If you are using technology to deliver legal services online then it’s part of your responsibility to keep up to date on the technology that you are using. Different security risks pop up every day and if you aren’t aware of the them then you can’t protect your law practice and your clients.
For example, just this week the WSJ reported that Apple and Google collect location information from their users’ mobile devices. How many virtual lawyers are transmitting confidential client information via mobile devices without any idea of what information is being collected? Maybe location isn’t a major problem but what about sending photos taken by you or your client on mobile devices across unencypted email and those photos store the locations of where they were taken. There are situations where this information could put your client (or their children, friends or family members) at risk.
There are so many benefits to using cloud based technology to deliver legal services online, but we also have a responsibility to protect the confidentiality of our client’s data. This means understanding how the technology works and how to use it responsibly on a daily basis.
Several times at the ABA TECHSHOW in Chicago last week after giving presentations I was asked how I keep up with technology. There are a lot of great law and tech bloggers, but frankly, if you really want to keep up to date on technology and security risks then you need to step outside of the legal profession. Go into the world that programmers live in or look at the way that the banking or medical industries are handling the transfer of sensitive information using cloud-based systems.
Yes, I enjoy reading hacker magazines. I understand about 3/4 of what’s in them because I don’t know how to read a lot of code, but it gives me good insight into the risks that are out there and how hackers are able to get ahold of data and manipulate it. I don’t condone the actions of the authors because a lot of it is illegal. But why not learn from the pros and turn it around to protect my own practice and my clients by making sure my own system is not vulnerable to attack?
For example, this last spring issue of 2600 had a great article about passwords from a hacker who had downloaded several databases of usernames and passwords and then compiled statistics that showed what is most popular and the vulnerabilities. That teaches me what I need to do to be more secure online and how to educate my clients when they create usernames and passwords for themselves.
Here are my two favorite hacker mags:
2600 (a classic, written by anonymous and well-respected hackers who break systems mostly for the purpose of revealing vulnerabilities; starting to put some issues online)
phrack (sometimes a little hard to plow through to find gems, but worth the time; posts issues online)
If you don’t enjoy keeping up with the technology, which includes understanding the security risks, or don’t find this at all interesting, then you should find someone in your firm who does and can keep you updated. Or you could always retain an IT consultant who will charge you for that education. Or maybe operating a virtual law firm is not something you should be jumping into at all. You might decide to trust your legal SaaS provider to keep your system updated and maintained to protect your data from vulnerabilities, but they can’t be responsible for your own use of the hardware. Keeping up has to be part of your daily regime because of how quickly it moves.