Data safety is an important concept for law firms, and for good reason. Most jurisdictions have rules for lawyers that explain the bare minimum of what they are required to do to protect client data. Then, throw in legal technology options, cloud drives, document sharing, social media use, servers, the ability to accept online payments…data safety entails a lot of considerations. While those are certainly important, it seems that the conversation has dropped away from technology we use every day: email. Email security is an important concept because it is still used to gain information (including login credentials) for critical systems. If you and your law firm employees don’t know and use email security best practices, your data remains at risk regardless of the other data protection safeguards implemented.
Remember You’re Dealing with Sensitive Information
While we’d all love to believe that the disclaimer placed at the bottom of law firm emails that state the email is intended for a specific recipient and should be destroyed if it is received by a non-authorized party is something that we all follow. Mistakes happen when we’re adding email recipients. We don’t always double check. We also don’t always double check that we’re adding the appropriate document. That’s why our first email security best practices tip is to always remember you are dealing with sensitive information.
Ensure that you’re sending the right document to the right recipient. You may even consider encrypting your email in certain situations. Gmail and Outlook (the two most common email programs) both make email encryption simple.
Use a Secure Password Generator
We know this won’t be the most popular email safety best practices tip we give, but it is an important one. A secure password generator creates a random, secure password that you can use for your email (or any other website). Using the same password for every login is a dangerous practice. If someone can guess your password or gains access to it somehow, you could face a lot of problems.
We know that the main concern with using a randomly generated secure password is whether you’ll be able to remember it. Using a program such as LastPass allows you to set one master password and then generate secure passwords that LastPass will remember for you. However, programs like LastPass aren’t without their flaws. If you can’t remember your master password, you can try to reset it, but if your data becomes corrupted, you will likely lose all of your password. (I learned from personal experience several years back. Despite contacting LastPass, my account could never be recovered because, according to them, all of the data was corrupted.)
Don’t Play “Getting to Know You” Facebook Games
This may not seem like an email security best practices tip, but it is. They look harmless: first pet, first car, first job, favorite teacher, elementary school. All of those inquiries (and several others made in those “games”) are potential password reset questions. Do not play those games. The answers could be used to reset your email password or even the password to your online bank account.
If you participated in a similar “getting to know you” post on social media, go change your security questions and answers as well as your passwords. And promise us that you’ll never respond to those things again!
Use Two Factor Authorization
Gmail, other email programs, and many other technologies allow you to use two factor authorization. It is an added layer of security for your data. Even if your password is compromised, there is extra security. Examples of two factor authorization include the program sending a text message to your cell phone with a code to enter to finish logging in, a PIN number only you know, or even unlocking your cell phone to finish logging into your email (thanks, Android!). Two factor authorization is one of the more recent email safety best practices that you can use. It’s simple to set up!
Learn How to Find and Understand Email Headers
Phishing still happens. For those that don’t know, phishing is when you receive an official looking email that wants you to “log in and verify your account.” In addition to email, this also happens over the phone. Do not ever provide your account number to anyone calling and stating they are with a certain organization. If they were really with them, they would see the number (or at least the last four) on their screen. They also wouldn’t ask you for your password.
When you open the email (if you open it), you’ll see a little arrow near the “From” email. You can click that and it will give you more information about the email. From here, it’s generally fairly simple to figure out if you’re receiving a legitimate email. And when in doubt, call the company listed in the email and ask if they emailed you for any reason. Don’t call any phone number in the email. Call the official number for the company.
Report phishing emails to your ISP, block the sender, and make sure your entire law firm knows and understands how to spot these dangerous emails.
Use Antivirus Software That Scans Emails and Attachments
Our final email safety best practices tip is to make sure that your law firm uses an antivirus software that scans emails and attachments for dangers. Your IT department or the company with whom you partner for IT services should be able to make an appropriate recommendation for your law firm.
Email Safety Best Practices Are the Backbone of Data Safety
In an ever changing world full of technology, data safety will remain a priority. Regardless of how technology changes, email security best practices will always be needed.
To watch Pat Monks’ video interview on Class Actions and Collective Redress, taken in November 2019 at the Legal Protection International Congress in Berlin, press play below.
