Category: Legal Technology

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

On March 16, 2022, Google announced the launch of its new analytics solution, “Google Analytics 4.” Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use.

Background

On August 17, 2020, the non-governmental organization None of Your Business (“NOYB”) filed 101 identical complaints with 30 European Economic Area data protection authorities (“DPAs”) regarding the use of Google Analytics by various companies. The complaints focused on whether the transfer of EU personal data to Google in the U.S. through the use of cookies is permitted under the EU General Data Protection Regulation (“GDPR”), following the Schrems II judgment of the Court of Justice of the European Union. Following these complaints, the French and Austrian DPAs ruled that the transfer of EU personal data from the EU to the U.S. through the use of the Google Analytics cookie is unlawful.

Google’s New Solution

According to Google’s press release, Google Analytics 4 “is designed with privacy at its core to provide a better experience for both our customers and their users. It helps businesses meet evolving needs and user expectations, with more comprehensive and granular controls for data collection and usage.”

The most impactful change from an EU privacy standpoint is that Google Analytics 4 will no longer store IP address, thereby limiting the data transfers resulting from the use of Google Analytics that were under scrutiny in the EU following the Schrems II ruling. It remains to be seen whether this change will ease EU DPAs’ concerns about Google Analytics’ compliance with the GDPR.

Google’s previous analytics solution, Universal Analytics, will no longer be available beginning July 2023. In the meantime, companies are encouraged to transition to Google Analytics 4.

Read Google’s press release.

Article By Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more cybersecurity legal news, click here to visit the National Law Review. 

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

13 Types of Law Firm Content Marketing That Really Work

If you are unsure about where to focus your law firm’s content marketing efforts, realize that there is more to this marketing strategy than just writing articles. Great content talks to the people that will consume your legal services and also to the search engines to support SEO.  But content has many shapes and sizes so lawyers often wonder what options are appropriate for them.  This article covers 13 types of content that any lawyer or law firm regardless of their practice area can add to their law firm’s marketing strategy.

Law Firm Blog Posts

Blog posts are one of the easiest ways to start creating content and getting your law firm’s name out there. You truly just need to sit down, write about what you know and what you are passionate about, and publish it. Of course, you want to make sure your content is attractive to your target audience, so use your market research to craft posts that are easily understood by and interesting to your audience. Marketing savvy law firm owners develop a theme to their blogs so after one year of producing content, they can stitch the material together in e-book or white paper format.

Infographics

Infographics are a powerful tool for lawyers and law firms to reach their target audience. Research indicates that people remember 65% of the information they see in a visual format, compared to just 10% of what they hear. Some attorneys shy away from creating infographics, but there are many online design tools to make it quick and easy to produce this type of original content for your law firm. Infographics can live on your website and even be repurposed in your firm’s social media presence or collateral materials. They are a great way of explaining steps in the legal process or even the interpretation of complicated laws.

Podcasts

This type of content requires lots of planning and time, but it can pay off in spades. Creating your own podcast that answers legal questions or explains complex legal concepts in fun, easy-to-digest ways allow you to reach a massive audience of potential clients with interest in your area of practice. Podcasts are a great idea for attorneys that have clients with similar issues. For a family law attorney this might include child custody issues or post-decree matters.  A business attorney might have clients facing issues related to corporate formation or the hiring of vendors. Having a practice area-centered podcast with episodes that focus on issues that potential clients commonly struggle with will help you attract a greater audience of listeners.

Video Marketing

Videos showcase your personality, highlight what unique traits you bring to the table, and create a connection with potential clients. Integrate search terms into your video headline and description to bring in even more traffic to your website. YouTube is the “second largest search engine behind Google,” making it a great platform for uploading and sharing your law firm’s videos. These videos can be focused on the same frequently asked questions that you would answer in written format on your website. They can also be a case study or even a client testimonial.

Guest Posts

Publishing your content on other websites expands your network, strengthens your own website’s search engine optimization, and helps build your law firm’s brand—you have a lot to gain from just one post. You can publish on other legal blogs, magazines, and local publications. Guest posting is an easy way to credential your practice through bylines and repurposable written content.

Newsletters

Whether you publish monthly or quarterly, do not give up on your law firm’s newsletter. While some people have eschewed their newsletters for more modern forms of content, you leave out a significant part of your client base when you do so. For maximum effect, stick to a strict publication schedule that allows you to share valuable, relevant information—do not just send out a newsletter for the sake of it. Depending on your needs, you could do an e-mail newsletter, a print newsletter, or both. The biggest challenge for law firms and newsletters is staying on schedule and determining in advance what to say. Marketing savvy law firms develop an editorial calendar for their newsletters one year in advance, so they are never scrambling to publish the newsletter.

White Papers

Driven by data and statistics, white papers look at a specific issue within your practice area and dig deep into the information surrounding it. The information provided in a white paper also provides a path forward for solving the proposed issue. Law firms can successfully produce their own white paper content and keep it on their website to connect with potential clients. But be sure to use the help of a graphic designer if you intend to create a white paper for your law firm. Their creative eye will help make your content stand out to readers.

Curated Content

Sharing resources with website visitors and clients shows that you genuinely care about their wellbeing, not just getting them to become paying clients. You might create listicles that link out to useful resources and guides. These work great for consumer-facing practices that serve populations that might need guidance outside of their legal matter. For instance, a plaintiff personal injury attorney could publish ideas on mental health and wellbeing after being treated for a serious car accident. Your goal in using curated content is to be a central hub for the information your audience could need to know about your practice area and how it affects their lives.

