The Value of Technology Services in a Law Firm
Keeping up with technology is a challenge for a small firm. Microsoft Outlook problems, One Drive, Dropbox, and Google Drive wondering why files are not synchronizing with your cloud drives, and trying to get the full value from your practice management firm can take up a lot of your day.
But you need that technology to work for you because:
-
- It makes your operations more cost effective
- It allows you to work from anywhere so that you and your employees were not tied to the office
- It makes your firm more available and more responsive to your clients
You need technology because it makes you competitive.
How Small Law Firms Cope With Technology
We’ve worked with a lot of small companies. In most cases, you probably have an informal team that manages problems. In most cases, there is a level of trust and sharing that you’ve developed.
Now the world wants you to be more secure.
Sharing passwords on cloud accounts does not comply by any security standard. You need to make a few changes to protect yourself and your firm from an expensive problem.
Hackers want your customer’s information. If you doubt that, consider two of the of the most notable and damaging hacks of the last 10 years involving law firms whose clients information where stolen and published – the Panama Papers and more recently, the Paradise Papers. These events involved the theft of information from law firms engaged in the investing activity of some of the wealthiest people in the world.
The Principles of IT Security – Zero Trust
Here are the principles that you need to embrace, and if you have patience, you can read about Zero Trust Architecture from the National Institute of Standards and Technology (NIST):
-
- No Sharing of Passwords or Logins – None of your employees should know or use any other employee’s login. You may have shared your password with another, tech-savvy person, but that is a security hole.
- Passwords for everything – Every user should be challenged when logging in to any resource. That means that a hacker that penetrates one part of the network won’t be given access to all parts of the network.
- Multi Factor Authentication – Your users have a password, but they need to have a 2nd challenge to their login, or a Multi-Factor Authentication. People are 1) used to this because their banks employ this for online banking, and 2) hate it because it is a nuisance to them. Despite the nuisance, there should not be any exception to this rule.
These measures, which are just a few that NIST has prescribed for a Zero Trust architecture, are far from impossible to live by. If management, or ownership, buys in to the approach, then employees will adopt it, get used to it, and, in a month or two, will not look back.