CEIC 2014 Tackles E-Discovery, Cybersecurity and Forensics
Monica Bay , Law Technology News
Monica Bay , Law Technology News
Law Firms Fail to Protect Data When File Sharing
LexisNexis survey shows disconnect between security concerns and steps taken to protect data.
Marlisse Silver Sweeney, Law Technology News
May 29, 2014 |3 Comments
U.S. law firms may be worried about the security risks of sharing confidential information online, but a new survey by LexisNexis’ legal and professional division reveals that they are not doing much about it.
Unencrypted email remains by far the most prominent way that law firms share privileged communications with their clients, with 89 percent of respondents reporting that it is the firm’s primary method of distributing information.
In March, the company canvassed about 300 legal professionals in 40 states across 15 different practice areas. Results show that although respondents were aware of the risks, and wary of them, the most common method of securing documents and protecting privilege was the use of a confidentiality statement at the bottom of an email, with 77 percent of firms reporting this was their primary line of defense.
“There’s clearly a disconnect between expressed security concerns and measures law firms employ to protect their clients and themselves,” said Christopher Anderson, a senior product manager at LexisNexis, in a statement. “Relying on a mere statement of confidentiality when sharing privileged communications by email is a weak measure—and further it might protect the law firm but affords very little protection for the client,” he said.
A minority of law firms go a step further to protect their information, with 22 percent saying they use email encryption,14 percent using a password to protect documents and 13 percent employing a secure file-sharing site. At the reverse end of the spectrum, 4 percent of respondents said they take no measures at all to protect private information. “Law firms need to perform their due diligence, stay abreast of technology and ultimately protect their clients’ interest online just as they do in providing legal counsel,” said Anderson.
Attorney Marlisse Silver Sweeney is a freelance writer based in Vancouver. Twitter: @MarlisseSS.
Companies, agencies mentioned: LexisNexis
Posted by Jason Atchley at 3:53 PM
Philip Wisoff, Law Technology News
In general, there are two types of cloud services. The first, often called Software as a Service, involves an application—or set of like applications—run by a third-party vendor and accessed through the Internet via a web browser. The second approach involves data that is stored or shared via a third party’s infrastructure and accessed via the Internet. Examples of this type of service (security issues aside) would be Dropbox or Apple’s iCloud.
As attractive as cloud services seem, however, firm lawyers may be uncomfortable about having the firm’s data completely managed and stored by an outside vendor. The use of managed services is one way to address this issue.
With managed services, the firm maintains ownership of server and data center equipment, but contracts to have the day-to-day operations and upgrades managed by a vendor. It is possible to set up these services so they mimic a cloud service—thus the term “private cloud.” There are many shades within the spectrum of managed services, with vendors owning more or less of the infrastructure and applications.
The advantages of cloud-based services are many. They include:
• Access from anywhere there are Internet connections.
• Reduced need to manage IT infrastructure (servers and data storage) within your firm.
• Application and hardware upgrades handled by the vendor.
• Predictable (fixed) pricing—usually based on the number of users.
• Reduced capital spending.
• Business continuity built-in.
• Good vendors provide 24/7 support.
Managed services have similar advantages. However, the level of benefits from reduced capital spending and avoidance of software and hardware upgrade hassles will depend on how much of the IT infrastructure and associated applications continues to be maintained in-house by the firm.
The other major advantage of both approaches is the potential impact on IT staff utilization. With in-house systems, as much as 75 percent of staff time is dedicated to maintenance. By moving to cloud or manage services this maintenance component can be dramatically reduced. Of course, IT staff will need to take on a bigger role managing the vendors. The change nevertheless should free up significant IT staff time for value-added services that help the firm make better use of technology, particularly in pursuit of superior client service.
These services are not a magic bullet. No contract with a cloud or managed services vendor should be entered into without the proper due diligence. Most importantly, firms need to make sure the vendor is financially sound and has a good track record, that a sufficient level of technology infrastructure and back-up is in place, and that firm data will be properly secured. It is important to “kick the tires” by testing the service thoroughly before making a commitment. Understanding how to get firm data back when the service is no longer needed is also critical.
A firm’s telecommunications network is what connects it to these services. To get best performance, a firm will need a robust network infrastructure that provides a high-speed telecommunications network connecting all your office-based systems with the cloud vendor and the Internet.
Using cloud-based applications may mean that firms will have to give up some ability to customize software and hardware for particular firm and lawyer needs. For example, the ability to customize interfaces or financial reports may be limited, or lawyers may have to live with restrictions on how quickly old documents can be retrieved. At some firms, cultural preferences will have to be considered and carefully managed.
Transitioning from in-house-based systems to a cloud or managed services platform will require thorough planning to get the most benefit and minimize disruption. This change will not only affect how people in the firm access systems and information, but may require people to learn new systems and new ways of working. Also, significant role changes may be required for the in-house IT staff. Anticipating these changes and their impact will be an important to achieving the benefits of the systems transition and a successful project.The following steps are recommended:
1. Identify the applications and systems that will be transitioned. Determine if the target will be managed services or a move to cloud applications.
2. Clearly document your firm’s requirements for performance, availability, security, and functionality for the systems and applications that will be moved.
