Are You Vulnerable to Phishing?

By Doug Striker, CEO, Savvy Training & Consulting

Sometimes I think about the mind of a cybercriminal and I imagine that they’ve got to be among the most cynical, twisted people on our planet. So many of the techniques that they invent to hack into our computers derive from a sense of disdain and arrogance. Simply put: they think we’re all idiots. I mean, if you invent a fake email that tells people they just won the lottery and they click on it “to find out how much they won,” why wouldn’t you become cynical and arrogant? People behave like idiots!

Of course, most phishing campaigns are way more sophisticated than, “You won the lottery.” Cybercriminals steal our bank’s logo and send us alerts that tell us our account has been hacked. Or they offer pizza coupons from a local delivery spot and we click for the deal. (Hopefully you are no longer clicking the emails from the Nigerian Prince!)

These types of scam emails are called “phishing” scams because the hacker is phishing for access to your sensitive information, such as social security number, bank account passwords and credit card information. When you click the link, either the email downloads malware onto your computer, or it takes you to a criminal web page that looks and acts like a legitimate bank or pizza or lottery website but isn’t.

When you get right down to it, phishing is a scam that targets human nature. Most people are trusting and optimistic by nature! “Oh! I get a free pizza! Yay!” The only way to fight phishing is to educate yourself about the many forms that phishing takes so that you can recognize the scam emails when they hit your in-box… not after you’ve clicked the nasty link.

Every individual I know should better understand phishing scams. But the issue becomes even more critical for law firms, where individuals (who act on human nature), may click on a scam email and unwittingly expose the entire firm (and all of its clients) to an attack.

Law firms have become a plum target for cybercriminals. Why? Because, like banks, law firms store vast amounts of sensitive information on their clients, who range from individuals (sometimes famous, infamous or wealthy) to corporations (also famous, infamous and wealthy). With the key to the law firm’s sensitive client information, cybercriminals can bring an entire firm and all of its clients to their knees.

A year-long Google study recently found that phishing poses the biggest threat to online security. And, according to a recent report from IT security provider LogicForce, hacking attempts were made on over 200 U.S. law firms between 2016 and 2017, 40% of which didn’t even know that they had been breached.

What Can You Do?

Are you taking the necessary precautions today to protect your firm from the next cyberattack? No matter how many firewalls you’ve built, your biggest threat will always be that giant open door into your firm called “Email.” You need to teach your employees to recognize suspicious email so that they can be your first line of defense, instead of your weakest link.

The KnowBe4 security awareness program was created by Kevin Mitnick, infamous hacker and now world-renowned security expert. The KnowBe4 platform starts with an education program that teaches your attorneys and staff how to recognize suspicious emails. Then, you can create simulated phishing emails that you send throughout your law firm. From the results, you know the types of emails that your employees need help recognizing as suspicious and the people who need extra training.

People are less likely to click on a fake email after experiencing one simulation in which they fail. (ie. If they click on a fake phishing scam and discover that they were suckered, they are 20% less likely to do it again.) And that’s after just one simulation! Imagine if you had an ongoing phishing simulation/training program to help your employees keep their guard up!

Here’s how it works:

  • You become a KnowBe4 client
  • Upload your users to the system
  • Launch a baseline phishing test using any number of templates
  • Using the results from that phishing test, launch targeted trainings to help your employees be more discerning clickers
  • Every month or quarter, send out another phishing campaign
  • Track improvements down to individual users over time

This system is updated continuously with new phishing templates that you can use to phish your law firm, learning who is vulnerable to scams and who needs training.

The KnowBe4 system is simple and yet incredibly effective in helping you to build your first line of defense against cyber attackers who know that the weakest chink in your law firm security system is your employees!


Doug Striker is Chief Executive Officer (CEO) of Savvy Training & Consulting, a provider of legal software training solutions. As a former Chief Operating Officer of a prominent law firm, he specializes in helping firms acquire the software platforms they need, training staff for maximum workflow efficiency, and enhancing continuity and bottom-line results. 



Casemaker Tips and Tricks for Feburary

Each month we will be bringing you a few tips and tricks for making your research with Casemaker that much more efficient. This month — emailing or downloading documents, making notes, sorting results, and more.  For more Casemaker tips and tricks follow them on FacebookTwitter, and via the Casemaker blog.


Using History

The History Link in the upper right will provide you with a complete history of all the searches you’ve created, and documents you’ve viewed since logging into the Casemaker system. Each item in the History comes complete with a date and time stamp, as well as a client label if you performed it while logged in to a client. So if you spent Friday evening searching for a particular statute and forgot to save it to a folder, you don’t need to worry! Just click your history to find it again without the hassle. The date and time stamps will help you be able to navigate which of these descriptions is the right one.