Testimonials

Satisfied clients are often the best form of advertising. If potential clients see that you have successfully solved the problem they now face, they have substantial motivation to reach out to you. Testimonials and reviews can be collected and curated to be their own page on your law firm website. However, ensure that you are working within the laws and ethics that regulate law firm and lawyer advertising as this can be a sticky area of law firm marketing.

E-Books

Compared to print books, e-books require almost no financial output and are incredibly easy to share. Some attorneys use electronic books as a vehicle to provide in-depth guides for clients interested in their legal services, while others repurpose blog content into an e-book for easy reading. You can also write an e-book and use it as a lead magnet—for example, a construction defect attorney might give a copy of “7 Things You Need to Know Before Buying a Newly Built Home” to those who sign up for their e-mail list.

LinkedIn Articles

One type of content that is often underutilized is LinkedIn content. When you write an info-rich LinkedIn article and share it with your network, they can share it with their network. Your reach can multiply quickly with just one piece of well-written content. This is an excellent strategy for expanding your professional network, increasing the likelihood of client referrals and brand recognition.

Tutorials

Guides and tutorials offer detailed step-by-step instructions on specific tasks, which is content that consumers can use right away. The topics you cover depend on your audience and area of practice, so you could start by finding out what struggles your target market has and what legal issues you can immediately alleviate. For example, a family law attorney might write a how-to guide on gathering financial documents and other paperwork for easy analysis of assets during a divorce. A business law attorney could do a screencast of how to register a business in their state and set up tax filing.

Lectures and Speaking Engagements

When you establish yourself as a leader among your peers, you are in an excellent position to gain acceptance as an expert among potential clients. You can host CLE events and dig deep into a topic relevant to your area of practice, serve as a speaker at legal conferences, and share your expertise at other industry events. Be sure to share any video content of your speaking engagements on your website. If your speech is later transcribed, it becomes another content source that could bring in clients and contacts.

For modern law firms, content is a key component in their marketing and business development strategy. Everything on this list of content types will funnel traffic back to your law firm’s website. By integrating different types of content into your marketing plans and on your website, you can reach clients from all walks of life while establishing your position within your practice area.

© 2022 Denver Legal Marketing LLC
For more articles about law firm management, visit the NLR Business of Law section.

February 2022 Legal News Roundup: Women in Law, Promotions & More

Happy belated Valentine’s Day from the National Law Review team. Please read on for new legal industry hires, promotions and awards.

Firm Recognition & Awards

Much is included on the 2022 Top Workplaces USA list, which recognizes organizations with a people-centered culture.

“At Much, our culture centers on people: our employees, our clients, and our community partners,” said Managing Partner Mitchell Roth. “We work each day to support a collaborative, kind, and service-oriented environment, so to be recognized for our culture on a national level is a tremendous honor.”

The rankings are based on employee feedback from a survey administered by Energage, an employee engagement technology partner. The survey gauged various aspects of workplace culture, including  alignment, execution, connection, and more.

Womble Bond Dickinson is one of the Best Places to Work for lesbian, gay, bisexual, transgender and queer (LGBTQ+) workplace equality, earning a perfect score of 100 percent on the 2022 Corporate Equality Index (CEI).

The survey is administered by the Human Rights Campaign, and acts as a benchmarking tool to track how businesses are adopting equitable workplace policies, practices and benefits for LGBTQ+ employees. Womble Bond Dickinson earned perfect scores every year since 2015.

“We are honored to be named one of the HRC’s Best Places to Work for LGBTQ+ Employees once again,” said Betty Temple, Chair & CEO of Womble Bond Dickinson (US) LLP. “We at Womble Bond Dickinson have worked hard to promote diversity and inclusion. These efforts include earning Mansfield Rule 4.0 Certification. The goal of the Mansfield Rule is to boost the representation of historically underrepresented lawyers—including LGBTQ+ attorneys—in law firm leadership, partner promotions and lateral hires by broadening the pool of candidates considered for these opportunities. We have much more work to do, but we are proud to be recognized for the progress we have made.”

Lawdragon recognized Foley & Lardner partners Daniel Kaplan, John (Jack) Lord, Jr., and Rachel Powitzky Steely on its 2022 edition of 500 Leading U.S. Corporate Employment Lawyers, an annual recognition of the nation’s top advisors on workforce issues. Lawdragon selected the honorees based on submissions, editorial vetting and journalistic research.

Lawdragon said that this year’s honorees “specialize in defending corporations in everything from wage and overtime claims to trade secret disputes, while helping companies maintain global workforces throughout a pandemic.”

Law firm Hiring & Additions

Varnum LLP expanded its intellectual property practice with the addition of Timothy D. Kroninger. Joining the firm’s Detroit office as an associate, Mr. Kroninger focuses his practice on copyright law, trade secret law, patent and trademark prosecution and more. He also has experience in drafting design patent applications, as well as participating in United States Patent and Trademark Office (USPTO) trademark opposition proceedings.

Beyond his practice at Varnum, Mr. Kroninger works as a supervising attorney in the Trademark and Entrepreneur Clinic at University of Detroit Mercy College of Law. There, he instructs law students on copyright registration, drafting corporate documents, and protection of trademarks.