3. Identify and choose the service vendor or vendor(s) based on the requirements. This is typically done via a “request for proposal” process.
4. Develop a detailed transition plan for each application. Determine the human impact and develop appropriate change management, communications and training plans.
5. Run a pilot test with either a small group of people and/or a particular application. Adjust your plans based on the results of the test. Include a test of the vendor’s back-up and recovery processes.
6. Rollout to the firm.
Depending on the number of applications and the size of the firm, a transition could take from six to 18 months. Success with this type of project will depend on strong support from firm management and strong project management from the IT staff (or consultant if the skills do not exist in-house). The cost will also be highly dependent on firm size, geography and the applications and hardware involved.
Cloud and managed services hold great promise for law firms and other businesses. The potential for improving a firm’s access to technology while scaling back on the need for in-house technology infrastructure makes these service compelling. Done correctly, firms will benefit tremendously by spending more time focused on their core business of delivering outstanding service and results to clients rather than distracting technology issues far removed from that core.
Law Technology News
1. Beware the overshare. Avoid providing TMI (too much information) a la Miley Cyrus. We’ve all seen ttweeters who tell us every time they go to Starbucks, or folks that post several times each hour. Not only does this annoy readers and prompt them to un-follow you, but it also gives the impression that you have nothing better to do than to post inane content all day long. Post frequently only when you have meaningful content to convey, like when you’re at LegalTech or the International Legal Technology Association and new people and ideas are inspiring your posts.
2. Don’t be MIA. Ever go to look up a company’s LinkedIn, Twitter or Facebook page, only to find that it doesn’t exist or is so scarcely populated that it looks like a dummy corporation for the Mob? Not good! Vendors need to establish sites on at least these three main social media venues. Even if the sites are not constantly posted to, the content about the company should be accurate.
3. Be Proactive, Not Reactive. Many social media blunders result from vendors seeing a competitor’s activity and trying to pull stunts to outdo them. Hasty and reckless social media activity can be incredibly damaging and it lives forever on the web, so take a step back and plan out your strategy and tactics. Post responsibly!
1. LOOK AT ME! The biggest mistake vendors make with social media is prescribing to the LOOK AT ME! “strategy.” Social media success is not measured by who sends the most tweets or publishes the most posts, but the value of the content. A good way to measure the quality of your content is by the numbers of new followers you gain. If you are distributing content that is valuable, people will follow you to receive it.
2. Hijacking an event hashtag. Used the right way, industry event hashtags (e.g., #LTNY for LegalTech New York) helps build your audience, but often people hijack those hashtags. Don’t have every person who works for your company retweet a message sent from your main company account. You can tell when you look at the feed of the hashtag and the same message appears 10 times in a row. Be respectful.
3. Hoping it will go away. Facebook has more than a billion users and Twitter logs 241 million monthly active users. According to a DOMO infographic, every minute of every day 27,778 new posts are published on Tumblr; Foursquare users check-in 2,083 times; and YouTube users upload 48 hours of new video. The bottom-line—you simply cannot ignore social media. While you won’t become an expert overnight, social media tools now make it easier than ever to get started. Start small. Pick two, e.g., Twitter and LinkedIn, and spend 30 minutes a week building your online presence.
1. Lose sight of the big picture: Aside from posting politically incorrect tweets or following someone who tells the world what she or he is doing every minute of every day, the number one mistake is thinking that social media is a silver bullet. You aren’t going to share one post and have 20 Am Law partners clamoring for your software. Activities around social media must align with your marketing plan and goals. If your company is focused on, for example, growing its presence on the East Coast or targeting law firm CIOs in order to win 10 new clients in Q3, then your social media efforts should have a special focus on supporting that goal.
2. Spray and pray: From LinkedIn to Instagram to Confide, the number of social media channels grows every day. It’s very tempting to take on as many of these channels that you can—after all, don’t you want to build an online presence and recognition for your company? But stop. Take the time to carefully evaluate each social media channel, its advantages, its benefits and—most importantly—if your prospects and clients are using it.
3. Concentrate on the numbers: “Hi, I’m X. I have 3,000 Twitter followers.” My (internal) response: “Who cares? How does that define you as an individual?” We want to measure progress and one of the most common defaults is to define success on the social media front based on the number of followers. A recent study showed that about 40 percent of Twitter accounts are owned and populated by bots. Know who your followers are, connect with them authentically and see them as more than just numbers.
» Valerie Chan, principal, Plat4orm Public Relations, Seattle. E-mail: firstname.lastname@example.org. Website: www.plat4ormpr.com.
Social media can help drive web traffic and raise visibility on search engines, and generate new leads; however, most posts on sites, like Twitter and LinkedIn, are replaced by new entries every 10-15 seconds. And most people just don’t have time to stay connected 100% of the time. In order to use social media effectively, organizations should avoid these three major mistakes:
1. Skipping the employees in the process. All employees are important—especially when it comes to evangelizing your company. Make every employee a social media evangelist; re-tweeting, sharing and linking to corporate posts will promulgate the network.
Mark Gerlach, Law Technology News
Mark Gerlach, Law Technology News
Patrick Oot, Law Technology News