Search Operators in Casemaker

Casemaker has a number of search functions that allow you to create complex searches to locate the information you are looking for. Let’s have a quick review of them!

AND searching – Example: Contract Binding

To perform the AND search, simply leave a space. Casemaker sees the space as the AND operator. Our example will give us documents that have the word contract as well as the word binding.

OR searching – Example: alimony OR support

Using OR as the operator will find documents that use either word in the query. In our example, this query will pull up documents mentioning either alimony or support anywhere in them.

NOT searching – Example: property NOT commercial

Using the NOT operator will tell the system to find the documents that mention the first term but do not mention the second. In our example, the query will pull up documents that refer to property but do not mention the term commercial

Grouping searching – Example: (alimony OR support) AND divorce 

This would be the one case where you should use the word AND in Casemaker. Using the parentheses tells the system we want to group these queries. In this example, the system will return documents that mention alimony or support but also mention divorce.

Phrase searching – Example: “right of way” 

This search type tells the system to treat everything in the quotations as if it were one search term. In our example, this means it will only pull cases that mention right of way but not cases that mention the words rightof and way by themselves.

Thesaurus searching – Example: ~parole

The thesaurus search not only locates your search term but also words with the same meaning. In our example query, the search will pull up documents that mention the word parole as well documents that mention any synonyms of the word parole.

Suffix searching – Example: run*

This search will pull up documents that mention terms that begin with the letters prior to the asterisk. In our example, the query will find documents that mention not only run but also any words that start with run such as runner, runs, running and so on.

Proximity searching – Example: tax w/10 property

This search will pull up documents that mention your first term within the number of words you specify of the other term. In our example, this will bring us documents where tax is mentioned within ten words of the term property.


Finding Your Search Terms

You’ve done your search with your keyword or keywords and you have pulled up your first result to read the case. Now, where in the world are your search terms even mentioned? You can find them using the Search Terms arrows in the gray toolbar. Located just above the title when you are reading the case is a gray toolbar. Here you see options to return to results, arrows to move around your list of results documents, as well as the phrase Search Terms with arrows on either side. Clicking on either arrow will take you to the next search term above or below where you are in the case you are viewing.


Copy with Citation and Shareable Link

“Copy with Citation” allows the user to highlight a section of text from a document and copy the content to the user’s clipboard along with an official citation.  A user can also choose to select text and “Copy with a Shareable Link.”  A hyperlink, included with the text in the user’s clipboard, allows any person – even a non-Casemaker user – to view the complete text of the linked case.


Citing References and Citing Cases Graph

When viewing search results, the number of cases that cite the case in question is provided as part of the result set in the right margin.  In addition, a “Citing Cases Graph” is also available that provides a graphic display of the citing cases, by count, on a timeline.  Once in the graph, a user can pick a point in time to see the citing cases and link to them if desired. When you are reading a case, you will see a tab labeled “Citing References” along the top grey bar. This lists all the cases which cited the case you are viewing. You can see Casecheck+ results here and you can also search within this list of cases as well.


Tree View

The Tree View interface consists of an expandable hierarchy is contained in a left-hand sidebar while the center area displays the document content when requested. To navigate you click on the plus and minus symbols to expand and collapse sections of the “tree.” The Casemaker Tree View interface includes all data types and the full archive of data for each respective state


Always Available –  Folders

Perhaps you often print cases that you need, or maybe you download them to your work computer. As you have likely found, the file on your computer or the case you printed are only useful if you have them with you. However, you can access Casemaker from anywhere using a web browser! So instead, you can save the items you need to a folder in your Casemaker account which is accessible from anywhere you can access the web.

The first thing you’ll need to do is to create a folder. Click on the save to folder icon and type a folder name here into the new folder name field. Then just click create.

There are two methods to save a document to a folder. You can click on the Save To Folder icon from the Dark Gray toolbar, choose your folder, and click Save. Or you can click on the orange My Folder Icon next to the search button, and then choose the folder you’d like to use and click OK. This allows the orange folder icon to represent the folder that you’ve selected. Then you can simply click, drag, and drop documents into that folder for saving.

When you are ready to view the contents of your folders, you can click on the white My Folders link at the top of the search area. The listing of your folders is displayed on the left and clicking on your folder will display its contents in the central area of the screen. Once the folder has loaded you have the opportunity to move, rename, or delete the entire folder. You can also utilize the individual check boxes to print, download, email, or throw away individual contents.