Beveridge & Diamond PC elected four new principals: Eric Christensen, located in SeattleAllyn Stern, located in Seattle; Michael Vitris, located in Austin; and Gus Winkes, located in Seattle. Mr. Christensen practices in energy law, assisting companies and consumers in navigating the legal and regulatory landscape. Ms. Stern, former U.S. EPA regional counsel, helps clients develop environmental compliance strategies. Mr. Winkles practices in a variety of fields, providing solutions-oriented legal representation in the areas of enforcement defense, regulatory compliance, and contaminated site cleanup. Mr. Vitris, former litigation attorney with the Texas Commission on Environmental Quality, defends companies in class actions and environmental mass torts.

“Each of these Principals’ talents, skills, and expertise deepen and enhance B&D’s dynamic regulatory compliance and litigation practice as environmental and energy law continue to evolve,” said firmwide managing principal Kathy Szmuszkovicz. “They’ve proven their ability to deliver top-notch service to clients and to serve as thought-leaders at a particularly exciting time in our practice. We look forward to their continued success and contributions in their new roles.”

Barnes & Thornburg LLP added five new attorneys and legal professionals across various offices. Associate William Choi  joined the firm’s Los Angeles office, and associate Albert D. Farr joined the New York office. Mr. Choi focuses his practice on product liability and complex civil litigation, and he is well-versed in all aspects of pretrial case management. Likewise, Mr. Farr practices in transactional tax law, counseling multinational strategic and private equity clients on transaction tax structuring, tax diligence and more.

Furthermore, legal professionals Amit DattaAl Maloof, and Soyoung Yang joined Barnes & Thornburg’s ChicagoIndianapolis, and Washington D.C. offices, respectively. Dr. Datta, a business transaction advisor, provides targeted legal advice and strategic insight for European clients conducting business in the U.S. Mr. Maloof, a client relationship specialist, provides strategic consultation among the firm’s government services, compliance and regulatory attorneys. Ms. Yang, a legal fellow, aids attorneys and clients on matters related to international trade, customs and the supply chain.

William L. Nimick  joined the Construction Litigation and Counsel practice group at Goldberg Segalla LLP. An experienced litigator, Mr. Nimick is located in the firm’s Raleigh office, where he counsels insurers, contractors, subcontractors and corporate entities in liability claims including but not limited to property damage, personal injury and construction defects.

Previously, Mr. Nimick worked as a civil litigator across North Carolina, representing clients in areas such as wrongful death, workers’ compensation, and subrogation. Specifically he  handled subrogation claims such as motor vehicle accidents, product liability lawsuits and large fire losses.

Women in the Legal Industry

Angela Bowlin of Frilot LLC law firm has accepted a position serving on the International Association of Defense Council (IADC), an organization for attorneys who represent corporate and insurance matters. Ms. Bowlin focuses her practice on mass torts and class actions, with experience in asbestos and other toxic tort cases.

“I am honored to have been selected as a member of IADC and look forward to working on the many important committees related to the law and its many facets,” said Ms. Bowlin.

Nicole Archibald joined Foley Hoag LLP as their Director of Legal Recruiting. Ms. Archibald will work alongside the Foley Hoag team to attract and promote a diverse group of attorneys to help the firm achieve its diversity and inclusion goals.

“We’re very pleased to welcome Nicole to Foley Hoag, and are confident that she will be a great asset to the firm and its culture. Her considerable prior experience as a director of recruiting, legal search consultant and practicing litigator will prove a valuable asset as we look to 2022 and beyond. Our executive committee, practice leaders, hiring committee and I are excited to begin working with Nicole to attract new talent and strengthen our market-leading practices,” said Foley Hoag Co-Managing Partner Kenneth Leonetti.

“I look forward to collaborating with Foley Hoag’s management, department chairs and practice leaders, and hiring committee to develop, implement and execute proactive recruiting initiatives to further the firm’s hiring goals and strategic growth plan,” said Ms. Archibald.

Norton Rose Fulbright appointed New York partner Robin Adelstein as the Co-Head of Commercial Litigation, joining Houston partner Andrew Price. Ms. Adelstein brings extensive experience in litigating complex commercial disputes and advises companies with respect to antitrust issues regarding mergers, joint ventures and more.

“Robin has long been respected as a leader within the firm as our Global and US Head of Antitrust and Competition, and she is a highly-recognized practitioner in her field. I look forward to seeing the great work that our commercial litigation group will do under Robin’s and Andrew’s leadership,” said Jeff Cody, Norton Rose Fulbright’s US Managing Partner.

“Our firm has a longstanding reputation for advising clients on their most complex and significant matters. It is an honor to head Norton Rose Fulbright’s commercial litigation group along with Andrew; I am proud to be leading such a talented group of lawyers,” said Ms. Adelstein.

Article By Rachel Popa, Hanna Taylor, and Chandler Ford of The National Law Review / The National Law Forum LLC

For more on the business of law and legal news, click here to visit the National Law Review.

Copyright ©2022 National Law Forum, LLC

Patch Up – Log4j and How to Avoid a Cybercrime Christmas

A vulnerability so dangerous that Cybersecurity and Infrastructure (CISA) Director Jen Easterly called it “one of the most serious [she’s] seen in [her] entire career, if not the most serious” arrived just in time for the holidays. On December 10, 2021, CISA and the director of cybersecurity at the National Security Agency (NSA) began alerting the public of a critical vulnerability within the Apache Log4j Java logging framework. Civilian government agencies have been instructed to mitigate against the vulnerability by Christmas Eve, and companies should follow suit.

The Log4j vulnerability allows threat actors to remotely execute code both on-premises and within cloud-based application servers, thereby obtaining control of the impacted servers. CISA expects the vulnerability to affect hundreds of millions of devices. This is a widespread critical vulnerability and companies should quickly assess whether, and to what extent, they or their service providers are using Log4j.