Lawyers are known as Advocates and Counselors. The advocate is a familiar figure due to popular culture or a visit to the court house. The advocate is the one zealously representing their client’s position in a courtroom. Advocates research the law and develop facts to support their client’s point of view, then apply those facts to the law, with the goal of helping their client solve a problem.
The lawyer as counselor is less obvious. The counselors work takes place over the phone or in an office and rarely in the public eye. In fact, those clients who know their lawyer as a counselor often give them that name because the counselor’s thought out well reasoned legal advice has helped the client avoid a difficult situation.
Most of a lawyer’s job is as a counselor and not an advocate. Like a sport’s team, most of the hard work is at practice and not on the field of play in front of the fans. Counseling is the ounce of prevention to the advocate’s pound of cure. The slightest course correction early can help the ship miss the iceberg. To do so, however, requires the client, as the captain, to recognize his peril early and ask his navigator about a sight course correction.
As a navigator the lawyer as counselor can see things more clearly. First, we are detached from the situation so we can see things more objectively. Second, we have likely seen the same situation before. Situations that seem mysterious to our clients often appear clear to us. This is not because lawyers are smarter or have better insight. It’s simply because the experienced lawyer has been down this path before and the pitfalls are familiar. We are legal sherpas and have been to the summit a thousand times. Sure we can take you to the top of the mountain, we even know the easiest path. If you want to go it alone we can tell you where the Yeti is, where an avalanche may get you and when the snows will be deepest.
Regrettably, it is rare for a client to call and say “everything is going great just wanted to tell you I’m having a great day.” Unfortunately, the call usually starts with, “Can my employer/the cops/my ex-wife/husband/neighbor do that?” The short answer is usually “Well yes, since they did it, but I think what you really want to know is was it legal? Why don’t you tell me what happened.”
We can’t always give the client the answer they want but we can always give them the answer they need. Sometimes just knowing how something works or why the bank requires so many documents or what an easement or usufruct is can be very helpful. We are in the business of providing options. A good counselor will be able to discuss the pros and cons of different approaches to a problem. There is always more than on way to climb a tree.
At other times the explanation of how the law will apply to a situation can lead to the preparation of a document or raft of documents. Finally, the conversation can lead to a discussion of legal rights and the enforcement of same. In short, trial. Most of a lawyers day-to-day work is not in trial, despite what popular culture would have you think. While it is the most dramatic and compelling part of what a lawyer does it is a very small percentage of a lawyer’s time.
Sometimes, however, there is no alternative to solving a client’s problem other than through litigation. A good lawyer will make sure to discuss and explain the pros and cons of litigation and give the client all of the information they need to be make an informed decision and then do their best to make sure the client’s wishes are carried out to the best of their ability. A good lawyer will counsel his client on the reality of trial. Trial can be kabuki theater and/or a roller coaster with ups, downs and nerve wracking unexpected twists and turns. A good lawyer will do their best to anticipate same but there’s no sure thing in a trial.
There are so many reasons people may be stressed out when facing a legal challenge. It’s a mysterious process and not typical experience for most. Sometimes, it’s just as simple as being heard – if not in court, then at least by someone who can empathize with you, make you feel better and give you unvarnished advice.
I had the pleasure of being invited to serve on a panel at this year’s RIAD Congress in Berlin, Germany. RIAD is known as the International Legal Expense Insurers and recently celebrated its 50 anniversary. Founded in Italy, it serves as the association of 50 legal expense insurance companies from 18 different European countries including South Africa, Canada, and Australia.
This congress was special in that RIAD changed its name and now is simply known as the Legal Protection Insurance (LPI). This year’s conference was held the same time as the celebration of the 30th anniversary of fall of the Berlin Wall. The congress was considering how LPI will deal with the E.U. proposal of the Class Action redress or Class Action lawsuits. I had the pleasure of co-chairing a breakout session with Christoph Arnet (Switzerland) to discuss attorney’s views of the EU directive. Finally, I sat on a panel with Sabine Eichner (Germany), Sven Bode (Germany), John Byrne (UK), Dr. Domenik Wendt (Germany) and Thomas Kohlmeier (Germany) wrapping up the varies positions on the Collective redress issue.