Getting the Most out of Dragon – Quick Tip

By Britt Lorish, Partner, Affinity Consulting Group

Now that speech recognition has become common place with the use of smartphone and tablets, we are seeing more and more lawyers using Dragon NaturallySpeaking on their desktops too.  They use it to not only dictate documents and emails, but also to dictate time entries, phone notes and other common items.  It can also be used effectively in navigating the Internet and other commonly used programs, such as practice management systems.

If you are someone who has embraced speech recognition, but wonders how else to maximize your use of this amazing software, consider some of these ideas:

    • Familiarize yourself with the Dragon NaturallySpeaking User Workbook. It is free online and if you are running the Professional or Legal editions of Dragon (which hopefully you are if you are using Dragon in a business environment), it can provide you with a wealth of knowledge about the product and all of its capabilities. Make a commitment to review one section of this workbook per week and I guarantee that your knowledge and use of the product will increase dramatically over a very short period of time.
    • Make a list of phrases or simple tasks that you do redundantly. Automate these items using Dragon custom commands. For example, if you have a standard signature block that you typically insert into emails or documents, or you regularly use standard objections when responding to discovery, these are items that can be automated in a matter of seconds. Simply copy the phrase, signature block, etc. and then say “Add New Command”. The Command Browser will appear. Give the command a name and then paste the text (and/or graphics) into the content box. Click or say “Save” and you now have a custom command.  The next time you dictate the Command name, your text will be inserted automatically.

    • Similarly, if you have proper names or perhaps acronyms that you regularly use, you can easily say “Add New Word” in a box will appear that allows you to indicate both the Written Form and the Spoken Form. This allows you to indicate phonetically how something will be said, versus how it should be typed out.  This can be helpful with unusual names in particular. But I have found it useful as well for when I wish to speak an acronym but have the full name typed out. Below is an example:

    Dragon is an incredibly powerful tool, so explore the depths of what it can do for you!




Technology Training for Lawyers: A Must

By Doug Striker,

Allow me to share a quote as I launch into this blog entry:

“I genuinely believe that the legal industry is at a great inflection point. Our jobs will not look the same ten years from now. Technology advancements for legal services are ripe, and attorneys need to pay attention.”

Now, given my proclivity for celebrating (and driving) the tech-training bandwagon, you’d think I might be quoting myself or a tech guru or an LTC4 source or some other tech professional who is as bananas as I am about technology advancements in the legal industry.

But nooooooo. This source is a lawyer. (Wait! A lawyer who embraces technology?!) And she’s not just any lawyer. She’s Lucy Bassli, assistant general counsel at Microsoft. Ms. Bassli has signed on to teach a course at Suffolk University School of Law’s new certificate program in legal innovation and technology.

This first-of-its-kind online certificate program at Suffolk is exactly what every law school in America should be offering their current students and alumni. Without proper technology understanding, lawyers will be unable to compete in today’s legal marketplace… let alone tomorrow’s.

It is no longer enough to graduate lawyers who have great legal knowledge and prowess. Today’s lawyers need to know how to deliver their thought-products to clients efficiently, securely and error-free. In order to do this, they need a fundamental understanding of today’s legal technologies, combined with the ability to adapt to changes in those technologies as they invariably come along.

Technology skills are no longer a “nice-to-have” for lawyers. They are a must-have.

Tech Skills Impact Your Bottom Line

Bassli goes on to state that the legal field is going through a great “unbundling” – an approach that calls on legal providers to explain exactly how they are pricing each individual service they are offering, making it simpler for clients to shop around for quicker, cheaper solutions.

When you have to compete for clients who can compare your specific cost-per-service to another firm’s, you’d better squeeze as much value as you can out of each dollar you make. And the best way to do that is through efficiencies delivered by technology.

“I want to empower my colleagues with some fundamentals of what legal operations can mean for the delivery of legal services,” says Bassli.

In announcing its new certificate program, Suffolk Law’s Professor Gabriel Teninbaum, director of both the certificate program and Suffolk’s Institute on Legal Innovation and Technology, stated that the adoption of new legal methods and technologies has become a necessity for legal professionals who want to remain competitive.

I think this proves that the demand for strong technology skills in the legal industry is only going to increase with time. Are you prepared?

Doug Striker is Chief Executive Officer (CEO) of Savvy Training & Consulting, a provider of legal software training solutions. As a former Chief Operating Officer of a prominent law firm, he specializes in helping firms acquire the software platforms they need, training staff for maximum workflow efficiency, and enhancing continuity and bottom-line results. He can be reached at, 303-800-5408.




