When trying a case, the number one rule of putting anyone on the stand is: “Never ask a question you don’t know the answer to.” Asking a question of a witness you don’t know the answer to will hurt your case. These are what former US Secretary of Defense Donald Rumsfeld called the “unknown unknowns.”
Attorneys are very smart people. You made it through an undergraduate degree, then law school. You wrote the Bar exam. But if you’re a solo practitioner, or work for a smaller firm, you don’t have the business operations and marketing resources of bigger firms. If you’re running your own small firm, you are actually running a business. Lawyers working for smaller firms know all too well that resources are tight.
“The unknown unknowns” of running a business called a law firm are: technology, data privacy and security, and marketing.
Why is that? The two biggest problems of lawyers in small practices are lack of money and lack of time. As both an attorney and a business person, you cannot do it all.
It becomes a “Catch 22” situation: if your practice is not doing well, you don’t have the money to reinvest into the business and hire support staff or consultants who can help you run your practice more smoothly, as well as bring in business leads. And if you are doing well right now, you can’t find the time to learn more about things that may become your “Achille’s Heel.” Or, if you’re doing well, complacency may enter the picture: “Got along without you before….”
Computers, the internet, email, cloud computing—all these have turned us into the managers of information. Whether your practice uses PCs or Apple computers, each has benefits and liabilities. Which software is best for your practice? It depends. But find out. Here’s a great one-of-a-kind book, published annually by the American Bar Association, called the 2015 Solo and Small Firm Technology Guide. Not being aware of what technology exists right now to help your practice is not a smart strategy. Don’t be an ostrich.
One of the “Aha!” moments in the life of every attorney is when you “do the math” for how much time you spend hunting for various paper or electronic files. Take your hourly billable, multiply it by the time you spend looking for documents (20 minutes a day? 45 minutes a day?) and you will come get a figure that will shock you, whether that is $15,000 or $25,000 per year—or more. That’s great motivation to invest in technology to help your practice, for the benefit of your clients.
Data Privacy and Security
For three years, The Legal A Team had a client in the digital forensic space, Digital Wyzdom. This was the next best thing to working with the script writers of the “Criminal Minds” TV series. Then our client sold his business to Telus, a Canada-wide phone and internet company; the deal included the company’s founder and many of Digital Wyzdom’s staff.
Americans know about security failures, in both in government and in business.
Here’s what I learned about cyber-crooks and legal liability from Digital Wyzdom and Telus:
- A huge number of US corporations have been hacked in 2014 alone including Sony Pictures, Home Depot, and JP Morgan Chase (there are ballpark 4,000 hacking attempts daily on the FBI),
- We have seen state-sponsored hacking by China of Canadian law firms,
- In many cases, cyber-crooks have much better technology and know-how than governments and private corporations,
- It is very possible to have been hacked and not know it for weeks or months, and
- Police forces worldwide don’t have enough manpower to investigate, search for, arrest, try, and convict cyber-crooks. It’s just that simple. And don’t forget that many incidents are “inside jobs.” (One client was left dealing with the fallout of about $2 million missing from a trust account, by a partner.)
Having up-to-date anti-virus software should be a given. But often, it’s out of date. The best way to prevent an incident that may compromise confidential information, competitive information, and client trust is to educate yourself and your staff.
Find out about the major viruses going on, about how phishing scams, Trojans, keylogger programs, and how ransom-ware work. Never keep passwords within your computer. Take extra precautions with anything to do with money—accounts payable with automatic deductions, payroll, and clients’ trust accounts.
Keep in mind also that cyber-crooks may not be looking for your firm’s secrets; the targets may be your clients’ records.
Phishing and pharming scams always spike on Thursday and Friday nights, especially before a long weekend. Here’s LawPRO’s (the Canadian Legal indemnity firm), Fraud Info Sheet, which is good to re-read on a regular basis on either side of the border. Being busy, in a hurry, or tired leads to overlooking basic security fact-checking—this is precisely what cyber-crooks count on to sucker people, getting you to click on that bad link.
Here’s a book worth reading: The ABA Cyber Security Handbook.
Even LinkedIn is getting full of cyber-crooks. Someone you don’t know wants you to join their network? Check out their profile carefully. If they have no photo posted, that’s a warning sign. Check their contact information. Does their contact email end in “.ru” (Russia) or “.ro” (Romania), where many cyber-crooks operate from? Warning! If no contact information is posted, that’s a warning sign. No website, another warning sign. Always Google a new connection request and see what comes up.
How many connections do you have in common? If it is none or just a few, pass up the connection unless you have met the person yourself.
If they do have a photo, right click on it, where you’ll get a pop-up menu; click on “Search Google for this image.” If you see that the same photo has been used to create 12 different LinkedIn profiles, that’s a cyber-crook at work.
Make sure that your website is locked down. If your practice relies on generating business leads from the internet, such as personal injury, family law, tax, and wills and estates, lock down your website. Pick a webmaster you trust and who knows how to code, if necessary. Assign webmaster duties to a specific individual and erase the “Admin” option altogether from the dashboard. Pick a strong password.
Over the years, we have seen clients whose websites have been hacked and all web traffic diverted to another website, taking advantage of their Google rankings. Google Analytics is your friend and you should review your Google analytics weekly. Do they make sense? Catch problems before they get out of control.
Clean-up of a hacking incident costs thousands. Worse, there are lost opportunity costs.
We have also seen a rise in what we can only call “industrial dis-information” (or low-end counter-espionage): someone who was never a client of the firm leaves a very bad review on Google Reviews, which brings down your average rating and makes people wonder about the quality of your services.
Google has stopped making announcements about changes in its algorithm that help prospects find you. Here are the criteria that Google continues to value in a website, and therefore these boost your SERP [Search Engine Results Page] rankings: a) a website of 100-plus pages, b) blogging in the form of weekly content uploads of original material, in the ballpark of 1,500 words, c) links to and from real media outlets, and d) Facebook “Likes” and Twitter “Followers.” And LinkedIn’s Influencer program is now invitation-only, based on publishing original content.
I highly recommend Googling yourself every week, to see what pops us about you.
In many ways, the electronic virtual world is more challenging to navigate successfully than the physical world. Don’t be caught by “unknown unknowns.” Or you could find yourself out-of-business.