I have attended RIAD congresses in Brussels, Montreal, Dublin and finally in Berlin. And it wasn’t until this Congress that I realized the main difference between European Legal Expense Insurance and Legal Plans in the United States. It can be summed up in two words “Loser pays”.
Loser pays is the number one difference in U.S. and European law that has charted the progression of legal expense in Europe and Legal Plans in the U.S. Legal Expense Insurance was founded first in 1917 in France for the drivers of the Les Mans motor car race. European law did not allow contingency fees for attorney fee reimbursement. In order to pursue a legal course of action, a litigant had to provide funding for his own attorney up front. This situation alone, was the foundation of the creation of legal expense insurance companies in Europe.
Over the years, some counties developed some contingency fee or incentive fee arrangements. It wasn’t until this century that England, Ireland, Holland, and Spain allowed some sort of contingency fee arrangement to compensate attorneys. You would think the development of contingency fees would equate European law with U.S. Law. But it hasn’t. The rule that loser automatically pays the other party’s expenses is the reason and the difference in the two bodies of law. All European countries whether Common law, or Civil code law have had a long rule that the losing party will automatically be accessed and required to pay the winner’s cost and legal expenses. This rule has prevented many litigants from filing lawsuits out of fear of losing and paying loses. The U.S. counterpart doesn’t have this automatic rule. For the most part, a counter claim or cross action is required to initiate the loser of a suit to compensate the winner.
The U.S. tort law was allowed to develop along a free enterprise system with contingency fees. In the U.S. , lawyers assess accident injury cases as business propositions. This business contingency relationship is a new thing for some European attorneys. However, the Loser pay rules still applies in Europe, and has a very limited application in the U.S. on the most outrageous cases. Therefore, litigants’ have a free reign to sue companies and individuals with legitimate causes of action without fear of paying costs and fees if they lose.
Because of this long-established rule, litigants have been terrified to drive on European roadways without insurance that covers for damages and injury. The same goes for legal expense insurance that will cover the injured’ s legal expenses for his attorney prosecuting a case, and any costs for depositions or discovery. This legal expense insurance also covers the cost of any potential loss of a case for the opponent’s attorney fees and costs. These situations do not currently occur in the United States. Here in the U.S., the litigant has very little risk involved with a contingency fee agreement. The costs and the attorney’s fees are deducted upon payment of the claim. In the event, no counter claim or malfeasance is found on the litigant’s part, the losing party will not be required to pay any losses out of pocket.
The loser pays rule developed the need for Legal expense insurance throughout Europe. As legal expense Insurance developed over the last 100 years, most of these products started covering other legal services for traffic ticket defense, wills, divorce, and civil actions.
The U.S. legal plan history started 50 years later. None of the U.S. jurisdictions were saddled with this oppressive “Loser Pays” rule. Legal plans developed more as Auto club plans developed in this country. Legal Plans do not pay out of pocket legal expenses. Nor is there the ongoing threat of paying the winner of any suit legal fees and costs. The U.S. model developed more as an employee benefit model to cover traffic tickets, wills, divorce and other routine civil actions. These U.S. plans become a source of access to legal lines for members. The group plan model allowed large members of a company, or Union to pay discounted monthly fees to a plan that would provide a lawyer for these services.
The loser pays rule caused the European business model to develop independent of the U.S. legal plan model. The European counties have very high numbers of participation with Legal protection. In these counties, the consumer attitudes are more equivalent to consumers need to own health insurance in the U.S. The fear of losing and paying outrageous attorney fees and costs to an opposing litigant is a real concern for EU. Consumers and has been for a century.
On the other hand, American consumers view the relaxed American rule in a different manner. Legal plans are viewed more like a company’s additional benefit. But they aren’t viewed in the same light as health insurance. But this view is changing. Legal plans are growing in the U.S. And in the areas of commercial drivers’ legal plans and gun owner plans, they are viewed as a necessity to protect the consumer from real legal exposure. Commercial drivers need plans to provide attorneys to protect their Commercial driver’s license and employment. And Gun owners need protection to protect their 2nd Amendment rights to bear arms. These ongoing daily fears and concerns cause U.S. consumers to view the need for these legal plans more like they view Health insurance.