February Solo and Small Firm Networking Events

Solo Small Firm Section networking meetings are a great opportunity to connect with your peers, as well as a practice management and technology discussion forum. The meetings are open to all CBA members, not just Solo Small Firm Section members, the sponsoring entity. Colorado Springs routinely offers CLE credits, although sometimes there is no formal agenda, and no RSVP is required to attend any of the meetings.

We encourage you to think about and prepare questions or ideas to present to the group. Don’t hesitate to e-mail a meeting coordinator to suggest a CLE topic and/or speaker! Click here for more information.

Downtown Denver Breakfast Group – Tuesday, Feb. 6
Breakfast at 7:30 am (reservation in the name of D.A. Bertram).

  • 1884 Restaurant (2nd Floor) inside the Denver Athletic Club, 1325 Glenarm Place, Denver, (303) 534-1211
  • Contact: D.A. Bertram, (303) 871-9300,
  • First Tuesday of every month

Continental Divide Area — Tuesday, Feb. 6
Happy Hour at 5:30 pm

  • Location changes each month, contact Sandra for details
  • Contact: Sandra Nettleton, (720) 232-0367,

Colorado Springs – Wednesday, Feb. 7
Lunch at 11:30 a.m. — Topic: “Legislative Process: Making or Changing a Law in Colorado”, presented by Robert Gardner.  Credit TBD.

  • Jack Quinn’s Irish Pub, upstairs, 21 S. Tejon, Colorado Springs, (719) 385-0766
  • RSVP to for the program materials.
  • Contact: Tomasz Stasiuk, (719) 359-9311,
  • First Wednesday of every month

North Metro Area – Thursday, Feb. 8
Happy Hour at 6 pm

  • LODO’s Bar & Grill 3053 W 104th Ave, Westminster, (303)635-8025.
  • Contact: Aileen Law, (303) 252-8800,
  • Second Thursday of every month

WestminsterFriday, Feb. 9
Breakfast at 7:30 am

  • The Delectable Egg (reservation under Rachel Sheikh), 1005 W. 120th Ave, Westminster, (303) 451-7227
  • Contact: Rachel Sheikh, (720) 551-2219,
  • Second Tuesday of every month

Downtown Denver Happy Hour Group – Tuesday, Feb. 13
Happy Hour at 5 p.m.

  • Tupelo Honey, 1650 Wewatta St, Denver
  • Contact: Jessica Hoyt, (970) 985-9444,
  • Second Tuesday of every month, venue changes for each meeting

Denver Tech Center Area February Happy Hour is Cancelled

  • Contact: Dave Sprecace, (303) 454-8260,
  • Second Wednesday of every month

West Denver Metro Area (Jeffco) – Wednesday, Feb. 14
Breakfast at 7:30 am

  • Mimi’s Café, 14265 West Colfax Ave., Golden, 303-384-9350.
  • Contact: Sarah L. Hostetter, (303) 274-2700,
  • Second Wednesday of every month

Cherry Creek/Glendale – Friday, Feb. 16
Brown Bag Lunch at 12 pm. Topic: Bring your laptop, we will provide peer reviews for each other on the various websites that permit them. We will also discuss our own insights into online presence and reviews.

  • The Ptarmigan Building , 3773 Chery Creek North Drive, Ste 575, Denver
  • Contact: Amy Symons,
  • Third Friday quarterly, location may change

BoulderTuesday, Feb. 20
Lunch at noon (Reservation in the name of Graham Fuller, please RSVP to Graham so he can get an accurate headcount)

  • Carelli’s of Boulder, 645 30th St., Boulder, (303) 938-9300
  • Contact: Graham Fuller, (303) 442-0802,
  • Third Tuesday of every month

W.O.L.F. Pack (Women Owned Law Firms) Southern Front Range – Thursday, March 1

  • BL Speer & Associates, Sun Plaza, 104 S Cascade Ave, Ste 200C, Colorado Springs, (719) 381-1708
  • Contact: Theresa Sidebotham, (855) 748-4201,
  • Join us for an exploratory meeting on starting a WOLF Pack in the Southern Front Range. All women who own, partly own, or are thinking about owning a law firm are welcome. We’ll have tea, coffee, wine, and heavy hors d’oeuvres. Cost is $10 plus Eventbrite fee. Register here.

W.O.L.F. Pack (Women Owned Law Firms) Denver – Wednesday, March 7
Discussion Topic: “Growing Your Firm – When and How”. Bring your ideas and issues, along with lots of business cards!

