Byte of Prevention Blog

by Bassel Farra |

Managed Technology Services in the Law Firm

five 9s logo1. What is managed technology services and why would it be helpful to a solo or small law firm?

A managed technology service provider supports your firm with the expertise, services, and equipment that allows you to manage your entire IT needs as seamlessly as possible. A good service provider takes the time to understand your business, your people, your goals, and your processes. Once they gain that understanding, they offer solutions, manage your expenses, improve your efficiency, and most importantly, save you time to focus on your business. The good service provider will help craft business solutions utilizing various tools making your business run smooth and automate as many tasks as possible. These solutions will not always be technology based, but more about improving your processes.

2. What should a lawyer look for in a technology consultant?

I am asked this question more than any other by small and medium business owners. In general, any business needs to find someone with whom they feel comfortable. The quality IT service provider should understand you, your business, your needs and your wants. It is not always easy to find, but once you do, the strong rapport you build with your service provider will pay dividends in saved costs and time.

Five things to look for when considering a technology consultant or managed IT services provider include:

  • Comfort: First and foremost, hiring a technology provider is similar to hiring an accountant or other professional firm. Just like you need to build rapport with your clients, a quality technology provider will establish a good relationship with you based on understanding your needs.  The service provider builds trust by fulfilling your needs as cost effectively as possible.
  • Business Process Oriented: Rather than seek the newest technology, you goal should be increased efficiencies. Your consultant should understand your business processes, your needs, and “wants” before they ever mention the myriad of solutions out there. Beware of the consultant selling a specific product and implying it does everything.
  • Industry Specific Knowledge: Look for a provider familiar with the legal field. In addition to providing solutions, they should understand some of the common pitfalls and challenges specific to the legal profession.
  • Understanding of Cloud Computing:  Cloud computing is becoming ubiquitous across the business world. Not all firms need a full blown cloud presence, but it does provide some tangible benefits that must be weighed against the traditional practice of buying hardware, software, and support. Finally, your technology provider should be able to quantify and fully explain the process to you.
  • Onsite vs. Remote Support: A quality technology provider will be able to provide both remote support as well as onsite support within a reasonable amount of time. Beware of the provider that demands remote access without understanding the security aspects of granting that access. If a provider has worked in an industry with sensitive data (eg. Financial Services, Healthcare, etc.) then they will understand the risks of remote access and have tools in place to ensure it is done safely.

3. What are the most common areas of risk for solo and small firm lawyers with respect to cyber fraud or technology failures?

The top five most common areas of risk for small firms:

  • Data Loss – Data loss is the possibility of losing business critical data at the most inopportune time. Basic IT functions and processes mitigate this risk, particularly solid backup and recovery processes.                       
  • Malware – Malware is software created to cause damage or create chaos. It has many forms but most forms can easily be mitigated with basic IT functionality and processes.
  • Phishing – Phishing is a “con job.” It is when some individual or entity tries to trick you or your employees into providing information to which they are not entitled to such as user IDs, passwords, or sensitive data. It can be initiated in many forms, but for small offices, the number one way is through a fraudulent e-mail. The best mitigation for this risk is via awareness and education. Basic IT functions and processes also help mitigate this risk.
  • Weak Passwords– This is fairly self-explanatory. Many breaches start with the procurement of a user’s ID (many times easily guessed) and then using trial and error to guess the password. Here are some very common passwords:
    • Password
    • 123456
    • 12345678
    • 1234
    • Qwerty
    • 12345
    • dragon
    • baseball
    • football
    • letmein
    • abc134

If you have one of these, your account will be compromised sooner or later. My most important advice is to make sure you have complex passwords that are not easily guessed.

  • Old/obsolete technology – Technology is rapidly changing and the reality is that most forms of technology are released without enough testing and vetting. Many firms do not have the time or expertise to constantly update every application, operating system, or hardware without a full-time staff or full service managed service provider. This is by far one of the easiest risks to mitigate, but consumes a great deal of time. It is one of the main selling points for moving to the cloud.

4. What is the advantage of moving to the cloud?

Cloud technology means having your data and/or applications available to you from anywhere at any time. Instead of having your data and applications reside on your physical equipment, you contract with a cloud provider that takes care of most basic IT Processes for you letting you concentrate on your business.

Advantages:

  • Little or no upfront capital/startup costs – Since you no longer need to buy the hardware or software, your capital costs are normally very low.
  • Lower TCO (Total Cost of Ownership) and Consistent/Predictable cost – With your cloud provider taking care of all equipment, applications, upgrades, updates, security, patching, backups, disaster recovery, and all other IT processes, you reduce your time commitment and costs to interacting with your cloud provider. This allows you to spend less on technology support and more for someone to help you modernize and automate your processes.
  • Greater flexibility on how you share or use your data and applications – Since your data is available to you from anywhere, you can share your data and applications as needed. No longer do you have to come to the office on Sunday afternoon to prep for that hearing on Monday because all the pertinent files are at the office. The cloud provides you the freedom to work from wherever you are as long as you have an internet connection. Many applications have been optimized for tablets or smartphones allowing you to no longer carry a laptop.
  • Collaboration – With the flexibility offered by the cloud, it is now easier than ever to share documents with software providing version control so multiple people can update the same document at the same time.
  • Improved security – With large cloud providers managing the majority of IT processes, they have large departments dedicated to ensuring that their equipment and applications are upgraded regularly, updated timely, patched when appropriate, and protected with the latest security controls.

Disadvantages:

  • Dependent on internet connectivity – You must have access to a quality internet connection to utilize the cloud. If you are in a cabin in the woods with limited internet connectivity, you will not be able to access your data and applications.
  • Monthly costs – Cloud computing is not cheap (but it gets less costly every year). Whereas in the past you would purchase a piece of software once, you now have to pay a monthly fee to continue access to that application.
  • Difficulty to switch providers – Many application providers will use proprietary technology locking you into their solution unless you are willing to jump through many hoops to migrate to another service provider. There are ways around this and many vendors are utilizing standards, but it is something with which you must be aware.

5. What are the top tips for lawyers and support staff to maintaining a safe office with respect to technology?

  • Education – So many technology issues and security incidents could be prevented with just a little bit of knowledge. Take the time to learn about basic things you can do to help secure your data and infrastructure. A managed service provider should be able to provide all this knowledge for you in an easy to understand manner.
  • Backups – Although cybercrimes and hacking in particular receive all the headlines, the top IT related problems seem to involve some type of hardware failure or human error where data is lost. The best way to mitigate this is by having a solid data backup strategy.
  • Keeping software and hardware current – This is one of the easiest but most time consuming areas. If you do not keep up to date on upgrades, updates, and patches, your data is at risk. This basic IT function is easy to execute, but takes a great deal of time. It is one of the best reasons to have an IT service provider help you with your technology needs.

6. Anything I haven't asked that you would like to tell our readers?

Seriously consider a managed IT services provider or IT consultant to help you with your technology needs. Take your time and make sure you find someone with whom you are comfortable and build a trusting relationship. When you find a good IT services provider, they will not become just another vendor, but an extension of your firm. They should help you manage the business side of your practice so you can focus on your clients’ legal needs.

About the Author

Bassel Farra

bassel.farra@five9stechnology.com | 980-505-8700

Bassel is the co-founder of Five 9s Technology which provides a broad number of technology and business process consulting services to the Legal Community. He has many years of Technology, Risk Management, Compliance, and Business Process experience at some of the largest publicly traded companies. He is a Certified Information Systems Security Professional.

Read More by Bassel >

Related Posts