Is cloud-based practice management software really secure enough to be used in a law firm? Isn’t my on-site server/PC more secure than the cloud? These questions are asked, in some form, hundreds of times a day in the legal profession. The short answers are:
Yes, enterprise level cloud providers are more than secure enough for your personal injury law firm; and that on-site server is not as secure as you think.
When it comes to innovation in the legal profession, especially on the technology front, the legal industry is years behind—perhaps even decades. It’s not that hard to see why either. We pride ourselves on taking a detailed and methodical approach to every matter for every client. We do not provide an opinion until we have spent countless hours gathering all the facts, and even then, the opinion is riddled with caveats and disclaimers. In short, we are risk-averse.
Our time-honored approaches have helped ensure stability, enshrine the rule of law and give sound, reliable advice to our clients. However, in many ways, this approach also holds us back—particularly when it comes to the adoption, implementation, and use of technology. We live in an age where our clients demand instantaneous communication. They work remotely, download and edit documents on their phones and share reviews of our services in real-time. Technology is the one area we can longer afford to ignore.
On-site systems are vulnerable to hacking, loss and theft
Enter cloud-based legal practice management software. Despite the fact that many of us use some form of the cloud on a daily basis in our personal lives, we have been reluctant to bring the cloud into our practices. We do have sound concerns. We must consider the security of client data (we have ethical and fiduciary obligations after all), our general business security and our firm’s reputation. So we are inclined to skip the cloud in favor of on-premises, internal systems with our very own server on-site. We think that because we downloaded a security/anti-virus software and can see the physical box where our legal files and other data is stored that it must be secure. Think again.
Despite what you might think, that server in your office is not nearly as secure as it should be. Consider this, in just the last year the systems of two major AmLaw 100 firms have been breached (one firm with gross revenues over $600 million, the other’s exceeded $1.1 billion). You can bet these firms have the latest hardware and cybersecurity programs along with a few hundred IT people to support it all. Firms of all sizes have had laptops stolen, attorney’s personal laptops—containing client information—have been stolen and portable hard drives with complete firm backups have been lost. These are just a few examples.
Many smaller firms do not employ a full-time IT person. Even those that do, rarely staff an employee to monitor their systems 24/7/365. The select few firms that are able to maintain a round-the-clock vigil on their systems, simply cannot afford to implement the level of vigilance that is needed to maintain the safety of their systems. This is especially true in an age where hackers have begun to focus on law firms.
If law firms worth hundreds of millions of dollars cannot keep their data secure using on-site systems, then how can civil litigation firms without those resources keep their data secure? What’s to stop someone from breaking into your office and stealing that server? How do you stop a disgruntled employee from making a backup of your entire system and then walking out with it tucked into their pocket? By moving to the cloud.
Enterprise cloud systems are actively monitored and secured
So, is the cloud really secure enough for your law firm? Well, when it comes to the cloud there are different levels of cloud products and the type of security you get can vary. The quickest way to differentiate is by remembering that you get what you pay for. We have all heard about security issues from time-to-time with popular cloud-based legal document management software/storage platforms, practice management solutions, popular email providers and so on. While the companies behind those products certainly take security seriously, many of the products are free to use. As a result, they are less secure than other options.
Then there are the higher level/enterprise level cloud platforms (Microsoft, Amazon, etc.). These are not your free document storage platforms. These systems hosting your data are monitored by a vast team of cybersecurity specialists working non-stop around the clock. Cybersecurity professionals, numbering in the thousands, will not only actively monitor for incoming threats but also regularly test and analyze your cloud to identify any risks before they happen.
In addition, these platforms are operated out of completely secured data-centers that are monitored 24/7/365 by security systems that would rival those of Fort Knox. Their data-centers are HIPAA/HITECH certified, ISO certified and have received numerous other industry-specific security certifications, such as those surrounding the finance and law firm accounting worlds. In short, with this level of the cloud provider, you get a security setup that even those billion-dollar AmLaw 100 law firms cannot afford.
A cloud-based system can reduce the risk of a security breach at your PI law firm and save time. In addition to the monitoring mentioned before, what happens if your employee loses a firm laptop, tablet or phone? Just change a password and shoot an email to your cloud-provider (and initiate the remote-wiping software you should be using). Presto, no unauthorized access to your system. For enhanced internal security you can set user-level access permissions and restrict or delete user access, with the click of a button. You can also easily monitor when, where and how employees are using your system. You can even easily run a report that will show everyone and anyone who has accessed your system. All of this can be easily accomplished by ticking a couple of boxes and is in addition to that 24/7/365 security you get from the cloud provider.
So, join the ranks of some of the innovative law firms and the world’s largest companies— take the first step to ensuring the security of your law firm. With all the stress of maintaining a secure system transferred to a team of cybersecurity professionals, you’ll have more time to focus on your clients and growing your practice. Plus, you get all the benefits of working in the cloud—anytime, anywhere, any device access to your files; easy collaboration with staff and vendors; and clients who are impressed with your technical prowess. It’s a win-win situation.
