As the majority of law firms continue to move much of their practice management online, there remains a serious concern. Those of us lawyering understand the importance of protecting the sanctity of attorney-client privilege and work product. That existed before we all started going digital. And now? The new concern is: how do we protect law firm data the right way?
ABA States Lawyers Should Take Reasonable Efforts to Protect Data
ABA Model Rule 1.6(c) states that lawyers “shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” When you think about it, that’s a tall order. What is a reasonable effort? And how can you protect all law firm data?
Unfortunately, there’s no way to protect all of your data all of the time. Data security problems from software, malware, ransomware, viruses, phishing attempts, and data breaches happen. The digital landscape changes so fast that there is no such thing as constant protection from every existing threat.
Fulfill “Reasonable Efforts” by Using Law Firm Data Protection Best Practices
It may seem like we’re all now expected to become cybersecurity and data protection experts. That’s not the case. You always have the option to hire a reputable IT team that has verifiable experience working with law firms to protect data. Do not hire just any local IT company. You really need professionals who understand the data protection requirements set in your jurisdiction as well as the best possible current security standards to protect your data based on the type of law that you practice. For example, a lawyer who primarily handles cloudy titles and easements still needs to secure their data, but they won’t need to worry about HIPAA requirements. Whereas, a lawyer practicing personal injury law or insurance defense may have sensitive medical information about people involved in accidents of some kind.
With that being said, let’s talk about some best practices you can use to protect data while you continue to use the online legal tools that make your law firm life easier.
Know Thy Legal Tool Provider
One of the best things you can do to protect law firm data is to really know what sort of data security your online legal tool program provides to you. This information is very simple to find. Go to their webpage. The most reputable and trusted companies either have their security information on their home page or they have it in an easy to find location, such as the page devoted to features or a page devoted to how they protect data.
Then, consult Google. Look them up with the words “hack,” “data breach,” “ransomware,” “malware” or “back door.” The goal of this is to determine if the provider has known problems. This is particularly important because while the major industry software players will create patches and fixes for known issues, other companies may not do this. The best companies will make on-going data security a main concern. They know they won’t continue to have a viable future without staying on top of potential security issues.
Consider Whether Your Firm Needs a Policy Limiting Personal Device Use
Sometimes, law firm data isn’t compromised through an office workstation. It’s compromised because law firm employees use their own personal devices to work on client matters. And that can be a serious risk. Depending on the type of law that you do, you may need to create and enforce a policy that limits personal device use for firm matters. Yes, that may seem extreme in a world where everyone works from a remote location at least on an occasional basis. However, personal devices may not be secure. You may want to talk with a data security professional to assess whether this is necessary for your law firm.
Use Secured Passwords for Every Program
Everyone in your law firm should use secure passwords for different programs. Ideally, they should not use the same password for every program. Don’t use common passwords. (And please don’t participate in the “I want to learn more about you…where did you go to school in first grade? Where did you graduate? What was your first car? Favorite teacher?” social media “game.” Those ask a lot of password reset questions.)
One option is for everyone to use LastPass or 1Password to help establish and store secured passwords. Randomly generated passwords, such as those that both of the previously mentioned programs can generate, are the most secure.
Working Remote? Just Say “No” to Free Wi-Fi
Technology allows us to work from anywhere as long as we have an Internet connection. If you’re working remotely, stay off the free wi-fi. That’s where data is often stolen. If you must work remote from someplace other than your home (on a secured Internet connection), get your own secured mobile hot spot. Find out if your phone allows you to tether for data. If it does, find out how you can make your own Internet connection more secure (pro tip – turn off your Bluetooth). If you’re working from an area that is less than secure, use a VPN. They’re fairly inexpensive and they are invaluable to data protection.
Use Two-Factor Authentication
If it’s provided by the technology you use, make sure that you have two-factor authentication turned on. If you’re not sure what that means, it means that it takes more than your password and username to log-in. It may include a special code that is generated and texted to you. It makes it more difficult for someone to use your credentials to access sensitive law firm data.
Use Secured Networks
The Internet connection in your law office (and in your own home) should be secured. At its most basic, this involves changing the router’s default password and enabling WPA or WPA2 encryption. It also involves making sure that your router is running off the most updated firmware for it. You can also set up your network to only allow the computers within your law office to connect to your Internet through the use of Media Access Control Addresses.
Encrypt Your Data
Talk with an IT professional about how you can encrypt emails, documents, USB devices, and even hard drives. There are a lot of options for encryption. It’s important that you’re educated. The best possible education is by an IT professional who works with law firms. They can explain what you need and your options. There are also a lot of walk-throughs available online that can teach you how to encrypt files on your computer. However, it’s important to consider your own technical abilities before you attempt to do this. It needs to be done the right way.
Stay on Top of Phishing and Phone Scams
We’d all love to believe that email (phishing) and phone scams are obvious. Yet, there are a lot of convincing scams out there. There are IRS scams, utility scams, and bank scams. There are also remote IT support scams. You must stay on top of phishing and phone scams. If you have a question as to whether what you’ve received in an email or over the phone is legitimate, contact the actual company or agency that someone claims they are with. Remember that these companies will never ask you for a username, password, or other sensitive data. Keep in mind that some scammers know this and they’ve up their game by taking people to look-a-like sites and gaining credentials in that manner.
