Cloud storage for documents is a commonly used tool, and for good reason. It cuts down on the continuing need to find a way to expand a law firm’s physical storage ability. It creates the ability for law firm employees to access documents from practically anywhere as long as they have access to the Internet. Many cloud storage providers even enable the sharing of documents with others outside of an organization. Really, what’s not to love?
Well, it turns out that if your law firm uses cloud storage, you must make sure that you’re using the right provider that can give you the data and document security required by your jurisdiction or as recommended by the ABA.
Aren’t All Cloud Storage Providers the Same?
DropBox, OneDrive, Google Drive, Nextcloud, iCloud, Amazon Cloud…there are so many cloud storage options out there. Aren’t they all the same? Well, the truth is…no. In fact, the ones I just named are all generalist cloud storage providers. They aren’t specifically designed to rigid data security standards often required in individual jurisdictions. Sure, you can get document storage, share documents, and access them from practically anywhere, but they might not provide you with the data security you need. It also may not have the features and tools you need.
If you use practice management software, check and see if they provide cloud storage. If they do, it might be easier for you to contact them and ask if they provide extra storage (if needed) and what the price would be.
Document Security Considerations
If you plan to use Google Drive, OneDrive, DropBox, or another general cloud provider, there are some security considerations.
Know your options for sharing documents. Generally, document sharing with these platforms can happen in two ways. You can either send out an email invitation to someone who can then access the document or you can create a link that you can share with whomever needs access. Here’s the problem: you’ll also need to remember to make the document view only for those you invite (unless it is someone who needs to add on to or edit a document). And the link situation? There are two important points:
- You’ll need to remember to set the link to read-only.
- You’ll need to remember that anyone with that link can access the document. If that doesn’t scare you, it should. It very well could impinge on your duty as a lawyer to maintain confidentiality of client information and work-product.
Can you actively track who changes something in a document? Going back to confidentiality and data security, it’s important that whatever cloud storage program you choose allows you to see how made changes and when those changes were made. Although it’s not quite the same as version management that you may find in dedicated document management systems (DMS), it can help you monitor your documents.
Multiple editors can work on a document at the same time. While collaboration is often a great feature, it may not be what you’re really looking to do. It’s not so bad if you only have two people with verifiable editing access for a document. However, if there are multiple editors, all of those changes may be made at once. That could make managing the integrity and content of the document more difficult.
What Features Should a Law Firm Look for in a Cloud Storage Provider?
Okay, so maybe you’re at least convinced that perhaps you should look at cloud storage providers that cater exclusively to the legal community. What features should you look for when you’re doing your research?
Start with security. Find out any jurisdictional requirements you need to meet as far as data security. Also, consider the type of law you practice. Someone who practices personal injury should look for cloud document storage that meets HIPAA standards. Bankruptcy, real estate, and other practice areas involving sensitive personal information such as bank account numbers and social security numbers should look for a cloud storage provider that has the same security standards that banks and investment firms use.
Consider its search function. If you don’t have a huge practice that generates a lot of documents, you may be alright with a general search function. However, if you can find a provider that gives you optical character recognition, that’s even better. Basic search involves tagging of documents, document names, and folder names. It may also include metadata, such as the name of the author. With optical character recognition (OCR), the documents are read by the system. You can search on any word or phrase you remember and the system will look at all of the basic search data plus the inside of the document. If you’ve ever used Evernote and ran a search, you’ve used OCR.
Does it integrate with your commonly used programs? Cloud storage is about data security and about convenience. Look for a provider that integrates with Microsoft Word and Outlook. It’s more preferable that it integrates with Microsoft Office. If you use Office 365, make sure that it integrates. DropBox integrates with a lot of various legal practice management solutions as does OneNote. Drafting or editing documents directly into the cloud drive is important. Otherwise, you have to download the document, make your changes, and upload it. How many rouge copies of a document do you think could be floating around a law firm because people meant to upload the new version and forgot? And don’t forget the fact that many times people will overwrite the existing copy. So, there’s no guarantee that all changes will be integrated (this is why version management is such an important feature).
Clouds Are Great Tools, But Security and the Right Features Are Essential
Clouds are great tools for law firms. However, it’s truly essential (in the name of meeting your ethical obligations as a lawyer) to make sure that you have the right security. And a cloud document storage provider could end up being more trouble than you thought if it doesn’t have the features you really need. So, make sure you do your research and choose accordingly!