Immediate Recommendations

  • Immediately upgrade all versions of Apache Log4j to 2.15.0.
  • Ask your service providers whether their products or environment use Log4j, and if so, whether they have patched to the latest version. Helpfully, CISA sponsors a community-sourced GitHub repository with a list of software related to the vulnerability as a reference guide.
  • Confirm your security operations are monitoring internet-facing systems for indicators of compromise.
  • Review your incident response plan and ensure all response team information is up to date.
  • If your company is involved in an acquisition, discuss the security steps taken within the target company to address the Log4j vulnerability.

The versatility of this vulnerability has already attracted the attention of malicious nation-state actors. For example, government-affiliated cybercriminals in Iran and China have a “wish list” (no holiday pun intended) of entities that they are aggressively targeting with the Log4j vulnerability. Due to this malicious nation-state activity, if your company experiences a ransomware attack related to the Log4j vulnerability, it is particularly important to pay attention to potential sanctions-related issues.

Companies with additional questions about the Log4j vulnerability and its potential impact on technical threats and potential regulatory scrutiny or commercial liability are encouraged to contact counsel.

Article By Philip J. Bezanson, Brittney E. Justice, Claire E. Cahoon, and Seth D. DuCharme of Bracewell LLP

For more cybersecurity legal news, click here to visit the National Law Review.

© 2021 Bracewell LLP

Privacy Tip #309 – Women Poised to Fill Gap of Cybersecurity Talent

I have been advocating for gender equality in Cybersecurity for years [related podcast and post].

The statistics on the participation of women in the field of cybersecurity continue to be bleak, despite significant outreach efforts, including “Girls Who Code” and programs to encourage girls to explore STEM (Science, Technology, Engineering and Mathematics) subjects.

Women are just now rising to positions from which they can help other women break into the field, land high-paying jobs, and combat the dearth of talent in technology. Judy Dinn, the new Chief Information Officer of TD Bank NA, is doing just that. One of her priorities is to encourage women to pursue tech careers. She recently told the Wall Street Journal that she “really, really always wants to make sure that female representation—whether they’re in grade school, high school, universities—that that funnel is always full.”

The Wall Street Journal article states that a study by AnitaB.org found that “women made up about 29% of the U.S. tech workforce in 2020.”  It is well known that companies are fighting for tech and cybersecurity talent and that there are many more open positions than talent to fill them. The tech and cybersecurity fields are growing with unlimited possibilities.

This is where women should step in. With increased support, and prioritized recruiting efforts that encourage women to enter fields focused on technology, we can tap more talent and begin to fill the gap of cybersecurity talent in the U.S.

Article By Linn F. Freedman of Robinson & Cole LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.

How to Build a Legal Blog from the Ground Up

Blogging is one of the most straightforward ways to share your legal expertise, strengthen your reputation amongst peers and potential clients, and become a valuable resource to your community. Once you know basic SEO principles and have a writing schedule that you stick to, it can be fairly simple. You already have the expertise. Now, learn how to share it by creating an engaging, educational, and helpful legal blog.

Before All Else, Know Your Law Firm’s Target Market

Being an expert in your area of practice is one thing; effectively sharing that knowledge with your target market is another. One issue that legal professionals run into while blogging is failing to write to their audience. When writing to non-lawyers, avoid using legal language that lay people do not understand, cite sources in a way that does not interrupt the flow of your writing, and avoid an overly formal tone.

You already know who your target market is: your clients and potential referral sources. If your goal is to connect better with potential clients, write in a way that appeals to their needs and is easily readable. It is easy to write about complex, multifaceted issues in a technical and legally accurate manner, but it is an art form to write about those same topics in a way that a person with no legal background can digest.

If your target market is lawyers—as is the case when you rely primarily on other attorneys for referrals—feel free to write in a way that connects with other attorneys. Still, avoid jargon and make sure that your work is clear and concise, as unnecessary “filler” bogs down your writing and can lose readers.

Regardless of who you are marketing your blog to, make sure that your tone matches your branding as well as your intended audience. If you are not writing in a way that connects with your audience, the time you put into your blog will not pay off.

Top SEO Tips for Law Firm Blogs

Knowing just a handful of common SEO tricks and techniques is enough to get you started. As you expand your legal blog and spend more time using it as a marketing tool, you may wish to invest in marketing services that allow you to expand your reach. To begin, use these techniques in your writing:

Diversify Your Law Firm Blog Posts

This is a tough balance to strike. You want to be narrow enough that people know what type of topics to expect every time they visit your blog, but you also want to be diverse enough that people do not get bored. Mix up your content between evergreen topics and trending topics. Articles that are not contingent on timely topics bring in readers over years, while trending topics can bring big boosts of readers as they are relevant to current events. Both are necessary to maintain high traffic and get new eyes on your website.

In addition, consider diversifying blog post lengths. Data from HubSpot indicates that long-form posts perform best, with the target range being around 2,000 words. Still, if 200, 500, or 1000 words will suffice, padding it out to 2,000 words is a waste of your readers’ time. What this does mean is that you should spend considerable time crafting in-depth posts that answer questions and offer clear value to readers. The shorter posts can also be helpful when the point is clear and they are meant to be quickly read through.

Make Law Firm Blog Posts Engaging and Attractive

No one clicks on a blog post and wants to be hit with a wall of text. There are many ways you can make your posts easy to digest, attractive, and welcoming. Make use of subheadings and bold text within your posts, which not only break up your information, but signal important key topics to search robots. White space through paragraph breaks is a great way to increase readability of longer posts.