I doubt that any of the U.S. jurisdictions will ever adopt and pass automatic rules for loser pays. In the event, the insurance lobby or corporations succumb to liberal legislation that adopt loser pays, then European Legal Expense Insurance model would develop in the U.S. because of this new need. In the meantime, legal plans in the U.S. will develop based on the unique needs of the individuals that have these specific legal problems.
Thanksgiving is my favorite Holiday of the entire year. So, imagine my horror last Wednesday afternoon, when instead of starting to prepare a feast for 20, I was left wondering, what am I going to do if the power does not come back on?!?!?! It was about this time I received an email on my phone reminding me that I had promised the GLSA an article by the end of Thanksgiving Weekend. As I was calmly explaining to my wife that I could cook everything on the gas stove top, or the grill, or the propane flame used to heat the oil to deep fry a turkey (or heat water to make mashed potatoes – at least that was my theory), it was occurring to me that I had the perfect GLSA article developing right before me.
Why yes, in fact, trying to prepare a holiday meal, or any meal for that matter, without modern conveniences like electricity and indoor refrigeration, is a lot like trying to run a law practice without the benefit of having legal plan members as clients. Certainly, you can do it, but if there is a more effective way, why would you want to?
Legal plan clients are the perfect complement to any legal plan practice that represents mostly individuals. Legal Plans provide a steady stream of new clients for whom the attorney or firm did not need to advertise for or market to. Payment is guaranteed by the plan for covered services and for non-covered services most plans permit the attorney to charge their normal rates or close to it. Why wouldn’t a firm want a handful of additional clients per month? In fact, there are some practices where legal plan clients represent a substantial part of the practice, to the point that if the flow of legal plan clients slowed down, it would have a significant negative impact on the firm’s bottom line.
Doubters of the model, particularly from the law firm perspective, will say, that legal plans pay too little. Yes, it is true, legal plans generally pay less for covered services than the attorney can command on the open market for similar services. What is missing from that analysis, however, is what those fees are being compared to. These are clients that the firm literally paid nothing for in terms of lead generation. If the lead is free, why does the firm need to command the same fees in order to make the work profitable?
The other part of the equation that is often missed is one of volume. In most cases, your clients do not have more than one or two legal matters that need to be attended to at any particular time, and certainly, do not have a steady flow of new legal matters to send to the firm on a monthly or even annual basis. What if your client said to you, I am going to need “X” hours of legal work every month, or “X” number of standard documents every month and in exchange for the volume would your firm be willing to provide services at a discounted hourly or project rate? I dare say many firms would not be able to give a discount fast enough in exchange for guaranteed volume. Now clearly there are no guarantees about volume when working with the plans, but the concept remains the same.
I submit that legal plans are just starting to take hold in the United States. In fact, they are quite common in other parts of the world. As legal plans continue to grow, so does the need for quality attorneys to provide the representation contracted for by the plans. So, as you start to project and plan for the year ahead, I have two questions: If you are not taking legal plan clients, why not? And if you are limiting yourself to business from just a plan or two, why stop there?
Lastly, just in case any of you are wondering, I was thankful that the power eventually came back on and I was able to pull off a feast for 20 without a hitch!
In an environment where we have more connectivity, more computers, and more technology, we assume that everyone working in a law office should automatically pick up on how to use legal technology. If they can use Word and save a document or even make and use a template, shouldn’t they instinctively know how to use legal practice management tools? Shouldn’t they know how to use online contract repositories that allow them to write or edit or even sign contracts just by opening it? Shouldn’t they know how to navigate a CRM and send out emails? Technology is technology is technology…right?