As the majority of law firms continue to move much of their practice management online, there remains a serious concern. Those of us lawyering understand the importance of protecting the sanctity of attorney-client privilege and work product. That existed before we all started going digital. And now? The new concern is: how do we protect law firm data the right way?
ABA States Lawyers Should Take Reasonable Efforts to Protect Data
ABA Model Rule 1.6(c) states that lawyers “shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” When you think about it, that’s a tall order. What is a reasonable effort? And how can you protect all law firm data?
Unfortunately, there’s no way to protect all of your data all of the time. Data security problems from software, malware, ransomware, viruses, phishing attempts, and data breaches happen. The digital landscape changes so fast that there is no such thing as constant protection from every existing threat.
Fulfill “Reasonable Efforts” by Using Law Firm Data Protection Best Practices
It may seem like we’re all now expected to become cybersecurity and data protection experts. That’s not the case. You always have the option to hire a reputable IT team that has verifiable experience working with law firms to protect data. Do not hire just any local IT company. You really need professionals who understand the data protection requirements set in your jurisdiction as well as the best possible current security standards to protect your data based on the type of law that you practice. For example, a lawyer who primarily handles cloudy titles and easements still needs to secure their data, but they won’t need to worry about HIPAA requirements. Whereas, a lawyer practicing personal injury law or insurance defense may have sensitive medical information about people involved in accidents of some kind.
With that being said, let’s talk about some best practices you can use to protect data while you continue to use the online legal tools that make your law firm life easier.
Know Thy Legal Tool Provider
One of the best things you can do to protect law firm data is to really know what sort of data security your online legal tool program provides to you. This information is very simple to find. Go to their webpage. The most reputable and trusted companies either have their security information on their home page or they have it in an easy to find location, such as the page devoted to features or a page devoted to how they protect data.
Then, consult Google. Look them up with the words “hack,” “data breach,” “ransomware,” “malware” or “back door.” The goal of this is to determine if the provider has known problems. This is particularly important because while the major industry software players will create patches and fixes for known issues, other companies may not do this. The best companies will make on-going data security a main concern. They know they won’t continue to have a viable future without staying on top of potential security issues.
Consider Whether Your Firm Needs a Policy Limiting Personal Device Use
Sometimes, law firm data isn’t compromised through an office workstation. It’s compromised because law firm employees use their own personal devices to work on client matters. And that can be a serious risk. Depending on the type of law that you do, you may need to create and enforce a policy that limits personal device use for firm matters. Yes, that may seem extreme in a world where everyone works from a remote location at least on an occasional basis. However, personal devices may not be secure. You may want to talk with a data security professional to assess whether this is necessary for your law firm.
Use Secured Passwords for Every Program
Everyone in your law firm should use secure passwords for different programs. Ideally, they should not use the same password for every program. Don’t use common passwords. (And please don’t participate in the “I want to learn more about you…where did you go to school in first grade? Where did you graduate? What was your first car? Favorite teacher?” social media “game.” Those ask a lot of password reset questions.)
One option is for everyone to use LastPass or 1Password to help establish and store secured passwords. Randomly generated passwords, such as those that both of the previously mentioned programs can generate, are the most secure.
Working Remote? Just Say “No” to Free Wi-Fi
Technology allows us to work from anywhere as long as we have an Internet connection. If you’re working remotely, stay off the free wi-fi. That’s where data is often stolen. If you must work remote from someplace other than your home (on a secured Internet connection), get your own secured mobile hot spot. Find out if your phone allows you to tether for data. If it does, find out how you can make your own Internet connection more secure (pro tip – turn off your Bluetooth). If you’re working from an area that is less than secure, use a VPN. They’re fairly inexpensive and they are invaluable to data protection.
Use Two-Factor Authentication
If it’s provided by the technology you use, make sure that you have two-factor authentication turned on. If you’re not sure what that means, it means that it takes more than your password and username to log-in. It may include a special code that is generated and texted to you. It makes it more difficult for someone to use your credentials to access sensitive law firm data.
Use Secured Networks
The Internet connection in your law office (and in your own home) should be secured. At its most basic, this involves changing the router’s default password and enabling WPA or WPA2 encryption. It also involves making sure that your router is running off the most updated firmware for it. You can also set up your network to only allow the computers within your law office to connect to your Internet through the use of Media Access Control Addresses.