  • Denver Tea Room, 1165 South Broadway, Denver, CO 80210
  • Contact: Kimberly Utesch at (720) 907-4491 or
  • Quarterly networking events for women who own (or are thinking about starting) their own law firms. Meetings are held on Wednesdays from 5:30 to 7:30 p.m. at The Denver Tea Room, . Tickets are $25 per person (plus a handling fee), which include delicious teas, petite sweets and savories, tax and tip. Cash bar. Space is limited, please purchase your ticket in advance. Select WOLF Pack Tea Salon. This event is non-refundable and non-transferable. If you have special dietary needs such as gluten-free or vegetarian meals, please contact the owner and chef, Margo Seymour, directly at (303) 321-2236. 


January’s Best of the Blogs

We know you are busy! So we read through numerous blog posts and find the best ones to share with you each month.

Please let us know if you feel we are missing a particularly good.

Quick Tips

Add Bookmarks to Make Your PDF Easier to Navigate
Anyone who has used a PDF reader extensively knows how difficult it can be to navigate a document that is hundreds or thousands of pages long. Bookmarking to the rescue! Read more.
All About Chatbots, More or Less?
Happy 2018! This first post of the year is a fun one and is perhaps overdue, since chatbots really came into their own many months ago. Read more.
Casemaker Tips and Tricks
Each month the CBA’s Solo in Colo blog provides a few tips and tricks to increase your Casemaker research efficiency. Read more.

Product Reviews

Galaxy S9 is Getting a New Feature You’re Going to Want in an Emergency
Listening to local radio stations in North America is about to become a lot easier as long as you buy the Galaxy S9. NextRadio announced a special partnership with Samsung that will enable the FM chips on its future phones released in the United States and Canada. Read more.
Let the Haters Do Their Hating: Google’s Pixel 2 XL is Excellent
There’s only one true way to describe the Pixel 2 XL: polarizing. Since the phone’s launch a few months ago, critics and consumers have engaged in endless debate over whether or not it’s a competitive flagship. Read more.
Face ID Tip for Non-Recognition
I’m a big fan of Face ID on the iPhone X. It is a big improvement over the Touch ID fingerprint identification system on other iPhone models because, when it works, it provides security without any inconvenience at all. You are looking at your iPhone anyway when you pick it up to use it, and then Face ID unlocks the phone, almost as if you didn’t even have a passcode at all. Read more.


How To Use Metadata in PDF Files
Your PDF documents are only as good as your users’ ability to find them so they can make use of the information within them. That’s where metadata can help. Read more.
How To Create Court-Usable PDFs
Electronic filing is now standard practice in most courtrooms across the U.S. Paper documents could be eliminated altogether in just a few more years. What exactly, though, are the key components of a court-friendly PDF document? Read more.
What to Do When New Office Tech Doesn’t Fit Old Tech
So you got a flashy new device over the holidays only to find out that it is so new that none of your other tech can actually work with it. Read more.


Lawyer Ratings & Directories
Lawyer ratings and lawyer directories are everywhere. Some are free, some list lawyers and firms automatically, some feature lawyer reviews, and some charge fees, either for inclusion or for featuring your profile more prominently. Read more.
Resolve to Convert More Leads into Appointments in 2018
This year instead of making a resolution to lose that last 10 pounds that keeps hanging on (or coming back), why not resolve to do something to fatten your wallet? Read more.
20 Calls a Day
I listened to a podcast featuring a sales trainer for a very successful real estate broker. He said his brokers are asked (required?) to make 20 calls a day. They can do more, but 20 calls are the minimum expected of them. Read more.


How To Create Tables of Authority with Ease-Podcast
For this episode of New Solo, host Adriana Linares is joined by Legal Office Guru Deborah Savadra. Deborah explains how to create tables of authority in Microsoft Word and to overcome the intimidation factor that can come from using Word’s table of authority tool. Listen to podcast.
How to Manage Technology Change in a Law Firm
As a business consultant to solo and small firm lawyers for the past decade, Jared Correia has helped lawyers deal with many law practice … issues. In his column, “Law Practice Confidential,” he will be answering real questions from real lawyers. To send Jared an anonymous question, use the form at the bottom of this post. Read more.
A Case Study in an Email Hack: Please Watch
We all receive spam, and occasionally we see and skip a suspicious email, but what if it comes from a trusted colleague? Read more.






Who are my clients?

By Art Roehrenbeck

Not so long ago a lawyer’s client list was a series of index cards in a rolodex on the lawyer’s desk. It was a wall full of paper manila folders in alphabetical or numeric order. In the last 20 years, most firms have adopted some way of tracking their clients and files using a case management software program.  Lawyers and their staff have dutifully entered information about their clients into their database programs as a part of their new case opening procedure for the benefit of collecting all the pertinent information they need to manage the case in one place and sharing with the rest of the people in the office with the same program.