No, and, unfortunately, it is that overly broad idea that often means law firms as a whole and employees at their individual level do not get everything they want and need out of legal tech. If legal tech isn’t being used properly or isn’t being used at all, a disconnect is created at the individual level, the attorney-client level, and at the management level. It can be very difficult to determine which document for a certain client is the right one if you have people who don’t save it within the central server or document management system. There could be multiple people with different versions of it. Which one should be used? Sure, they could be using Track Changes and emailing the file back and forth, but there’s no way to know with certainty unless you do a lot of digging.
I’ll say it again: legal tech only works when people know how to use it and actually use it. What we must consider as lawyers as what we can do to create the right environment for employees to be more open to learning to properly use legal tech and also be open to asking for help. The good news is that we can structure, implement, and encourage the right environment. And it doesn’t have to be difficult, either.
Explain How Legal Tech Makes Employee Work Easier and It’s Not Meant to Replace Them
Legal technology is designed to make providing both and excellent experience and excellent service to each client. From a historical standpoint, it’s certainly easy to see how word processing programs that allowed us to edit documents and correct mistakes was an improvement from the use of typewriters and correction tape. We can see how the wider adoption of email and secured attachments (and the ability to create and provide secured document delivery online) has far better protected us all when compared to faxes (and, yes, I know that there are many online faxing options available that are still used; most of them have secured databases which makes them significantly more secure than the giant paper rocks of yore).
The entertainment industry hasn’t really given the general population much hope in regard to AI. Terminator, Beyond Blade Runner 2049, Bicentennial Man, Resident Evil, Westworld, RoboCop, I, Robot…the list goes on and on. The idea of AI in the workplace sparks a lot of fear. First AI comes to monitor and obliterate us if it thinks we’re misbehaving and now it wants our jobs. Thanks a lot, Hollywood.
Place your focus as the supervising lawyer on how the tech will help improve the daily work experience for each employee. Explain how legal tech should make them enjoy what they’re doing more and that they are still a necessary part of the law firm. Technology is nice, and sure it can do a lot of neat things, but it isn’t a substitution for a person. Someone still must check the quality of whatever it is that legal tech does for the firm. And although legal tech makes certain things more convenient for clients, such as receiving updates and paying their invoices, they still want to talk to a person when they have questions or concerns.
You may have to explain this concept multiple times. Just keep in mind that it’s about reassuring your team you’re looking to make the office function more smoothly and not looking to automate them into the unemployment line.
Create an Environment That Welcomes Questions, Concerns, and Feedback
No one likes to feel stupid or inept. Not all technology works the same; some legal tech applications are definitely more intuitive than others. Some are really easy to learn because they resemble common software used every day. Others have a steep learning curve. If you want to ensure that your employees give technology solutions a fair shake, create an environment that welcomes questions, concerns, and feedback.
It may not be possible for you to constantly have an open door policy for questions and help with software. You have meetings. You need deep work time. Sometimes you’re in court. You also have the option of setting up once a day (or once a week as time goes on) check-ins to ensure that no one is stuck. In addition to proactively addressing questions and concerns that could be hindering proper tech adoption, it also lets you get a look at what’s happening from the front lines in terms of quality in both the product created and whether the employee believes the technology is useful or if it really does nothing more than slow them down.
It’s vital to really listen to your employees. You can create help documents to answer common questions. You can create walk-throughs for training manuals. While those items are great, what you can really get is insider information on whether all those bells and whistles are helpful or a hindrance. Be open to this information. Don’t necessarily label every question, concern, or piece of feedback that doesn’t align with your opinion as a complaint or resistance. Use it as an opportunity to learn.
Get Input from Employees Before You Buy
Talk with key employees about their workflow. Give them some information about the legal tech they’re considering. Ask them to review the information and to let you know how they think each possibility would impact their work. Remember that while you are the one who holds the ultimate responsibility for their work as the supervising attorney, you’re likely not the one down in the trenches every day. Their input can help you make a better decision. It will also improve the likelihood that the employees will actually put in the effort to learn to use the one you decide to purchase.
Cloud storage for documents is a commonly used tool, and for good reason. It cuts down on the continuing need to find a way to expand a law firm’s physical storage ability. It creates the ability for law firm employees to access documents from practically anywhere as long as they have access to the Internet. Many cloud storage providers even enable the sharing of documents with others outside of an organization. Really, what’s not to love?