Encrypt Your Data
Talk with an IT professional about how you can encrypt emails, documents, USB devices, and even hard drives. There are a lot of options for encryption. It’s important that you’re educated. The best possible education is by an IT professional who works with law firms. They can explain what you need and your options. There are also a lot of walk-throughs available online that can teach you how to encrypt files on your computer. However, it’s important to consider your own technical abilities before you attempt to do this. It needs to be done the right way.
Stay on Top of Phishing and Phone Scams
We’d all love to believe that email (phishing) and phone scams are obvious. Yet, there are a lot of convincing scams out there. There are IRS scams, utility scams, and bank scams. There are also remote IT support scams. You must stay on top of phishing and phone scams. If you have a question as to whether what you’ve received in an email or over the phone is legitimate, contact the actual company or agency that someone claims they are with. Remember that these companies will never ask you for a username, password, or other sensitive data. Keep in mind that some scammers know this and they’ve up their game by taking people to look-a-like sites and gaining credentials in that manner.
The best possible thing you can do to protect your law firm data is to stay educated on what’s happening. You don’t have to become a tech or cybersecurity expert. Just make sure that you’re reading about what’s going on so that you are prepared to hopefully prevent it before it becomes a problem for your firm.
The Truth about Why Some Law Firm Employees Refuse to Embrace Legal Tech (and What You Can Do about It)
If legal technology truly makes law firm life easier for everyone in your firm, why is it so difficult to get law firm employees to embrace it? The truth of the matter is that unless everyone in your law firm uses legal technology, it will make your work more difficult. Why do some law firm employees refuse to embrace legal tech? Is there anything you can do about it?
Don’t Law Firm Employees Want an Easier Work Life?
There are a lot of legal tech options to choose from, and all of it is designed to improve the daily workflow of the law firm. Why don’t employees want an easier work life? Yes, of course they do. However, depending on the employee and their tasks, they may feel like the legal tech that affects them makes their life more difficult instead.
There may also be some law firm employees who refuse to use legal tech because they don’t understand how it actually works. While many employees come into the law firm with a good understanding of technology and how it works, some employees may not have an understanding of software outside of Microsoft Office and other basic computer programs. They may feel that they’re expected to know and they’re not comfortable enough to ask for help or for more training.
You may have an employee (or maybe more than one employee) who used the legal technology in question and had a bad experience with it. The cause of the bad experience really doesn’t matter in their mind. It sticks with them.
And, of course, there are some people who just don’t like change. They live and die by the old ways. They may mask their general dislike of change with what may be perceived as a reason. You can tell the difference between an actual concern and just not wanting things to change by considering past experiences when the law firm has implemented new software, policies, or procedures. The past changes don’t need to be significant ones, either.
Can You Really Make Legal Tech Implementation Easier for Your Employees?
Once you have a general idea of why law firm employees don’t fully embrace the legal technology you’ve chosen, is there a way that you can make them more apt to use and maybe even enjoy it? While we certainly won’t say that we believe every reluctant employee may eventually chomp at the bit, pinpointing their reason (or reasons) for disinclination can help you come up with a plan.
In fact, you may even be able to minimize future problems. How? By first getting feedback from law firm employees about what sort of legal tech the firm needs and asking for feedback and suggestions. Your employees can tell you if they’ve had a poor experience with certain vendors, this can be a valuable learning experience for you. You can ask about what they felt happened that made it a bad experience. Is it something that may be solved? Did it add too many steps to their existing workflow? Remember that legal tech is about making life easier at work, not harder. They may be able to give you suggestions on legal tech that they feel would be a better fit.
Take Employee Feedback Seriously
When you implement legal technology of any kind, it’s crucial that you take employee feedback seriously. You may have a general idea of how they go through accomplishing their assigned tasks, but unless you’re in the trenches, you may not know how the software impacts them first-hand. You need your law firm to be efficient just as you need your employees to feel happy.
Reassure Employees of the Purpose of the Legal Tech
There is a huge fear in the legal industry. That fear is that legal technology will take away jobs. That fear stems from the continuing growth of the artificial intelligence segment. Of course, there are certain movies that certainly don’t help with that impression. Not all AI has the ability to learn; it has to be designed to learn. AI, like other components of technology, is supposed to be a convenience that makes life easier.