In addition, posts with relevant images get 94% more views than those without images. To avoid copyright issues, use royalty-free image sources like:

You can also create or commission infographics that sum up the main points of your post into an easy-to-share format.

The Power of Consistent Action

When you commit to blogging, commit fully with a realistic schedule. When lawyers begin blogs, they often plan on posting whenever their schedule allows. Unfortunately, this often translates into occasional posts or an empty blog. A blog that has not been updated for weeks or months tells potential clients that you may not be active, that you may be too busy for new clients, and that you may not even be in business anymore. By creating a consistent blog schedule, you can get into the habit of producing high-quality content and steadily increasing your readership each week.

Your legal blog could help you reach an entire new audience. From new professional connections to new clients, the benefits of a legal blog are endless.

© 2020 Denver Legal Marketing LLC\

For more on legal marketing, see the National Law Review Law Office Management section.

Leveraging Your Microsoft Assets in this Remote Access World

The COVID-19 pandemic has led to an enormous increase in remote work. Organizations without remote access capabilities have adapted and implemented new solutions, while organizations with existing solutions have been forced to evaluate new capacity requirements and scale their solutions accordingly. You may be surprised to learn that your existing Microsoft assets include functionalities for remote access, and you can get rid of redundant or more costly solutions. Your Microsoft subscription, license, operating system, software, service, etc. should all be reviewed in some capacity at this time.

“In recent years, Microsoft has made a multitude of investments and changes to its portfolio and offerings,” says Scott Riser, Director of Microsoft and Data Management Services at Plan B Technologies, Inc. (PBT). “Some of these changes are quickly noticed during renewals or annual reviews, such as Microsoft Server Operating Systems licensing. However, many changes have happened ‘in the background’ and could easily be missed by organizations,” Riser says. “Make sure you’re taking advantage of your existing Microsoft assets, and know your entitlements – especially now.”

Most of these changes go beyond the typical Microsoft portfolio of Office products and Operating Systems. Microsoft has placed significant focus in the areas of security, video and audio conferencing, VOIP, virtual desktop, artificial intelligence, and cloud computing. Many of these Microsoft assets, which are likely already in your organization, are gaining additional functionality for your remote workforce. This can be done with minimal management overhead and reduced implementation costs over competitive third parties. So how do you ensure that your organization is properly leveraging its current Microsoft assets?

Know What You Have

Leveraging Microsoft assets to the fullest starts with knowing what your organization has purchased, and to what it is entitled. This goes beyond Microsoft assets alone and a full inventory of software, services, and features within your environment should be performed sooner rather than later. This full evaluation serves three purposes. First is that of an internal audit to ensure your organization has the proper number of licenses for each product and to correct licensing infractions before you incur hefty true-up costs or additional licensing fees. The second purpose is educational, as it provides technical staff and administration an understanding of the entitlements each software or service provides. This is particularly valuable since Microsoft 365 cloud subscriptions now include licenses for some on-premise systems. The third purpose of this evaluation is to identify overlaps in features and functionality among products to lower costs, simplify management of the environment, and promote productivity.

Failure to perform a review of current entitlements can result in a significant overspend and an overly complicated environment that is more difficult to manage. For example, your organization could be using a third-party Multi-Factor Authentication (MFA) provider when an already purchased Microsoft subscription has MFA built in, or you may have purchased an MDM solution that overlaps with an existing entitlement to System Center and Windows Intune.

With information from these internal audits, organizations are better suited to make impactful decisions while controlling cost. Once your organization understands what it is entitled to within your existing environment, you must then determine situational awareness for future planning and sustainability. Items that should be included in planning for the future include (but are not limited to) security, management, user workflow and communication.

Secure the Environment

If your workforce is now remote, has your organizational data gone remote as well? Now that most organizations have been required to provide users with remote access, either through Virtual Desktop infrastructure (VDI), cloud-based applications or internet portals, the attack surface for exploitation by bad actors has never been larger. This puts organizations at greater risk of a security breach. Knowing this, Microsoft has invested billions of dollars to protect their product offerings and combat cyber criminals.

Microsoft now has a full portfolio of security offerings, and buildings full of teams dedicated to securing their services and platforms as well as assisting criminal investigations. User identity has become the new perimeter for data as organizations move to cloud-based technologies and a remote workforce. This has been the case for years as VPNs and firewalls have limited preventive impact when a bad actor has credentials to access them. Microsoft has been active in making user identity more secure with easily implemented tools and access policies while also integrating artificial intelligence and improved reporting. These products and features include Windows Hello, Azure Multifactor Authentication, Conditional Access, Credential Guard, and User Sign-in Risk Reporting/Alerting amongst others.

Identity of course is only one attack vector that can be exploited. Therefore, it is essential to secure end user devices and the infrastructure where data is located. Microsoft Defender and Advanced Threat Protection (ATP) is ideally suited to protect servers and end user devices when implemented properly. Plus, it’s included in many Microsoft 365 subscriptions.

“In the past, Defender has received a stigma of being unreliable and faulty,” says Scott Riser, “but Defender has since become one of the most reliable pieces of security software available today. Why? According to Microsoft, over 1 billion devices are currently running the Windows 10 operating system, providing trillions of telemetry data points to continuously improve all Microsoft security services. And as a result, Microsoft has the largest security footprint in the world.”