Entering and collecting data into these systems is now as routine as any other function of a law firm.  As a result, law firms are sitting on a lot of data about the people they represent and the type of work they have done since adopting those systems.  The reporting functions of these systems often support the primary goal of case management – Which cases are the most important to me right now?  Who are the parties involved, and what do I need to do next to move this case along?  That’s all well and good but the reality is that there may be a lot more information about the law firm’s clients and files that would help inform business decisions about the direction of marketing efforts.

If you track even the most basic information about your clients when you open your file in a case management system, there is likely more you could be getting in the way of reporting.  If you’ve taken the step, that many firms have, to ask things like “how did you hear about us” and entering that information, you can learn even more.  Law Firms have been collecting this data for years but do we have a meaningful way to report on it?  What should this information help us understand?  Here’s a few things your case management database may not be doing already but could help you with if you invest in some custom reporting:

Who are my clients? (Do they skew to one gender? One age group? One occupation or business industry?  One geographic area of my state?)

What types of cases are the most profitable in my firm? (Where do those come from?)

Who are my best people at converting prospects into clients?

What are my best referral and marketing sources for new work?

Case management platforms have been helping lawyers organize their cases for many years, that’s nothing new. Chances are, it can help you understand more about where your business comes from and provide better information for decision making on marketing efforts and target markets with a little more effort and the right set of reports.


Art Roehrenbeck works for Affinity Consulting Group and can be reached at



“Because that is the way I have always done it.”

By Michelle Motyka

As a consultant, I hear this from clients I work with every day.  When we are implementing a practice management, document management, or time, billing, and accounting system, we spend a lot of time asking questions to obtain a good understanding of what is being done now so we can translate that into the new system – and, hopefully, make it more efficient.

Are you still hand writing your time entries, or dictating them, for someone else to enter?

Is your assistant still typing your time entries into your billing system in all caps?

Are you still sending all your client invoices by snail mail?

Is someone on your staff printing out a document to take it to the scanner to scan back into a pdf?

Do you forward an email to your assistant to have it printed and put in the paper file?

Is there time and effort being spent creating labels for Redwelds that are very rarely used because you are mostly paperless?

When I receive an affirmative response to questions like these  — I ask the question “why” and receive the response that this is “how it has always been done.”  Many of these practices are holdovers from a time when there were no options to do it differently, or more efficiently, and no one has found the time to question “why” and make some changes.  Frequently, it is also about software upgrades that occurred, and no one has received any training on what new features are available within those upgrades since the system was originally put in place back in 2003.

Taking a hard look at procedures and contemplating making some changes is not something that needs to wait until you are selecting a new software program. These conversations are helpful at any time.  These antiquated procedures are costing you money that you do not need to spend, and creating busy work for many people at the firm that keeps them from working on what truly matters – and, what you can actually bill for!

Some tips for starting this process:

  • Find out what your staff is doing and ask them what is frustrating to them or what they feel could be done better. Listen for what is not being said as there are people who will resist change at all costs.
  • Find out what your software can do. If you use a practice management and/or time, billing, and accounting system that has been in place a long time, find someone to tell you what it can do now that it could not do the last time you received training.
  • Find out if there are software programs, apps, or equipment out there that can help you with some of the inefficiencies. Some examples might be desktop scanners that link into your project management system, a pdf program which can bates number and create pdf binders of multiple documents, an app which allows you to enter your time from your mobile devices, or using a credit card vendor which integrates directly with your billing and accounting system.
  • Find an expert to look at your procedures, talk to your staff, and give you an overall plan for making your firm more efficient.




The Growing Threat to Cybersecurity

By Mark Spitz

In recent years, data privacy has become a serious concern in our increasingly networked world. As more and more personal, health, financial and business data are stored electronically, the security of that data has come under attack from those seeking to steal sensitive information and profit from it. Two highly publicized cyberattacks this year — the “WannaCry” attack in May and the “Peyta” attack in June — infected hundreds of thousands of computers worldwide, targeting governments, hospitals and businesses. One victim of the Peyta attack was the global law firm DLA Piper, which, like other victims, found its computer network and phone system paralyzed. Without access to these resources, employees could not use client files, email or the phone system for several days, resulting in lost revenue and, given that DLA Piper promotes its cybersecurity practice area, some damage to its reputation as well.

