Cloud Computing

Round Up: Secure Communication, Post-Pandemic Law Firms, Practice Management Software, and More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from April:


Round Up: Law Practice Management Software, Litigation Fact Management Software, ABA TECHSHOW, and More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from March:


New Cybersecurity Recommendations For Lawyers

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

New Cybersecurity Recommendations For Lawyers

Now that lawyers have been intermittently working remotely over the past year - and may continue to do so in the near future - their ethical obligations relating to cybersecurity practices have taken on a whole new level of importance. That’s why technology competence is paramount in 2021: it is essential for law firm leaders to have a full understanding of cybersecurity issues and how they may affect their displaced workforces, especially since lawyers and other law firm employees will likely continue work remotely at different times throughout the coming year.

The good news is that since the start of the pandemic, a number of different bar associations have provided cybersecurity ethical guidance, with the State bar of Wisconsin most recently weighing in on this issues in Wisconsin Formal Ethics Opinion EF-21-02. In this January opinion, the Wisconsin Bar ethics committee offers advice on a number of different issues related to practicing law remotely, including lawyers’ obligations to secure IT systems, protect confidentiality and communicate securely.

At the outset, the Committee focused on the duty of technology competence, explaining that basic technology competence includes, at the very least, “knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private.”

Next, the Committee turned to its cybersecurity recommendations and emphasized the importance of securing law firm devices and systems by putting into place strong safeguards to provide protection for remote working processes. The guidance included a broad range of cybersecurity issues, including password protection, encryption, data backup, and secure communication.

After providing a brand spectrum of general advice, the Committee then offered extensive list of cybersecurity recommendations. What follows is a truncated version of the cybersecurity best practices covered by that list:

  • Require strong passwords to protect data and to access devices.
  • Use two-factor or multifactor authentication to access firm information and firm networks.
  • Avoid using unsecured or public WiFi when accessing or transmitting client information.
  • Use a virtual private network (VPN) when accessing or transmitting client information.
  • Use and keep current antivirus and antimalware software.
  • Keep all software current: install updates immediately.
  • Supply or require employees to use secure and encrypted laptops.
  • Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
  • Specify how and where data created remotely will be stored and how it will be backed up.
  • Save data permanently only on the office network, not personal devices.
  • Use reputable vendors for cloud services.
  • Encrypt emails or use other security to protect sensitive information from unauthorized disclosure.
  • Encrypt electronic records, including backups containing sensitive information such as personally identifiable information.
  • Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, or online ads.
  • Use websites that have enhanced security whenever possible.
  • Do not have work-related conversations in the presence of smart devices such as voice assistants.

Certainly, there’s even more advice where that came from, so make sure to read the opinion in its entirety for lots of useful cybersecurity guidance from the State Bar of Wisconsin. And then, take the advice offered to heart and implement any cybersecurity suggestions not yet in place in your firm. Finally, and most importantly of all - maintain technology competence, keep innovating, and stay safe out there!

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

In March of last year, as we faced lock downs and the newfound threat of COVID-19, remote work became a sudden and unexpected reality. Law firms shut their doors and sent everyone home, and the work-from-home revolution began out of necessity, not choice.

As lawyers tried to adapt to the “new normal,” they encountered ethical quandaries when transitioning their dispersed workforces to the cloud-based technologies that would facilitate remote working. Because working-from-home was not commonplace prior to the pandemic, there wasn’t much ethical guidance available regarding technology use that lawyers could turn to.

Fortunately, on April 10, 2020, the Pennsylvania Bar stepped up to the plate and issued Formal Opinion 2020-300. In that opinion, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility provided guidance on how lawyers and their staff can ethically provide legal services while working remotely.

Since that time, as lawyers have continued to work from locations both inside and outside of the jurisdictions in which they’re licensed, another ethical issue has arisen: whether an attorney working remotely long term from a jurisdiction in which they’re unlicensed constitutes the unauthorized practice of law. The Florida Bar Association, D.C. Bar Association, and the American Bar Association have already addressed this issue, and now the Pennsylvania Bar Association, in conjunction with the Philadelphia Bar Association, have joined their ranks by issuing Joint Formal Opinion 2021-100.

At issue in this opinion is whether it is ethical for a lawyer licensed in Pennsylvania to work remotely from another jurisdiction in which the lawyer is not licensed. The Committee summed up the situation leading to the consideration of this issue and the ethical dilemma presented as follows: “The shift to a predominantly remote-based practice model has raised concerns whether a Pennsylvania lawyer practicing law from a physical location outside of Pennsylvania engages in the unauthorized practice of law even though the attorney’s practice is limited to practicing Pennsylvania law for clients in Pennsylvania.”