The best possible thing you can do to protect your law firm data is to stay educated on what’s happening. You don’t have to become a tech or cybersecurity expert. Just make sure that you’re reading about what’s going on so that you are prepared to hopefully prevent it before it becomes a problem for your firm.
The Truth about Why Some Law Firm Employees Refuse to Embrace Legal Tech (and What You Can Do about It)
If legal technology truly makes law firm life easier for everyone in your firm, why is it so difficult to get law firm employees to embrace it? The truth of the matter is that unless everyone in your law firm uses legal technology, it will make your work more difficult. Why do some law firm employees refuse to embrace legal tech? Is there anything you can do about it?
Don’t Law Firm Employees Want an Easier Work Life?
There are a lot of legal tech options to choose from, and all of it is designed to improve the daily workflow of the law firm. Why don’t employees want an easier work life? Yes, of course they do. However, depending on the employee and their tasks, they may feel like the legal tech that affects them makes their life more difficult instead.
There may also be some law firm employees who refuse to use legal tech because they don’t understand how it actually works. While many employees come into the law firm with a good understanding of technology and how it works, some employees may not have an understanding of software outside of Microsoft Office and other basic computer programs. They may feel that they’re expected to know and they’re not comfortable enough to ask for help or for more training.
You may have an employee (or maybe more than one employee) who used the legal technology in question and had a bad experience with it. The cause of the bad experience really doesn’t matter in their mind. It sticks with them.
And, of course, there are some people who just don’t like change. They live and die by the old ways. They may mask their general dislike of change with what may be perceived as a reason. You can tell the difference between an actual concern and just not wanting things to change by considering past experiences when the law firm has implemented new software, policies, or procedures. The past changes don’t need to be significant ones, either.
Can You Really Make Legal Tech Implementation Easier for Your Employees?
Once you have a general idea of why law firm employees don’t fully embrace the legal technology you’ve chosen, is there a way that you can make them more apt to use and maybe even enjoy it? While we certainly won’t say that we believe every reluctant employee may eventually chomp at the bit, pinpointing their reason (or reasons) for disinclination can help you come up with a plan.
In fact, you may even be able to minimize future problems. How? By first getting feedback from law firm employees about what sort of legal tech the firm needs and asking for feedback and suggestions. Your employees can tell you if they’ve had a poor experience with certain vendors, this can be a valuable learning experience for you. You can ask about what they felt happened that made it a bad experience. Is it something that may be solved? Did it add too many steps to their existing workflow? Remember that legal tech is about making life easier at work, not harder. They may be able to give you suggestions on legal tech that they feel would be a better fit.
Take Employee Feedback Seriously
When you implement legal technology of any kind, it’s crucial that you take employee feedback seriously. You may have a general idea of how they go through accomplishing their assigned tasks, but unless you’re in the trenches, you may not know how the software impacts them first-hand. You need your law firm to be efficient just as you need your employees to feel happy.
Reassure Employees of the Purpose of the Legal Tech
There is a huge fear in the legal industry. That fear is that legal technology will take away jobs. That fear stems from the continuing growth of the artificial intelligence segment. Of course, there are certain movies that certainly don’t help with that impression. Not all AI has the ability to learn; it has to be designed to learn. AI, like other components of technology, is supposed to be a convenience that makes life easier.
It’s important to reassure employees that while there may need to be some extra training to fully use it, you’re not adopting it to put them out of a job. Technology is great, but it’s not human. It doesn’t have the experience of someone who’s worked in the legal industry for years. Legal technology runs on a set of rules. It follows only those rules. It doesn’t “think” outside of those rules. In the legal field, we need people who have the ability to know and implement certain rules when creating documents, but we also need them to have compassion and the ability to reason and consider what is best for the client.
Thorough and Continuous Training without Judgment
Do not neglect training because you believe that each and every one of your law firm employees know how to use a computer. While a lot of legal tech options are easy to learn and use, there are some nuances and there can be some learning curves. For example, with client documents stored in a DMS, you may be able to implement a check-in and check-out system for documents. Checking-out a document to edit it makes any other copy opened read-only. There may be version comparison tools, auditing tools, and other really useful features that your employees may not know anything about.
You can usually seek out initial training from the software vendor, but it may be surface level or not provide individual training to each employee. You may need to find someone in your law firm who is extremely savvy and considered a “super user.” A “super user” is someone who knows how to use practically any technology that is placed in front of them. They just seem to immediately catch on. They are usually enthusiastic about it, too. If your “super user” tends to get along well with others in the office, consider enlisting them to provide more thorough training.
You need to have someone experienced with the software, be it someone provided by the vendor or even an external third-party who specializes in legal tech training, ready to provide additional training if needed. They should be available for questions and for in-person training where needed.
It’s very important that the initial and on-going training takes place in a way that feels open and friendly. Law firm employees will not feel comfortable asking questions or even using the software if they feel that they’re being judged. Make sure your law firm employees know that you don’t expect them to be perfect. You just want to make work life easier for them.