The term “cybersecurity” has crept into our collective consciousness. Cybersecurity is often defined as the set of policies, procedures and technologies employed to protect electronic devices and computer networks from unauthorized access or attack. Cyberattacks against businesses large and small are frequently in the news. Among the better-known incidents are the 2013 attack against Target, which compromised the credit card data of more than 40 million customers, as well as attacks against Sony Pictures, Yahoo and Home Depot. In February 2017, a small Denver car wash business lost its customer records to an attack, and in March, Denver-based Chipotle Mexican Grill suffered a data breach. Hackers sell these customer records to criminals, who, in turn, use them to engage in identity theft, fraud and other illegal activities.

Law firms are no exception to the wave of cyberattacks. In 2016, two large firms, Cravath Swaine & Moore LLP and Weil Gotshal and Manges LLP, were attacked, allegedly by Chinese hackers who sought information on pending acquisitions in order to carry on stock trading before the acquisitions became public. While law firms may not maintain customer credit card, bank account or personal health information, as do other businesses, they do have a wealth of data that make them attractive targets. They store data on various types of transactions, corporate structuring, intellectual property, and tax and estate planning — to name a few.

While attacks against large law firms make headlines, smaller firms are at even greater risk. The American Bar Association reported in its 2015 “Legal Technology Survey Report” that law firms with 10 to 49 attorneys were most often attacked, with firms having fewer than 10 attorneys ranked as the next most vulnerable. In 2015, hackers disabled the network of a 10-attorney Rhode Island firm, Moses Afonso Ryan, when one of the firm’s attorneys opened an email from an unknown source, allowing malicious software to lock up their network. This resulted in the loss of more than $700,000 in billings over a three-month period because the firm could not gain access to its data, files and records. The firm paid more than $25,000 in “ransom” to get the hackers to decrypt the network and is now in litigation with its insurance carrier over coverage.

The consequences of a breach can be serious and expensive. A 2016 study by the Ponemon Institute, an independent research organization, found that a breach costs an organization an average of $220 per compromised record, which can cripple the resources of a smaller organization. The consequences of a breach can include some or all of the following:

  • Potential lawsuits, including class action suits from customers and other affected parties.
  • Enforcement actions by federal or state regulatory bodies, such as the Federal Trade Commission for consumer information, Health and Human Services for personal health information, or the Securities and Exchange Commission for public companies.
  • Obligation to notify affected customers under state notification statutes, in effect in 48 states, along with paying for credit monitoring services.
  • Lost revenue due to lack of access to critical data.
  • Cost of rebuilding the compromised network and restoring lost data.
  • Damage to reputation and brand.

There is another consequence of data breaches specific to law firms, based upon the Colorado Rules of Professional Conduct. Colo. RPC 1.6(c) obligates a lawyer to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Comment 18 to Colo. RPC 1.6 explains that various factors will help determine if the efforts to prevent inadvertent or unauthorized disclosure are reasonable, including “the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, [and] the cost of employing additional safeguards, the difficulty of implementing the safeguards.”

In addition, Colo. RPC 1.1 requires attorneys to provide “competent representation” to clients, and Comment 8 to Colo. RPC 1.1 states that to do so, lawyers must stay familiar with changes in “communications and other relevant technologies.” If a lawyer or law firm fails to implement reasonable measures to comply with these professional obligations, resulting in the loss of client information, that could be grounds for discipline. In addition to possible bar discipline, law firms suffering a breach open themselves to malpractice suits from clients.

Why might law firms be vulnerable to hackers? Resources and attention are most often the reason. Many law firms, even larger ones, have not invested enough in their IT systems to make attacks more difficult. They may not see the need to budget for the most up-to-date technology, or may not realize their IT systems do much more than just create and store documents. In addition, widely-used mobile devices such as laptops, tablets, and smartphones are often more vulnerable than in-house systems. Finally, many attorneys are still intimidated by technology and just want to leave things to “the IT guy.” However, with the increasing awareness of cybersecurity issues, many clients are starting to evaluate outside law firms’ data security preparedness, with some even requiring firms to complete extensive questionnaires. The Association of Corporate Counsel has been very active in this regard, and developed such a questionnaire. Law firms must be able to respond or risk losing business.

As much as attorneys may believe cybersecurity is just a technology issue, however, it is not. Cybersecurity is an enterprise-wide risk issue and involves much more than IT measures such as firewalls and anti-virus software. What then should lawyers and law firms be doing to protect themselves and their clients? The best approach is a comprehensive one that includes policies, procedures and education in addition to technology solutions. It requires developing a comprehensive cybersecurity plan, which involves doing something that lawyers are already trained in: risk assessment. They need to determine what types of data they hold, the relative importance of the data, the consequences of losing access to it, and applicable laws and regulations.