The Joint Committee acknowledged that the American Bar Association had previously addressed this issue in ABA Formal Opinion 495 and had concluded that “(t)he purpose of Model Rule 5.5 is to protect the public from unlicensed and unqualified practitioners of law…(and) is not served by prohibiting a lawyer from practicing the law of a jurisdiction in which the lawyer is licensed, for clients with matters in that jurisdiction, if the lawyer is for all intents and purposes invisible as a lawyer to a local jurisdiction where the lawyer is physically located, but not licensed.”

In reaching its conclusion, the Joint Committee adopted the ABA committee’s rationale and concluded that Pennsylvania lawyers could ethically work remotely from a jurisdiction in which they were not licensed as long as there are no statutes, rules, opinions or case law of that jurisdiction in place that would prohibit them from doing so. The Joint Committee determined that this type of remote work is permissible but “lawyers may not hold themselves out as being licensed to practice in the local jurisdiction and may not advertise or otherwise hold themselves out as having an office in the local jurisdiction, or provide or offer to provide legal services in the local jurisdiction, the fact that they are physically located there does not bar them from working remotely for the same clients.”

This opinion, and the ones from the bar associations that preceded it, are evidence of a greater trend: the pandemic has ushered in a new normal for the legal profession. Remote working, and the cloud-based technology needed to enable it, are here to stay. Practicing law from any location is becoming an accepted and commonplace practice. So if you’re still on the fence regarding the use of cloud computing software in your law firm, what are you waiting for? The tides have turned, and there’s no better time than now to make the transition to working remotely using cloud-based technology.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


Round Up: Document Assembly Software, Legal Tech Adoption, and Cybersecurity

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from February:


Round Up: Top Legaltech Stories of 2020, Virtual Conferences With Avatars, and Remote Working Software

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from December:


Round Up: Remote Working, Virtual Conferences, and Cloud Computing

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from November:


Case shows why lawyers must encrypt e-communications

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Case shows why lawyers must encrypt e-communications

Whenever your firm’s employees work remotely during the pandemic (and beyond), electronic communications will increase out of necessity. If those communications aren’t encrypted, you run the risk of inadvertently disclosing confidential client data. That’s why it’s imperative that your firm takes steps to encrypt online communications if it isn’t already doing so. Whether you decide to encrypt emails on a case-by-case basis or use the secure online communications portals that are often built into law practice management software, one way or another, your firm needs to ensure that it’s protecting all confidential electronic communications.

Doing so will not only safeguard confidential information, it may also shield your firm from liability in the event that a cyber-scam that results in a loss to your client. Case in point: Otto v. Caltrow Law, PLLC, No. 19-0361. In this case, the Supreme Court of Appeals of West Virginia considered whether a law firm was liable for a cyber-scam that resulted in a $266,000 loss to its client when funds for a real estate transaction were mistakenly wired to scammers.

In this case, an unidentified scammer impersonated the Otto’s real estate agent in an email conversation and as a result, the Ottos, who were clients of the Caltrow firm, wired the scammer $266,069.22. This money was never recovered.

The Caltrow firm used encrypted email to communicate with the Otto’s realtor regarding wiring instructions, and never communicated directly with the Ottos. The realtor, the real estate broker, and the Ottos, however, subsequently discussed the wiring instructions via unencrypted email. It was that unencrypted email chain that the scammers hacked into. They then subsequently spoofed the real estate agent in emails sent to the Ottos regarding the purported new wiring instructions. As a result of those spoofed emails, the Ottos wired the money to the scammer’s bank account.

The Ottos subsequently filed suit against the real estate broker, the realtor, and the Caltrow firm in an attempt to  recover their losses. They later settled with the broker and realtor, and then amended their claims against the Caltrow firm and alleged that the firm breached duties owed to them as follows:

    1. Prior to wiring any funds, [Petitioners] should have been personally contacted by [Respondent], or, at a minimum, [Petitioners] should have been advised and alerted by [Respondent] to call her office and confirm the instructions.
    2. b) Although [Respondent] appeared to have used an encrypted email, [Respondent], knowing full well that wiring instructions were to be communicated via email, should have taken any precautions to determine if [the realtor's] . . . and the [Petitioners’] emails were encrypted and otherwise secured.
    3. c) [Respondent] should have informed the [Petitioners] as to the prevalence of wire fraud schemes, and that if an email seemed suspicious, they should take no action until they confirmed, by independent means, that the communication was legitimate.