The data provided by Defender from these devices is reported to artificial intelligence algorithms as well as Microsoft security teams to patch security flaws and update anti-virus definitions at unparalleled levels in the industry. It is also important to note that Microsoft Server Operating systems utilize Defender and the Defender platform can be upgraded to Defender ATP software to enhance built-in capabilities and provide additional security for on-premise data.

With an increasingly remote workforce, many organizations have moved their data to Exchange Online, SharePoint Online, and OneDrive for Business. Microsoft has built-in security solutions for these platforms as well. Depending on the Microsoft subscription that you’ve purchased, Exchange Online Protection, Azure Information Protection, Microsoft Advanced Threat Protection and Azure Advanced Threat Protection, can all be utilized to secure data stored in these locations. Furthermore, Microsoft understands that some organizations require more control over their data and systems in Infrastructure as a Service solutions such as Azure and AWS. For this, a combination of Defender ATP and Azure Sentinel can provide real time analytics and automated responses for detected breaches based on custom workbooks in a pay-as-you-go model.

All these security measures protect against bad actors attempting to breach an organization’s data. This of course does not protect an organization from internal threats, such as disgruntled employees or the inevitable human error. Organizations must now secure data from exfiltration which is not as simple as preventing all data from leaving the organization. The problem is more nuanced. A full lockdown, though simpler, would prevent your organization from essential collaboration with its staff and clients. Failing to protect data internally may result in proprietary data inadvertently shared with a client, or competitor, or being lost entirely. In healthcare and financial services, it can result in a loss of personal identifiable data, or banking information, which carry hefty fines from regulatory bodies.

Microsoft Data Loss Prevention (DLP) is the solution to this issue. With DLP, custom policies can be defined by an organization to determine data that should not leave the organization. It can also remind a user to review data being sent as it could possibly be confidential. DLP continues to gain traction in Microsoft 365 settings as the need to protect cloud-based collaboration platforms such as Teams and OneDrive grows. DLP can also be implemented in some areas of on-premise infrastructure. Exchange has built-in DLP features that often go overlooked. Organizations tend to use Mimecast, Proofpoint, and other third-party vendors for these solutions while the built-in functionality remains unconfigured.

Device Management and Compliance

Another challenge of a remote workforce is the ability to maintain and manage devices, both corporate-owned and user-owned. Multiple organizations have made significant investments in System Center Configuration Manager (SCCM), only to find that policies and updates have not applied to end user devices unless they are on the network or connected via a VPN. Organizations can expand their SCCM environment to include cloud distribution and management points for devices that are not on-premise.  But this is not always an ideal solution as it requires additional infrastructure and configuration with SCCM. This has led to a rise in the use of Mobile Device Management and Mobile Application Management solutions such as Microsoft Intune. Through co-management, organizations can continue to utilize SCCM in conjunction with Intune for management of all devices regardless of corporate connectivity. This was further emphasized by the recent integration of the license offerings to provide Intune subscriptions for those with SCCM Client licensing and vice versa.

Collaboration and Communication

Securing and managing a remote work environment is important but ensuring users can communicate and collaborate on work that was previously performed in the office is one of, if not the biggest, challenges. Daily interactions between corporate users should be considered since the ability for face to face interaction through office meetings, business lunches, and other personal touches has significantly declined. These interactions are now being held through chat programs and conference calls. External communication is one of the primary reasons that Microsoft is still considered the industry leader for collaboration software with many companies utilizing the Microsoft Office suite.

A frequently overlooked solution included in your Microsoft 365 subscription is Microsoft Teams which provides instant messaging, document collaboration and audio/video teleconferencing. Furthermore, Microsoft Teams is integrated with and supported by other Microsoft products. It’s also governed by Advanced Threat Protection and Data Loss Prevention services to provide a more secure platform than its competitors with minimal (if any) additional investment. Microsoft Office can be customized based on the needs of the user and can easily be secured and managed when used in combination with other Microsoft offerings.

Getting the Results

Challenges continue to present themselves as users work remotely and organizations refine how they operate. With a vast majority of organizations utilizing Microsoft products in some way, it is important that entitlements are understood to reduce costs and complexities. Organizations can improve their return on investment (ROI) or make new investments once this is understood. Leveraging Microsoft service offerings can be optimized beyond the traditional use of Office products and Operating Systems, to provide a secure, managed, agile, and accessible environment for users regardless of their location. The result will be a streamlined, cost effective, collaborative environment that strengthens your organization’s bottom line.

© 2020 Plan B Technologies, Inc. All Rights Reserved.

For more on technological solutions for law firms and other industries, see the National Law Review Law Office Management section.

3 Cyberattacks and 3 Practical Measures Lawyers Can Take to Protect Themselves

Hackers are targeting lawyers with cyberattacks, and coronavirus is making things worse. With the recent Covid-19 pandemic and the resultant remote work, hackers are exploiting lawyers with even greater intensity. The ABA Journal recently reported that “scams multiply during the COVID crisis.”

The Top 3 Cyber Attacks Targeting Law Firms

You’re probably displaced from your usual working space and feeling out of whack. That sets the stage for hackers to advantage of the confusion — and your home computer setup. You need to know the traits of the most common cyberthreats so you can identify a scam.

1. Phishing Email Scams

Hackers send phishing emails that impersonate a legit sender and fool the recipient into giving up information. Most phishing scams trick their victims into clicking on malicious URLs. These phishing links redirect the victim to fake sites — most commonly, the spoofed login pages to Office 365 and online baking — and capture their username and password. Now that the hacker has these credentials, they can legitimately access confidential data or withdraw funds.