And for Those Who Just Don’t Like Change?
Continue to reiterate the merits that the legal tech directly provides. It’s important to make sure that they feel as if their concerns, questions, and feedback are all voiced. Sometimes, people just feel the need to be heard and like they are part of the process. That feeling of inclusion is sometimes all that is needed to get people on-board.
Adopting Legal Technology Can Be Scary
Legal technology can be quite a change compared to the old way of how your law firm operates. It’s important to keep that in mind! Allow appropriate time and provide the proper resources. You’ll find that it’s easier to get your employees on board!
Considering the title of this year’s conference, I hope I have some ideas about well, charting the course of the GLSA. Looking back, group legal has always been a great idea. Consumers and those acting on their behalf devise a system to pool resources to obtain better services that may otherwise be beyond the reach of an individual. In fact, it is hardly a novel idea. The concept is the basis for so many industries– insurance, health care, education, and banking come to mind. The concept is undoubtedly a perfect fit for legal services. In my twenty-plus years as a lawyer working in the industry, I have no doubt it is the most powerful tool ever devised for attorneys and clients to find one another.
Looking forward, the consumption of legal services will exponentially increase in the coming years. The access and ease that technology provides will make certain. How do we make certain, Legal Plans and a growing population of prospective clients, receive the full benefit? In no particular order:
- Group legal services must fully embrace technology. If not we will be beaten by those who deliver technology-based legal services without the involvement of a lawyer. This is bad for lawyers and I am steadfast bad for consumers.
- GLSA must increase efforts, on a State and local level, in the professional conduct re-regulation process. A sea change is occurring. Look no further than the clarifications and liberalization of the solicitation rules in new ABA Professional Conduct Model Rule 7.3. See for instance, the Future Reports being published by many Bar Associations. Local and voluntary Bar Associations are debating their place in the brave new world of technology-driven legal services. We have to help these organizations make the natural connection that the group legal industry is built to embrace technology-based legal solutions.
- To reach the highest potential GLSA should double down on conveying its message to the lawyers who are skeptical. As believers in legal plans, we all have heard the excuses. Skepticism based upon laugh out loud, old school attitudes that legal plans are somehow “cheap” and participation will damage a lawyer’s reputation as a pillar in the local legal community. In other words, ego is an issue. Unfounded professional conduct concerns are another excuse. Most importantly a failure to convey how legal plans benefit lawyers financially holds back progress. I suggest the GLSA organizations should concentrate on conferences, articles, webinars– whatever connections we can make—to share the message with all lawyers.
I hope these few ideas help us frame some discussions, so we can come up with even better ideas in Tampa. I am excited about the future of group legal services and the GLSA! See you in Tampa.
In the seventh and final installment of our weekly series on the future of the GLSA, Hyatt Legal Plans CEO, Ingrid Tolentino provides her perspective on the future of the GLSA and more.
Where do you see the GLSA in 3 years?
Ingrid: In 3 years, I would like to see GLSA as a larger and more influential organization. GLSA is well positioned to increase its membership and become a true resource for its members and participating companies. There is an opportunity to support attorneys to help grow their practices and leverage technology in a profession that has traditionally been slow to transform. Through the annual meeting and other webinars, GLSA provides their members with helpful information regarding resources for small and solo practitioners and allows members to interact with Legal Plan Administrators. Attorneys who participate in GLSA truly have the insight and opportunity to help promote and grow the legal plan industry and their own practices.
How does your company improve access to justice?
Ingrid: For a low monthly premium, Hyatt Legal Plans provides our members and their dependents with access to a large network of experienced attorneys who can provide high-quality legal services for many personal legal needs. Dealing with legal issues such as a traffic ticket, divorce, or debt matters can be very stressful and overwhelming to many people. Legal plans provide people who have never utilized an attorney and may not even know how to select attorney the ability to work with a vetted attorney who will advocate for them and help them resolve their matter. The attorney’s fees for many legal matters are fully covered and paid directly by the legal plan. Without the legal plan, many members may not have the ability or the means to obtain counsel.
How can attorneys make more money using your company or plan?
Ingrid: The best way to increase referrals and business from the legal plan is to provide high-quality service to our members. Our goal is for our members to have a very good experience while utilizing their legal plans. That experience is largely based upon the experience they have with the attorney that they chose to work with. From the first phone call or communication to your office, focus on providing the member with a good customer experience. Be responsive and timely with communications and updates on ongoing matters. If you have any questions or concerns about coverage, fees or any other issues, reach out to Hyatt Legal Plans to discuss. We are here to help and to provide you with the information you need to assist our members. Members who have positive experiences will share their experiences with co-workers and others and are a great source of new referrals to your office. Likewise, if a member has a negative experience, they will share that as well and that can have a chilling effect on new referrals.
We are very close to our spring conference in Tampa Bay on May 9th to 11th. If you are interested in the State of the Industry Panel plus learning more about how legal and subscription-based plans can help your practice, more information is available here. Registration is open now and there are limited tickets here.