The Court disagreed with their assertions. First, the Court determined that when the firm encrypted the email regarding the wire instructions, it exercised reasonable care by taking steps to protect that information: “The contents of that email were highly sensitive and Respondent reasonably expected the information to remain confidential by use of encryption technology. Indeed, Petitioners concede that Respondent was not responsible for the hack because they pled in their amended complaint that ‘the money was diverted when the hacker was able to intervene in email correspondences between' (the realtor) and Coldwell.”

Next the Court turned to the Otto’s assertion that the firm failed to warn them about the risks associated with potential phishing and spoofing email schemes. The Court likewise dismissed that claim, concluding that the plaintiffs failed to provide sufficient evidence to support their allegation that the firm breached the applicable standard of care owed to the plaintiffs under West Virginia law.

In other words, the firm’s use of encrypted email is what saved the day in this case and precluded liability. What steps does your firm take to ensure that confidential client data is sufficiently protected from prying eyes? Does your firm have secure communication protocols, such as online communication portals, in place? If not, what better time to implement them than now, as you plan for a successful 2021? Not only is it the ethical thing to do, it’s the smart thing to do -  so what are you waiting for?

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.


Round Up: Artificial Intelligence, Virtual Conferences, Surveys and More

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from October:


Law firms and technology post-COVID: The latest statistics

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Law firms and technology post-COVID: The latest statistics

It’s hard to believe that the pandemic has been with us for nearly 6 months now, and will likely be around for months - or even years - to come. While it’s hard to predict when the pandemic will end, one thing is for sure: COVID-19 has changed many aspects of our culture, from when and how we interact with others to how we conduct business. Many of those changes will undoubtedly be permanent.

The legal profession has not been immune from its impact. The pandemic has drastically altered the ways in which lawyers work. For example, lawyers have become increasingly reliant on remote working technologies to get the job done. Virtual meetings and court appearances have become the norm, lawyers are storing and accessing data in the cloud at rates never before seen, and many indicate that their firms are planning to invest in new software to ensure that employees can work remotely no matter what happens.

Of course, don’t take my word on it. Let’s take a look at cold, hard statistics to see what lawyers have to say about how COVID-19 has and will affect their firms. The statistics we’ll be looking at today are from the latest Legal Technology Survey conducted by the International Legal Technology Association (ILTA). While the survey has not yet been officially released, some results from this annual survey were shared on social media by attendees of a virtual session held during ILTA’s annual legal technology conference last month.

This year’s survey results were based on responses of attorneys from firms of all sizes. 31% were from firms with less than 50 lawyers, 37% were from firms with 50 - 149 lawyers, 18% were from firms with 150 - 349 lawyers, 8% were from firms with 350 - 699 lawyers, and 7% were from firms with more than 700 lawyers.

As reported by attendees, there were lots of interesting findings gleaned from the survey regarding how law firms are operating during the pandemic. For example, according to the survey results, more firms than ever are relying on cloud computing software to run their firms. 35% of survey respondents shared that their firms continued to move to the cloud with every software upgrade. Nearly 35% indicated that their firms were considering a move to the cloud, and more than 20% of firms were already mostly using cloud computing software. Only a little over 10% indicated that their firms were still uncomfortable with the idea of cloud-based software.

The survey results showed that the types of cloud-based software used by firms runs the gamut. The most popular was cloud-based email, with 50% of lawyers reporting that their firms used it. Other notable types of cloud computing software used by firms included: 1) document management (37%), 2) time and billing (23%), and 3) case and practice management (15%).

Another interesting set of statistics shared related to how the pandemic affected the future plans of law firms. Survey respondents were asked what their firms planned to continue to do differently once work-from-home mandates were lifted. 45% reported that their firms would continue to permit more work-from-home options, and 13% planned to provide more laptops to employees. Other notable responses that appeared to be driven by the need to ensure the ability to shift back to remote work if needed in the future included: 1) an emphasis of moving to paperless operations (9%), 2) increased usage of home offices (8%), 3) an investment in more mobile technologies (7%), 4) an increasing reliance on virtual meetings (7%), 5) the use of more online collaboration tools (4%), and 6) an increased investment in more cloud-based tools (3%).

In other words, the times they are a-changin’, with an emphasis on cloud-based tools that enable lawyers to work from anywhere. I’ve been encouraging lawyers to use cloud computing for more than a decade now, so all I have to say about this development is: It’s about time! While I wish it hadn’t required a pandemic to get us to this point, it’s nevertheless a step in the right direction. Change isn’t always easy, but I’m confident that this particular transition will benefit lawyers and their clients for many years to come.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at niki.black@mycase.com.