Unless you are an IT or cybersecurity techie like me, you may be afraid of new technology. I recently spoke with Catherine Sanders Reach, director for the Center for Practice Management at the North Carolina Bar Association, about the pain points for attorneys when instituting new cybersecurity technology.
CP: Cyberattacks on law firms of all sizes have been well-documented. Why do you think attorneys are reluctant to use new technology that can provide cybersecurity?
CSR: I think many people have a fear of new technology. Attorneys are no different. Because of their training and the focus on precedent, I think attorneys are hesitant to try new things. I think that a lot of them also get overwhelmed by the privacy and security options.
CP: I think it boils down to proper training and awareness. This is how you do this. This is the process. And if you don’t follow the process, here’s what could happen.
CSR: I think one of the fears is, what if after they spend a lot of money on cybersecurity, they install it wrong? What if it fails?
CP: I don’t think that they should install it, period. I think they should have it installed by cybersecurity professionals. Have it set up, and then train on how to use it. And if more attorneys and people would adopt this type of technology, it would make them much more secure by default. Attorneys would be able to bill more time because their workflow would be optimized and secured.
CSR: I think some of the fear is that attorneys don’t understand the jargon and concepts regarding cybersecurity and may lack understanding of computers beyond the basics of the software they use every day.
CP: I think attorneys are worried they will be expected to sprint before they can even crawl. Education and training are essential. Some cybersecurity software is becoming much more user-friendly and less intimidating than it was five years ago. There are a lot of resources, such as CLEs, that start with the basics of how to crawl. People didn’t go to law school for IT/cybersecurity or to write code.
CSR: Another issue with cybersecurity technology is that it can be perceived as expensive, especially if they don’t have a real sense of what it does.
CP: This is a cost-benefit analysis. A couple of hundred bucks a month sounds expensive. But if you charge $250+ per hour, how many hours do you need to work to pay for a hardened, secure IT ecosystem that’s vetted, tested, and proven? So it’s not expensive when it’s the foundation of your firm.
CSR: Plus, good cybersecurity is a marketing opportunity. You tell your clients you are aware of all the bad things that can happen with their sensitive data and that you are doing everything you can to protect it by implementing the latest security protocols. What about free cybersecurity tools?
CP: You can do a lot of this stuff for free, but if you’re not adequately trained, you will get hacked.
CSR: One of the comments I hear is, “I know I need to do this, but I don’t have the time to learn about it. Besides, I don’t understand this stuff.”
CP: Take some CLEs; there are plenty available. Start understanding what the risks are and ultimately hire a professional. I see a lot of firms, especially the smaller ones, have a friend handling their IT or someone who’s retired from, say, IBM. Their skill set may not be up to date. They’re not going to be aware of cybersecurity best practices. If attorneys invested just an hour from a cybersecurity expert, I think it would be money well spent to give them direction and advice on where to start.