In 2018, nearly 80% of law firms experienced phishing attacks, according to security research firm Osterman Research. As COVID-19 increases anxiety and the amount of emails in your inbox, hackers have taken advantage. In mid-March 2020, right as COVID-19 ramped up in the United States, hackers purported to be the World Health Organization (WHO). The phishing email asked the victim to open an attachment containing official information on protecting yourself from the coronavirus. Little did they know that opening this attachment downloaded a keystroke logger that records what’s being typed. Keystroke logging is typically used to capture even more login credentials so the hacker can access as many sites and services as possible.

For further details, learn how viral coronavirus scams are attacking computers and smartphones.

2. Ransomware

Ransomeware is one of four of the biggest cybersecurity risks law firms face according to Law Technology Today. This cyberattack is a type of malware that, once installed, denies access to a computer system or data. Typically, email attachments, “malvertising”, or drive-by downloads install ransomware onto devices. To regain access to the compromised device, the victim must wire funds to the hacker. Even if the ransom is paid, it’s not guaranteed that the hackers will restore system access.

3. Data Breaches

Data breaches result in the loss of confidential data or the unauthorized access of that data. They occur after hackers execute a successful phishing or ransomware attack, which are common entry point of a data breach. The loss of this data could have devastating consequences on a law firm. If clients feel that their privacy was violated in the breach, they might sue.

3 Practical Cyberthreat Solutions Law Firms

Law firms can take several practical measures to protect their systems and data. Safeguarding identity and access, encrypting data, and investing in cybersecurity software (if possible) for anti-phishing and anti-malware will lower the risk of a successful cyberattack.

1. Encrypt Data

Lawyers rely on email and document sharing to run their firm. As these documents and communications travel across the internet, they can be intercepted. But when data is encrypted, it is substantially harder for a hacker to intercept. A VPN (Virtual Private Network) encrypts data in a cost-effective, non-intrusive, and reliable way. Creating a secure “tunnel” between your computer and the internet, VPNs protect data using 256-bit encryption. This protocol is so secure that banks and the U.S. government use it to protect classified data.

2. Use Two-Factor Authentication (2FA)

If you’re in the 50% of people who use the same passwords for personal and work accounts, then take note. Weak and reused passwords increase your chances of experiencing a cyberattack. 2FA adds protection to your username and password, making it much harder to compromise your credentials. Think of 2FA as a dynamic, time-sensitive, secondary password.

2FA uses a password alongside a second one-time passcode that is sent to the employee’s device. Unless this code is submitted on the follow-up login screen in a timely manner, it will expire. If codes are not used, then biometric authentication such as a retina or fingerprint scan provide the second factor.

3. Investing in Intelligent IT systems

When dealing with high volumes of very confidential data, you can never be too confident of your online security. The odds are not in your favor: one in four organizations in the US will be breached. And recovering from a breach is pricy. Law firms lose, on average, $4.62 million dollars every data breach. If you worry about the expense of cybersecurity solutions, remember that other number.

You can spend money on anti-phishing, anti-malware, and data loss prevention tools. Or you can not spend the money and risk having to pay a ransom, deal with legal fees, reputational damage, and more. Although it’s a tough pill to swallow in the current economic landscape, preventative security is cheaper than dealing with a breach.

If you cannot afford a cybersecurity system at this time, just update your software whenever you receive a notification. This is the easiest and quickest way to secure your systems. Software updates come with security fixes that will patch any vulnerabilities in your system. Hackers are known to exploit old/known vulnerabilities. Take the time to vet your network or cloud service providers to see what precautions they have to protect your firm from cybercriminals.

You Must Anticipate Cyberattacks on Your Firm 

Law firms possess sensitive data that hackers would love to leverage. Using intelligent IT systems, updating software, encrypting data, and setting up two-factor authentication are the most effective ways that lawyers can protect their data while working remotely during the COVID-19 lockdown.

© Copyright 2020 PracticePanther

ARTICLE BY PracticePanther.
For more legal tech considerations, see the National Law Review Law Office Management section.

Techplace Tickler: eDiscovery Challenges in a Remote Work Environment

In the first episode of our Techplace Tickler series, Danielle Ochs, Tom Lidbury, and Traer Cundiff discuss various eDiscovery-related issues that have arisen during the COVID-19 pandemic when many people are working remotely. They cover data security concerns while working from home, remote document review, and best practices for collecting, capturing, and transferring data remotely.

© 2020, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

For more legal & data security issues amid the COVID-19 Pandemic, please see the National Law Review Coronavirus News section.

Coronavirus and Law Firm Event Marketing: Cancelled, Postponed or Just Different?

Given the current circumstances associated with the coronavirus (COVID-19), a law firm has three choices when it comes to executing on their 2020 event calendar: cancel, postpone, or just change the format. My vote would be for you to change the format wherever you can to stay top of mind and relevant to your client base and referral sources while still practicing a responsible form of “social distancing.”

In-person business development and communication through event marketing involves creating an experience that attendees look forward to, get value from, and associate with your brand. Through hosting various types of business development activities, you can set your law firm up as a networking hub for diverse practices, become a thought leader in your legal niche, and establish a history of credentialing activities that will keep you top-of-mind in your legal community. Virtual events for law firms can, and will, do the same.

It is known that law firm marketing has evolved rapidly in the last decade. In a recent study, 67% of legal marketing professionals and 45% of attorneys listed firm-hosted events as one of the most effective ways to get new clients.  Even with all of the new marketing strategies and techniques, face-to-face connection remains one of the most effective ways to network and gain new clients. In the time of the coronavirus (COVID-19) pandemic that is requiring all industries, even the legal industry, to take a second look at how they will continue to operate effectively under quarantine conditions, law firms need to be flexible in how they market. Event marketing can still take place in the spring and summer of 2020, it will just look a little different than originally anticipated. Excluding large luncheons, parties, and galas, for the most part, technology can allow a law firm to move forward with most of their planned events.

