Everything you need to support your IT Legal and Discovery Tools.
Not all IT firms are well equipped to handle the needs of Bay Area law firms. Let's face it - Partner's can be demanding at times and they are often short on time. They need their technology to work, and their IT provider to be able to communicate efficiently and professionally. Our clients bill in 6 minute increments and we've learned over the years when talking to attorneys you need to be very well prepared.
Our engineers often put in 20-45 min of prep work before calling back our attorney clients for a 5 min call.
That may sound exaggerated but it isn't. The biggest complaint we get from our prospective clients is how their current IT folks waste their time and how much they hate 'useless help desk staff'. Our engineers deal with lawyers and their support staff all day long and are experts in:
- Providing 'White Glove' IT Service to Attorneys, Partners, and Office Managers
- Document Management Software (DMS)
- Practise Management Software
- Legal Billing and Legal Discovery Tools
- Compliance and Cybersecurity (many of our firms have had their clients demand IT Audits and security risk assessments after GDPR)
- Copiers, Print Audit, Papercut, and other print management billing software
- Cloud Applications, Servers, and SaaS Services
- Office365 and GSuite including legal holds, secure archiving for compliance & encrypted email
Learn How Tech Plus Can Help Your Law Firm:
Table of Contents:
- Why Choose Tech Plus for your Law Firm's IT Services
- Cybersecurity and Legal Compliance
- Should my Law Firm Outsource IT Support or Do It In-House?
- Common Legal Software used in California that We Support
- Office 365 & GSuite Legal Compliance Features and Migrations For Law Firms
- Business Continuity and Disaster Planning for Lawyers
- Working Remote, VPN & Mobile Device Management
- Paperless Office: savings and strategies for your Law Firm
- Cybersecurity Training for Attorneys, Paralegals and Support Staff
Is your Law Firm Properly Securing Privileged Client Information?
Law Firms are an increased target for cyber criminals. We've seen a huge rise in malware outbreaks in 2018; cryptolocker viruses being the most common. Essentially these viruses infect multiple machines, encrypt and lock the data, then demand payment in untraceable bitcoins in order to release files. Read more on this here.
Is Your Law Practise Following These Simple IT Security Best Practises?
- Write and maintain a Cyber Security/Cyber Risks Policy. This document should include escentials like user security training, disaster recovery policies, password policies, and align IT and business goals.
- Ensure proper anti-virus and anti-malware software on every machine or "endpoint".
- Ensure all internet connected devices are inventoried and updated with the latest firmware, security patches, and checked for vulnerabilities
- Ensure all software is up to date - this means all the proprietary legal software like your DMS software, form fill software, case management, etc. Also any custom forms or templates, custom Office Ribbons.
- Ensure all support staff and attorneys have gone through basic cyber security training, run test phishing campaigns 2-3x a month and re-train those who fail tests.
- Ensure MDM - Mobile Device Management is installed on any Smartphones or tablets or other devices where company information such as emails are stored. Airwatch and MaaS360 are two great MDM providers.
- Encrypt email both for internal communications, and also select clients and vendors. Provide these people with instructions for installing the necessary TLS settings to establish the secure tunnels to your firm's email provider, or have them acknowledge the risks of communicating over unsecure email.
- Ensure you have proper Firewalls, and other security software.
- Ensure IT Staff are looking through the security (both firewall and server) logs daily and checking all systems are functioning properly.
Get Email Tips on Cybersecurity for Law Firms
Managed Service Providers vs. In-House IT
In-House IT offers the benefit of having IT staff on-site at all times, dedicated people, and the option for staff members to wear multiple hats. I.e. when not handling IT issues perhaps an IT technician could handle billing and accounting work, filling, or other office administration tasks. It takes a while to get the right people hired, but when you do they are dedicated to your firm 100%.
Outsourcing to a Managed IT Service Provider on the other hand has a slew of benefits:
- No need to hire specialized staff members for part time projects. There are many IT jobs that require specialist such as a Salesforce Administrator, an Exchange or Oracle database admin. Unless your firm is really, really large your unlikely to be able to have full time work for these roles. You could hire a generalist and bring in contractors, but it is often cheaper to outsource the entire IT department to an MSP where they can hire specialized people and have them work a variety of Accounts to fill their time.
- Less training and staffing costs. Let's face it - hiring in the Bay Area for IT Engineers is tough. There is competition from tech giants like Google, Facebook, Amazon along with a slew of other Startups. Finding the right people and getting them to stay at your firm is a tall order. It is also very tough to hire and manage technical staff if you yourself are not technical.