It’s important to reassure employees that while there may need to be some extra training to fully use it, you’re not adopting it to put them out of a job. Technology is great, but it’s not human. It doesn’t have the experience of someone who’s worked in the legal industry for years. Legal technology runs on a set of rules. It follows only those rules. It doesn’t “think” outside of those rules. In the legal field, we need people who have the ability to know and implement certain rules when creating documents, but we also need them to have compassion and the ability to reason and consider what is best for the client.
Thorough and Continuous Training without Judgment
Do not neglect training because you believe that each and every one of your law firm employees know how to use a computer. While a lot of legal tech options are easy to learn and use, there are some nuances and there can be some learning curves. For example, with client documents stored in a DMS, you may be able to implement a check-in and check-out system for documents. Checking-out a document to edit it makes any other copy opened read-only. There may be version comparison tools, auditing tools, and other really useful features that your employees may not know anything about.
You can usually seek out initial training from the software vendor, but it may be surface level or not provide individual training to each employee. You may need to find someone in your law firm who is extremely savvy and considered a “super user.” A “super user” is someone who knows how to use practically any technology that is placed in front of them. They just seem to immediately catch on. They are usually enthusiastic about it, too. If your “super user” tends to get along well with others in the office, consider enlisting them to provide more thorough training.
You need to have someone experienced with the software, be it someone provided by the vendor or even an external third-party who specializes in legal tech training, ready to provide additional training if needed. They should be available for questions and for in-person training where needed.
It’s very important that the initial and on-going training takes place in a way that feels open and friendly. Law firm employees will not feel comfortable asking questions or even using the software if they feel that they’re being judged. Make sure your law firm employees know that you don’t expect them to be perfect. You just want to make work life easier for them.
And for Those Who Just Don’t Like Change?
Continue to reiterate the merits that the legal tech directly provides. It’s important to make sure that they feel as if their concerns, questions, and feedback are all voiced. Sometimes, people just feel the need to be heard and like they are part of the process. That feeling of inclusion is sometimes all that is needed to get people on-board.
Adopting Legal Technology Can Be Scary
Legal technology can be quite a change compared to the old way of how your law firm operates. It’s important to keep that in mind! Allow appropriate time and provide the proper resources. You’ll find that it’s easier to get your employees on board!
Considering the title of this year’s conference, I hope I have some ideas about well, charting the course of the GLSA. Looking back, group legal has always been a great idea. Consumers and those acting on their behalf devise a system to pool resources to obtain better services that may otherwise be beyond the reach of an individual. In fact, it is hardly a novel idea. The concept is the basis for so many industries– insurance, health care, education, and banking come to mind. The concept is undoubtedly a perfect fit for legal services. In my twenty-plus years as a lawyer working in the industry, I have no doubt it is the most powerful tool ever devised for attorneys and clients to find one another.
Looking forward, the consumption of legal services will exponentially increase in the coming years. The access and ease that technology provides will make certain. How do we make certain, Legal Plans and a growing population of prospective clients, receive the full benefit? In no particular order:
- Group legal services must fully embrace technology. If not we will be beaten by those who deliver technology-based legal services without the involvement of a lawyer. This is bad for lawyers and I am steadfast bad for consumers.
- GLSA must increase efforts, on a State and local level, in the professional conduct re-regulation process. A sea change is occurring. Look no further than the clarifications and liberalization of the solicitation rules in new ABA Professional Conduct Model Rule 7.3. See for instance, the Future Reports being published by many Bar Associations. Local and voluntary Bar Associations are debating their place in the brave new world of technology-driven legal services. We have to help these organizations make the natural connection that the group legal industry is built to embrace technology-based legal solutions.
- To reach the highest potential GLSA should double down on conveying its message to the lawyers who are skeptical. As believers in legal plans, we all have heard the excuses. Skepticism based upon laugh out loud, old school attitudes that legal plans are somehow “cheap” and participation will damage a lawyer’s reputation as a pillar in the local legal community. In other words, ego is an issue. Unfounded professional conduct concerns are another excuse. Most importantly a failure to convey how legal plans benefit lawyers financially holds back progress. I suggest the GLSA organizations should concentrate on conferences, articles, webinars– whatever connections we can make—to share the message with all lawyers.
I hope these few ideas help us frame some discussions, so we can come up with even better ideas in Tampa. I am excited about the future of group legal services and the GLSA! See you in Tampa.