Virtual Business Development Events for Law Firms

Every type of business development event attracts different stakeholders, networking opportunities, and ways to strengthen your law firm’s market dominance. Some types of business development activities for law firms that can be transformed into virtual events include the following:

  • Seminars. Conferences that provide training or updates on legal changes in your area of practice. Many seminars and conferences have scheduled downtime and social time, allowing attendees to network and nurture connections that may lead to future referrals. This networking aspect of a seminar can be done in a virtual manner through private chat rooms or even through a special area of your website that allows for “booths” to be created for information sharing.
  • Legal CLE events. Continuing legal education is an essential part of attorney growth, and since continuing legal education is required for lawyers in most parts of the United States, these events offer clear value to attendees. Speakers at continuing legal education events also have the opportunity to demonstrate their expertise, strengthen their image as an authority in their field, and connect with others in relevant areas of practice. CLEs have been webcasted and recorded for years and the coronavirus outbreak really should have no effect on your law firm’s CLEs schedule. All that is necessary to proceed is to tell your audience it will be a webcasted program rather than a live program, hire a professional videographer, and then add then video and handouts to your website.
  • General education events. These events strengthen a firm’s credibility within the community and demonstrate the firm’s expertise to its target client base. For example, an immigration attorney could host an online Q&A seminar through their Facebook page on recent changes to immigration laws and invite affected community members to attend through that medium. An estate planning attorney may host an informal brown bag luncheon that is webcasted on long-term care options to caretakers of aging family members.
  • Brown bag lunch and learns. Lunch and learn events take advantage of the fact that many attorneys have extremely busy schedules. These events last between 30 and 60 minutes and take place over the lunch hour, letting attorneys fit education or networking into their busy day. Brown bag lunches can also take place in a virtual environment. Attorneys can provide a memorable brown bag experience online through the sharing of relevant documents beforehand that they will go over and using screensharing to direct attention of attendees. Law firms will want to make sure that they pay special attention to small things such as consistency in their lawyer screen names and the background portrayed in their videoconference (i.e. what is behind you or what is around you that the other participants will see and does this portray your law firm in the best way possible).
  • Panels. Panel discussions let attendees learn from multiple experts simultaneously. Question-and-answer sessions provide additional value, allowing attendees to get answers to specific, relevant questions. Panels are easy to convert to a digital format. Be sure to have your moderator use the first name of the person that they are addressing when a question is asked as the conversation has to be directed a bit differently than it would in person when you can connect with body language and eye contact. Also, the audience should know beforehand how their questions can be posed and if they are required to have their computer on mute to control outside noise.
  • Collaborations. Collaborating with businesses relevant to your area of practice expands attorneys’ opportunities for networking. For example, an estate planning law firm may collaborate with a senior activity center to help attendees better understand the needs of aging clients, or an intellectual property law firm may run a seminar with a venture capital firm. These types of collaborations can be moved into a digital format by prerecording them for the audience. The business can easily gather questions that come up from attendees and send them to the attorney or law firm afterward so individual phone calls can be made to the guests as follow-up.

Rather than seeing the need to change the format of their existing events to be virtual as a problem, marketing savvy law firms are seeing this as an opportunity. They are utilizing their existing commitments to being modern law practices with functional, time saving technology to continue to connect with their audience. They are using videoconferencing, webcasting, and video recording to continue to host relevant programming for their community. The real challenge in pivoting an event marketing strategy to be entirely digital for the next 3-6 months will be working with the right type of marketing and videography professionals to engage the audience and drive attendance.

Preparation and Follow-Up

Event success, even for virtual events, is more than just choosing the event for your audience. It is critical to have a clear strategy about how to prepare for your event, execute a successful activity, and follow-up to ensure that it is doing the business development work you expect it to.

Know what success looks like. Prior to the event, you should know which benchmarks you want to reach and have ways to measure those. For example, you may want to hit a certain number of attendees, have representatives from a set number of firms, or yield a specific number of networking connections.

Promote your event strategically. Look into different ways to promote an event including traditional invitations through mail or email, social media, and broadcast or print advertising. Be sure to create a custom hashtag to encourage social media engagement before, during, and after the event.

Expect the unexpected. From technology glitches to presenter snafus, being underprepared can end up turning your potential networking opportunity into a PR nightmare. Make sure to give yourself time to work out all the kinks well in advance of your event date and hire a professional to guide you through the process.

Strategize follow-up activities. Following up with attendees after an event provides valuable information on how successful the event was and whether or not it is worth repeating. Some firms use automated email sequences to gauge the results of an event. Reviewing social media engagement, lead generation, attendance numbers, and other metrics provides valuable insight into the success of the event.

Conclusion

Event marketing in 2020 will need to look a little different for law firms but it still remains an effective tool for fostering professional networking and client connections. With the wide range of events to choose from and also the technology available to today’s law firms, there are many options to help firms continue with their previously planned activity calendar. In addition, when law firms are strategic about how they structure, prepare for, and follow up from their virtual business development event, it can be an incredibly powerful form of marketing that is inexpensive, engaging, and memorable.

© 2020 Denver Legal Marketing LLC

For more on managing events during the coronavirus situation, see the National Law Review Coronavirus News page.