- Focus on running and growing your law practise. If IT is outsourced you instantly have more free time to devote to your core competencies. There is a reason large companies outsource their IT.
- Predictable Costs - MSP's often work on flat rate billing. So you have the same bill each and every month. It is predictable and easy to manage. Also if you're not happy you can decide to end your contract and choose another IT Provider.
- Liability - when you outsource your IT service the provider often takes on a chunk of liability. It is their responsibility to keep your machines patched, protected, and up to date. While we still recommend having the proper Cyber Risks Insurance coverage, outsourcing your IT often shifts some of the liability off your firm.
- Less investment in software, tools, and hardware. Have you looked recently at the cost of help desk ticketing software like Salesforce.com? A single license is $150/employee/month. While these tools are great investments and enable staff to work more efficiently it can cost thousands of dollars to purchase them, customize/configure them, and training employees how to use them. When you hire a managed IT provider they instead have to foot the bill for all these expenses.
eDocs - LexisNexis - OMEGA - Practise Master - Clio - Tabs3 - Legal Solutions
Given that so much of our client base is Oakland and San Francisco based law firms (about 90%) our engineers are skilled at many legal applications. Legal software tends to be pretty unique to support. Often it can be a little behind the times (legal software is slower to innovate) however it still needs to work properly and often integrate with your other more modern software like Office 365. Our IT engineers spend a good amount of time working the software listed below and as a result we've developed good relationship with software vendors, and are often able to solve issues quicker than IT generalist who support a larger variety of industries.
A few of the Legal Software Packages we support:
- Lexis Nexis
- Abacus Law
- Legal Solutions
- Amicus Attorney
- Action Step
- Net Documents
- Legal Files
- Practise Master
- Smart Advocate
- Time Matters
- TimeSolv Legal
- Print Audit
- PCS Director
Another thing we do that is unique is proactively participate in vendor training. That is when we start to support a software we do not already use we schedule a conference call with the vendor and ask them about common issues, and offer to take any online training they offer. This way when our clients experience an issue often we are able to solve it faster, without needing to contact the vendor at the time of the incident. We are very, very careful to do as much research and homework so not to waste the time of your partners, attorneys, and support staff.
& the Legal Compliance Features We Suggest All Law Firms Purchase
Unlike many other IT providers, Tech Plus Consulting was born in the cloud. From day one we've been using all cloud services to run our own business (Salesforce.com, G Suite, Harvest, Trello, HubSpot, QuickBooks Online & more), and worked with our clients to transition legacy applications to more cost and security efficient cloud solutions. That being said not all software is best run in the cloud; we still support dozens of on-premise servers.
Email however, for most law firms in our experience is best handled by either Office 365 or Google's G Suite. We've helped many Oakland Law Firms migrate from on-premise Exchange email servers to one of these two providers. When migrating there is lots to consider: Do most of your users prefer Outlook, or would a more modern web-based GUI work better? What software (such as billing or practise management packages) will need to be re-setup, what about network printers and scanners? What security settings do you require? Be sure to talk to an IT professional with experience handling migrations in the legal industry. Often legacy software can be more challenging to work with and projects have a tendency to go over budget if every item is not planned for. We're putting together a comprehensive checklist for cloud email migrations we will post on our blog soon.
The one Essential Feature to Maintain Compliance we suggest all Law Firm's Buy: eDiscovery
For G Suite Google calls this feature "Vault" and for Office 365, Microsoft calls it "Compliance Manager". Both of these services are simular. They keep a copy of every email sent and received (regardless if the user deletes it or an account is removed) for several years and give you a special management console to search, retrieve, and review these emails. We recommend all legal services companies opt for this in order to remain compliant, and give you peace of mind.
What Your Law Firm Needs to Ensure Compliance and Safeguard Client Data
As a law firm you are entrusted to keep your client's sensitive information - driver's licenses, birth certificates, tax returns with SSN Numbers, medical records, banking records and the like protected. There are legal ramifications for not storing this data properly; it must be encrypted in transit and at rest. Furthermore a service disruption is no excuse for court docket and client deadlines.
Here are a few things to consider :
- Choosing the right software and hardware for your backups
- How frequently will backups be taken?
- Will network or system performance be affected while backups are completed?
- How are backups encrypted?
- Does this software use industry standards or a proprietary format? (we've seen clients use backup software in the past where company outsourced development and their sub-contracted company has gone out of business and suddenly backups are in a proprietary format where recovery is near impossible)
- How does the software notify system administrators in case of a failure?
- Is the hardware under warranty? What is the SLA for warranty work?
