It’s time to find out.
(You won’t want to miss this one.)
Remember when George Jetson was tooling around in his mini-spacecraft with his boy Elroy? That seemed pretty sweet, right? Well, 21st century lawyers don’t have it nearly so easy. It turns out that progress rides along with information security concerns. Not only that, but regulators (federal, state, courts and ethics authorities) are catching up to the fact that lawyers, like any other small business owners, should effectively vet software providers for reasonable security applications, and also share responsibility in maintaining their law firm data (really, their clients’ data) in a reasonably secure manner.
Why, then, was ‘The Jetsons’ all one big lie? Why has your childhood been destroyed? And, what can you do about it?
I suppose that curling up into the fetal position and crying uncontrollably for several days is one option. Another is to embrace your data security responsibilities, and determine to kick ass at managing your clients’ data better than your rival law firms, and to use that as a competitive advantage. That latter choice seems like the better opportunity to me.
Let’s then discuss the practical responsibilities you should be crushing, so you can present yourself as a modern and secure law firm, in order to slake the thirst of a consumer public hungry for lawyers that understand and apply data security tactics.
Putting Software Providers to the Test
Some states, like my home commonwealth of Massachusetts, require small business owners, including law firms, to vet software providers for effectiveness of data security. But, even if you’re not required to do so by state or federal law, you may be required to do so by your local ethics rules or ethics opinions related to the use of cloud-based software — or, at least, the implication that you must do so will arise. And, even if it’s not a requirement, it’s still probably a good idea. Choose the wrong software vendor, don’t do enough to secure your data, and your professional reputation is at stake. And, the maintenance of your professional reputation is likely even more important than any short-term fines or penalties you may have to pay for a data breach, since that black mark on your effectiveness as a business owner is likely to last forever.
So, the necessary first step, before you look to additional measures for securing your data, is to find a software provider that already provides a highly secure environment for your law firm information. To that end, here is a list of questions you should ask of your potential software vendors:
(1) Does the provider offer two-factor authentication for login?
(2) Does the provider restrict IP addresses?
(3) Does the provider include features related to the setting of user roles and permissions within the software?
(4) Does the provider ‘lock’ the login process after multiple failed attempts?
(5) Does the provider utilize 256 bit SSL encryption?
(6) Does the provider encrypt data both when it is in transit and when it is at rest?
(7) Is the software HIPAA-compliant?
(8) Does the provider utilize a geo-redundant server architecture with real-time data backup?
(9) Does the provider maintain ‘five 9s’ uptime?
Asking these questions of any potential vendor, and getting a ‘yes’ for all of them, is a beautiful start to your new life as a data security-aware lawyer.
Of course, that’s only a start because, even if your chosen software vendor provides you with all the tools possible to run a secure and stable law firm, user error is the most common entry point for a data breach. Consider that, even if your software vendor is able to answer all of the above questions in the affirmative, that your secretary who chooses ‘password123’ for her password remains a security breach waiting to happen. So, in order to effectively secure your law firm data, it’s not just about relying on your software partners, it’s also about training your staff, and maintaining security rules within your law office.
To that end, here are some tips for better securing your law office data, and preventing user error, also known as boneheadedness:
(1) Make sure you have a password for your computers that is complex, and preferably that requires capitalization, numbers and/or special characters.
(2) Make sure your password hint is not an obvious giveaway for your actual password.
(3) Make sure that your computer is set to ‘auto-lock’ after two minutes of inactivity.
(4) Make sure to manually lock your computer every time you leave your desk. (For Windows machines, press the Windows button + L simultaneously. And, for Macs, use Control + Shift + Power simultaneously.)
(6) Make sure to have two-factor authentication actually enabled on all software, including your law practice management software, productivity software, accounting software and CRM.
(7) Do not use the same password for every login. (If your passwords are becoming overburdensome, consider a password management tool.)
(8) Beware of ‘phishing’ emails that ask you to download a file — even when those emails appear to come from clients or colleagues you have worked with before. (Remember that email addresses can be masked.)
(9) Moreover, never download a file that comes from a questionable source.
(10) Make sure to regularly run your system updates on all of your computers.
(11) Use reputable antivirus and malware software, with up-to-date virus definitions.
. . .
If you’re looking for a technology partner who’s as concerned about law firm data security as you are, consider Practice Panther for law practice management. If you want to find out what they’re all about, schedule a product demo via this link.
Many of the things that law firms do surrounding processes resemble cottage industry. Much of the work is done by hand. Even at this late date, manual processes rule the law firm environment. But, as many lawyers become concerned over the use of marketing automation technology, due to the loss of a ‘personal touch’, the fact of the matter is that lawyers and staff are often too busy with substantive work to provide that personal touch, and that modern consumers are far more accepting of technology-based communications than law firms realize.
Legal consumers are contacting a lawyer because they’re worried about something, usually very worried. And, when people are worried, they need to be reassured. The way potential customers of legal services are reassured is by consistent contact. They want to know that the business they intend to choose will be looking out for them, and will be keeping them appraised of what is happening in their case.
Of course, this flies in the face of how most law firms do things. Lawyers onboard clients, but their usual MO is to let clients know when something ‘important’ happens on their case —the only problem with that strategy is that, in many cases, not very much happens on a legal claim, on a regular basis. What happens if you don’t have a substantive case update on a client’s case for six months? Not contacting them at all is a common, but poor solution, because that’s a surefire way to raise your client’s anxiety level. One thing a thoughtful law firm might do is to automate a regular check-in process.
And, this starts by conditioning clients to regular, automated communication, starting at the outset of representation. Get your clients used to communicating with chatbots and receiving email and text pings when they’re leads and new clients. This will also advantage you at intake, because the majority of potential law firm clients are more likely to become the clients of the law firm that offers a first point of engagement. That’s not a form to fill out, or a link to click. It’s a virtual receptionist, or a chatbot. Communicate with the potential law firm client in a fashion that does not require a lawyer or staffperson’s time, but that does equate to actual engagement, and your chances of winning that client skyrocket. Plus, you’ll prep them for the methods by which you will communicate with them later. Extend that proposition by using a client journey. Further entrench the procedure by automating regular check-in and checkup options.
Marketing automation is not the end of ‘personalized’ communications, it’s merely the preferred method of personalized communications in the digital age. And, this is what lawyers have always struggled with: keeping up with the times. But, if your law firm becomes a first mover on marketing automation, you’ll end up creating a massive competitive advantage for yourself.