email account.  You will receive training on how to access email securely and enable a passcode on your device.’  Wow, that statement does a lot to reduce cyber security risk in your firm.

Documents and email for sure make up a lot of work that is done in your firm.  Stepping back and looking at Cyber Security as a risk management problem makes it easier to grasp.  Now you understand how to easily deal with some of those risks by looking at how you handle documents and email.  Depending on the nature of your firm, these areas are going to represent a good portion of your overall cyber security risk.  Is it 30%?  Keep in mind that it is impossible to eliminate cyber security risk entirely.  We are simply going for the standard of what a reasonable person could and should do.  For sake of discussion, let’s say that documents and email do actually represent 30% of the exposure in your firm.  With some simple measures and policy statements, we’ve done a good job of managing that risk.  Any reasonable person is going to look at this and say, ‘good job’.

I talked about your overall risk in terms of people, process and technology.  We’ve spent some time on the process part by coming up with the policy statement examples.  Now for sake of discussion, let’s assume that people are 30% of your exposure.  Consider things that people may do on their computers and mobile devices in the course of their work.  Also consider what damage they may do absent of training to keep them in check with your carefully crafted policy.   Hold that thought and we will come back to this in a minute.

I also mentioned that technology plays a role.   I’m going to estimate that technology represents 20% of your risk.  You must be asking, now, Did I just hear a technology vendor say that technology represents only 20% of my cyber security risk?  Yes, you did.  The message you may be used to getting from technology vendors is that their specific product solves all of your cyber security problems.  Get our anti-malware software on your computers and forget about it.  I submit that technology, per se is, not your greatest source of risk.  The risk lies in how you use it.  Using it in the context of the policy you’ve put forth makes it much less risky.

You will need some technology to reduce your risks, but it’s a small part of your strategy.   Once you have your policy, you can match it up with some technology solutions to allow your grand strategy to take shape.  There are lots of competent vendors, and now you know specifically what you want, so you will be in the driver’s seat when buying these products.  It’s important that your vendor understand your data security and privacy objectives when putting together the products you will use in your firm.

Now back to the people part.  This is the MOST important part of your strategy.  Your people must be clearly informed on the risks facing your firm and the strategies you have in place to reduce risks.  Your success in reducing your exposure comes down to what your people do with your client data day in and day out.  Your people need to follow the policy and process to keep your data safe.  They also need to know how to recognize when something goes awry, or when someone or something tries to coerce them into spilling data.   Small firms have great results using a recorded web meeting attended by partners and employees of the firm.  During the meeting, key points of the policy (process) and technology measures are discussed with everyone.  Employees have the opportunity to ask questions which are recorded and archived for viewing by new employees when they come on board.  The training sets the bar of how a reasonable person in your firm handles client data.

You might be thinking, at this point, that our risk spectrum only adds up to 80%.  What about the other 20% of my exposure?   Did I over simplify the process?  Yes, this list is not all inclusive and although you will reduce your risks by following these instructions, there are lots of other risks facing your firm.  You will face diminishing returns as you dive deeper into the topic.  That’s why I recommend starting with the basics.  You will get the most reduction in your risks for the least amount of cost and effort by making sure you have the basics handled.

At the point you feel you’ve nailed the basics, or you just want to supplement what you’ve done so far, you may want to consider buying some insurance to address the residual risk.