Well, it turns out that if your law firm uses cloud storage, you must make sure that you’re using the right provider that can give you the data and document security required by your jurisdiction or as recommended by the ABA.
Aren’t All Cloud Storage Providers the Same?
DropBox, OneDrive, Google Drive, Nextcloud, iCloud, Amazon Cloud…there are so many cloud storage options out there. Aren’t they all the same? Well, the truth is…no. In fact, the ones I just named are all generalist cloud storage providers. They aren’t specifically designed to rigid data security standards often required in individual jurisdictions. Sure, you can get document storage, share documents, and access them from practically anywhere, but they might not provide you with the data security you need. It also may not have the features and tools you need.
If you use practice management software, check and see if they provide cloud storage. If they do, it might be easier for you to contact them and ask if they provide extra storage (if needed) and what the price would be.
Document Security Considerations
If you plan to use Google Drive, OneDrive, DropBox, or another general cloud provider, there are some security considerations.
Know your options for sharing documents. Generally, document sharing with these platforms can happen in two ways. You can either send out an email invitation to someone who can then access the document or you can create a link that you can share with whomever needs access. Here’s the problem: you’ll also need to remember to make the document view only for those you invite (unless it is someone who needs to add on to or edit a document). And the link situation? There are two important points:
- You’ll need to remember to set the link to read-only.
- You’ll need to remember that anyone with that link can access the document. If that doesn’t scare you, it should. It very well could impinge on your duty as a lawyer to maintain confidentiality of client information and work-product.
Can you actively track who changes something in a document? Going back to confidentiality and data security, it’s important that whatever cloud storage program you choose allows you to see how made changes and when those changes were made. Although it’s not quite the same as version management that you may find in dedicated document management systems (DMS), it can help you monitor your documents.
Multiple editors can work on a document at the same time. While collaboration is often a great feature, it may not be what you’re really looking to do. It’s not so bad if you only have two people with verifiable editing access for a document. However, if there are multiple editors, all of those changes may be made at once. That could make managing the integrity and content of the document more difficult.
What Features Should a Law Firm Look for in a Cloud Storage Provider?
Okay, so maybe you’re at least convinced that perhaps you should look at cloud storage providers that cater exclusively to the legal community. What features should you look for when you’re doing your research?
Start with security. Find out any jurisdictional requirements you need to meet as far as data security. Also, consider the type of law you practice. Someone who practices personal injury should look for cloud document storage that meets HIPAA standards. Bankruptcy, real estate, and other practice areas involving sensitive personal information such as bank account numbers and social security numbers should look for a cloud storage provider that has the same security standards that banks and investment firms use.
Consider its search function. If you don’t have a huge practice that generates a lot of documents, you may be alright with a general search function. However, if you can find a provider that gives you optical character recognition, that’s even better. Basic search involves tagging of documents, document names, and folder names. It may also include metadata, such as the name of the author. With optical character recognition (OCR), the documents are read by the system. You can search on any word or phrase you remember and the system will look at all of the basic search data plus the inside of the document. If you’ve ever used Evernote and ran a search, you’ve used OCR.
Does it integrate with your commonly used programs? Cloud storage is about data security and about convenience. Look for a provider that integrates with Microsoft Word and Outlook. It’s more preferable that it integrates with Microsoft Office. If you use Office 365, make sure that it integrates. DropBox integrates with a lot of various legal practice management solutions as does OneNote. Drafting or editing documents directly into the cloud drive is important. Otherwise, you have to download the document, make your changes, and upload it. How many rouge copies of a document do you think could be floating around a law firm because people meant to upload the new version and forgot? And don’t forget the fact that many times people will overwrite the existing copy. So, there’s no guarantee that all changes will be integrated (this is why version management is such an important feature).
Clouds Are Great Tools, But Security and the Right Features Are Essential
Clouds are great tools for law firms. However, it’s truly essential (in the name of meeting your ethical obligations as a lawyer) to make sure that you have the right security. And a cloud document storage provider could end up being more trouble than you thought if it doesn’t have the features you really need. So, make sure you do your research and choose accordingly!