- Can the hardware be expanded if backups sizes grow?
- Determining when backups are tested, and how thoroughly they are checked
- Who is responsible for checking backups? How frequently?
- How are backups tested? Is it just a virtual boot of an image or does someone manually spin up applications to test data integrity?
- Are disaster drills performed?
- Recovery plan. What are the Priorities?
- In a perfect world all servers and services are virtualized and can be brought online instantly, however if budget doesn't allow that
- Which applications need to be restored first (commonly calendars/scheduling, payroll, case files) ?
- Which applications or files are less time sensitive?
- Which staff members are top priority?
- Does the internet connection have enough bandwidth to run the restore job quick enough?
- How many users can your backup appliance or backup service support simultaneously? What is the procedure to revert back to the primary server(s)?
- In a perfect world all servers and services are virtualized and can be brought online instantly, however if budget doesn't allow that
- Cost - what are you paying for these backups, would there be savings by using other cloud vendors?
- Archiving - are there old files that could be archived to long term storage (i.e. Amazon Glacier) to save on the costs of constantly being backed up?
Is your Remote Desktop access properly secured? How about mobile devices?
Two of the most common security risks we encounter are unsecure RDP - where remote access is done without a proper VPN, and lack of mobile device management on attorney smartphones. Mobile device management - "MDM" is the technology that secures smartphones in case of theft, termination, or otherwise securing confidential information on mobile devices. It is critical all law firms leverage MDM in order to secure their confidential client information. There are plenty of providers - VMWare's AirWatch, IBM's MaaS360, Meraki's MDM, Jamf, and even Google's free MDM for G Suite customers.
MDM Software let's you:
- Remotely wipe a mobile device in case it is stolen, an employee leaves, or a phone is lost
- Encrypt company mail and applications, keeping them in a secure 'container'
- Disable copy/paste or screenshots of sensitive information
- Push out updates, applications, and mail profiles making it easier to service users who travel
- Control data bills, determine geolocation of devices, and track other usage data
Remote Access is an essential for attorneys today. From being able to access case files in the courtroom during/before a trial to travelling, or telecommuting; it has to work and it must be secure - always. In order to safeguard your firm's remote access we recommend a layered approach. First have your users authenticate and connect to VPN, then next have them login with AD to their remote session. Don't ever use simple web access or run RDP on the standard port - 3389. If you're unsure what that all means talk to an IT Security Professional.
Cut the Cost of Document Storage by Storing Legal Files Digitally
Storing physical files can cost your firm thousands and thousands of dollars. We've been shocked to see the storage bills of some of our clients are paying. Most of these bills can drastically lowered by use of a high speed scanner (we love the Fuji ScanSnap) and an intern or legal secretary in their spare time. Oh course there is a little more to it than that; most firms need a document management software such as eDocs, DocuXplorer or WorldDox. These software packages organize case files, allow attorneys to check-in and check-out documents (to keep an audit trail and prevent conflicts of interest) as well as index files for greater searchability.
On top of that you can prevent physical files in the first place by transitioning to eSignature for client intake (tools like Docusign are as little as $10/user/month and allow you to request digital signatures with ease), and requesting legal files be sent to you digitally - on flash drive (we recommend having it encrypted with the password sent separately) or via a secure upload tool.
The document management software companies often provide great training packages, as do managed service providers like us. Lastly don't forget: if you are going paperless make sure to have a comprehensive disaster recovery and backup procedure in place.
Your Firm's Security is Only as Good its Weakest Link
We all have those employes that are great people but who are also a little too trusting and/or a little too quick - often neglecting to read and examine what they are clicking. It can be easy and it can happen to anyone; especially with with stress and deadlines and busy work days. Just remember your security often boils down to that weakest link. It is for this reason we recommend implementing cybersecurity training and phishing testing.
Here is what that looks like:
- 2-4 times a month fake emails are written up and sent to all staff (we recommend your infosec folks get creative using Judge's names or mentioning local areas like Alameda County so to emulate what an actual hacker would send in a spear phishing attack and changing emails)
- If someone clicks on something they are not supposed to they are immediately shown a video and write up of what they did wrong and how to spot it in the future.
- An online dashboard shows your office administrator or other IT Security coordinator who passes these tests, and who could require some additional training.
- For those that need more assistance training classes can be done online via an interactive eLearning Portal, or in-person by your infosec team.
- You should have infosec staff or your managed security provider come in and talk briefly during company meetings with examples of recent attacks and to further align IT and business goals.
In today's world IT Security cannot be ignored; law firms must be proactive and prepared. Your clients expect their information to be secure.