As part of the risk assessment, a law firm or business may also work with an IT company specializing in cybersecurity, which can identify vulnerabilities in the firm’s computer systems and recommend solutions. At that point, the firm can take steps to create an overall cybersecurity plan, which would include policies on system access, password protection, mobile device usage, remote access and incident response — just to name a few. An IT company can assist with implementing recommended upgrades, such as firewalls, malware detection, virtual private networks and network configuration.

Finally, training is critical. An increasing number of breaches now occur as the result of some action, usually unintentional, by an employee. This includes clicking on emails containing malicious software, poor password strength and other actions. Everyone in the firm needs to be trained on how to be a good “cyber citizen,” and that training needs to be repeated periodically in order to be effective. Making everyone in your firm aware of good cybersecurity habits is the best way to lower the risk of a breach that could cripple your practice.

Hackers are not going away anytime soon; their methods are getting more sophisticated and change faster than the “good guys” can keep up. There is no way to be 100 percent hack-proof, but law firms and other businesses need to address the issue and take reasonable measures to protect themselves and their client and employee data.


Mark A. Spitz is the founder of Spitz Legal Counsel LLC in Denver. He is a former general counsel who works with small and medium-sized companies on transactions, contracts, acquisitions and entity formation. He also advises clients on cybersecurity and data privacy planning and lectures and writes on issues related to data security. He can be reached at This post first appeared in the Docket.


2018 Legal Tech Trends

By Steven J. Best

Today’s lawyers are more mobile, more automated and more data driven than ever before.  Below are five things to be prepared for in legal technology in the new year.

  1. E-Mail Management – as society relies more and more on e-mail and electronic communications, the more we have a need to keep e-mail, documents, PDF’s, images, sound files, and the like well organized, indexed, and easily accessible. The days of manual folder creation and maintenance are waning.  E-Mail and Document Management software encompasses communication management at a matter level.  If you’re still searching for files and/or yelling across the office for someone to find paper files, it’s time to simply stop that.
  2. Security and Encryption – if you haven’t begun to internally investigate your own firm’s security (i.e. can an intruder get to your data), the time is now. More and more corporate clients such as banks and insurance companies are beginning to ask law firms about their internal procedures, protocols and equipment in place to ensure that the client’s communications and data are properly protected.  This duty now extends to electronic communications (email and attachments thereto) as well.  If this issue hasn’t been on your mind of late, it’s time to start taking reasonable steps to protect your data.
  3. Mostly Cloudy – The term “the cloud” refers, simply, to off-site data storage. Basically, you either rent a software platform (think Actionstep, Cosmolex, Clio, Rocket-Matter) and/or you set up a server that is maintained outside the four walls of your office in a data storage facility.  If your in-office servers are more than 3 years old, NOW is the time to investigate cloud technology.  The cloud is simple, fast, & affordable.  Cloud technology also helps with budgeting for technology because it is generally offered on a subscription (monthly-fee) basis making technology budgets more predictable.  “The cloud” is here to stay and its strength in both storage power and security improves daily.
  4. Budgeting and Finance – This year, unlike in years past, more and more of your colleagues and competitors are analyzing business data and adjusting their business decisions according to what “the numbers” are telling them. Your competitors are creating business budgets, reviewing data, and changing position to be leaner, meaner, more agile, and more competitive.  This is a “don’t get left behind moment.”  Don’t put your firm at risk because you cannot keep up with their new lean, mean, efficient law practice.
  5. Mobility – Just a few years ago, most lawyers worked within the same four walls of an office. Today, law schools are pumping out thousands of graduates who may never work that way.  New grads are young, hungry, agile and most importantly, not tied down to a physical office.  Even in traditional firms, you have inquiries about (a) working from home, (b) working while traveling, and (c) working while on maternity or medical leave.  Now is the time all firms should reasonably accommodate partners, associates, paralegals and staff to work from anywhere…without technology challenges getting in their way.

Training, customization and more training is the BEST money you can spend to ensure that everyone in your firm is using the technology properly and securely.   Why pay good money for a new system, only to find out that no one in your firm really understands it, or worse yet, many do everything they can to by-pass it due to a lack of knowledge or understanding.


Steven J. Best is the managing partner of Affinity Consulting Group’s Atlanta office. Steve is an attorney as well as a certified law office software consultant. With an educational background in law, accounting and economics, Steve consults with law firms throughout the United States on law office software as well as sophisticated practice management issues. He can be reached at