Industry interview with Clio: Flex your security
This article was also featured as an industry interview in the LPM cybersecurity supplement in November 2016. To read the issue in full, download the supplement.
Reducing overheads and attracting and retaining talent in an increasingly competitive SME legal market are significant drivers for firms to adopt flexible, remote or mobile working set-ups. Joshua Lenon, lawyer in residence at Clio, says that enabling legal professionals to work effectively from home or on the go allows firms to offer their staff a better work-life balance. Flexible working also reduces a firm’s expenses on large and costly offices, while creating better access to legal services for clients.
“Clients might not have the time to visit a solicitor during regular working hours, but flexible working enables fee earners to arrange meetings at the client’s convenience.” He adds that if firms keep banking hours then they’re not reaching everyone with legal needs – nor their own full competitive potential.
But Lenon says that before firms implement a flexible, mobile or remote working solution they need to understand the threat of cyberattack facing them.
“Law firms are attractive targets to cybercriminals and face a barrage of different cyberattacks on a daily basis – including ransomware, Friday fraud and CEO fraud – but there are specific information security considerations for remote working.”
In an increasingly digital world no firm can be 100% secure (whether they have a flexible working setup or not). But by adopting a cloud-based case and practice management system, SME firms could make themselves more flexible while maintaining a level of security that they couldn’t otherwise afford.
Smartphones, tablets and laptop computers have enabled flexible working like never before, but can also be a cyber gateway to SME firms’ information.
“Texting, for example, is a horribly unsecure way for solicitors to communicate the details of a case to one another. It’s plain text – sent through a third-party provider that doesn’t necessarily recognise a solicitor’s need for confidentiality – and can be easily intercepted by a cybercriminal. The same goes for emails sent through an unsecure network at a conference, café or even at home.”
For legal professionals to communicate securely at home or on the go, therefore, outgoing data needs to be encrypted. Lenon says that there are two situations when encryption needs to be considered as part of a secure mobile solution, both are offered by cloud-based practice and case management systems.
“The first is encryption in transit – as bits of data move over the cellular signal or connection to a server, it is encrypted so that no one can intercept and read it between the sending and receiving point. The second is encryption at rest – when data is either being stored on a mobile device or being stored on the remote server that houses the data normally.” He adds that encryption at rest stops wouldbe cybercriminals from simply plugging in a stolen mobile device or opening a laptop and reading all the sensitive information on it.
Firms need to make sure flexible workers have both types of encryption on their devices as part of a secure and flexible working solution. But even the strongest technology solutions can be rendered useless from within.
Lenon says the key to creating a secure and flexible working setup is educating and training your workforce.
“The strongest technology solution can be destroyed by a person who writes their password down on a post-it note, or uses their laptop openly on a train. Legal professionals need training so they know what to do and what not to do to prevent a cyber breach while working remotely.” He adds that, to this end, Clio became the founding member of the Legal Cloud Computing Association – a group of legal cloud computing vendors committed to training legal pros and setting data security standards.
But, as Lenon points out, human beings are fallible, and to have a truly secure flexible workforce firms need an extra level of security that cloud-based practice and case management systems can provide.
“Firms need the ability to impose certain types of strong access controls, like strong passwords that can withstand multiple attempts at breaking into them, and two-factor authentication to require proof of identity for the people who are logging into the system.”
He adds that perhaps the most common threat to a firm’s information security with a mobile workforce – that can’t always be stopped by training – is a lost or stolen mobile device.
“Encryption at rest is the first step to stopping cybercriminals accessing information from a stolen device, but given enough time they could break through that. Cloud-based practice and case management systems, like Clio’s, allows firms to immediately reach out, lock access from that device, and trigger a remote wipe the next time it’s powered on.”
In response to law firms that have been resistant to cloud-enabled flexible working, Lenon says that Clio’s data banks are significantly more secure than the average law firm server. In addition to round-the-clock monitoring, on-call experts and daily penetration testing, Clio employs strict controls on technical and physical access.
“For example, to get access to our data centre you have to pass through one door and verify your identity on camera with biometric controls at the next door. If you can’t, then all the doors around you are locked – and there’s nowhere to go. Then it’s just a simple call to the police because there’s a stranger attempting to access the data centre.” He adds that most small law firms couldn’t implement this level of security quickly or easily, “and I doubt their clients would actually want to go through that every time they visited the firm’s office.”
Lenon says Clio also strives to keep its flexible solutions up to date with rising regulatory privacy concerns.
“When the General Data Protection Regulation comes into force firms will have to be extra-vigilant as flexible working entities – which is why Clio is building those considerations into its tools now.”
Flexible working is becoming increasingly popular among SME law firms as a means of reducing overheads and attracting talent to gain competitive advantage. But firms need to be aware of the challenges a flexible setup presents to their information security and know how to stop potential breaches. Lenon says that cloud-based practice and case management systems offer a flexible and secure way for legal pros to work flexibly by encrypting data, wiping sensitive information from mobile devices and ensuring firms know who’s accessing their systems. Combining these tools with a well-trained workforce is the key to creating a more secure, flexible set-up at your firm.