Our profession is graced with so many learned and knowledgeable experts on principles of law practice management, marketing, finance, ethics and technology. This new column aims to bring to our readers different experts’ perspectives in each issue of Law Practice. This issue we offer the expert advice of Diane Ebersole, practice management advisor from the State Bar of Michigan.
What would happen to your practice if you were hit by a beer truck on the way to an appointment this afternoon? For most attorneys, the mere thought of being out of commission for even a few days creates palpitations and diaphoresis. It doesn’t matter if you are an associate at a large firm or a solo practitioner; you need to be “beer-truckable.”
Stop and think about the staff in your office and apply the beer-truck test to each one of them. How would the daily functioning of your office be affected if your assistant was suddenly incapacitated?
There are myriad areas in every law firm where the concept can be applied. It is the same concept that is the basis of redundant backup for the hard drives on your computers and servers. We just don’t want to admit that automated secure redundant backup concepts need to be applied on many levels, including the human one.
The beer-truckable concept can be far reaching and applicable on many fronts, but this column is going to focus on one aspect: passwords. Have you ever carefully thought about how many passwords are currently in use at the office and in your private life? Every computer in your office including the server should have a password. The networked printer may require a password to make setting changes. Most software applications have an administrator password.
Do you know the password to your firm’s website, host account and domain registry? Think about the passwords for all of the online services you use: online banking, legal research, credit card services and syncing services such as Dropbox or Sugarsync.
Do you pay bills online? Is your health insurance or cafeteria plan managed online? Are you using a cloud-based practice management application? Do you contribute to the firm blog or Facebook page? Do you Tweet and have a LinkedIn account? Do you have a user name and password that provides access to your state bar association’s member area? Do you have passwords for your mobile phone, iPad, Kindle, Nook or iTunes accounts? What about your Amazon or Staples and other online transactional service accounts? How many email accounts do you have? Does your firm use an online data room service? Do you access other secure websites that require login and password? Do you know the password and user name for your telephone account, your cable and Internet provider accounts? Where is the password for your ABA login? How many ATM cards do you have? You get the picture.
If your password management plan is to save all your passwords in your browser, consider the vulnerabilities. If the computer where you save the passwords crashes, your passwords are gone. If the computer is mobile, the additional risk of loss or theft is a possibility. If your assistant, partner or IT technician accesses your computer, all of your online accounts are at risk! Saving passwords in your browser is a plan, but is it smart?
If your password plan is to simply use the same password for everything, it is time to reevaluate! Interestingly, a 2009 PC Tools survey found that in the U.K., 47 percent of men are using just one password compared to 26 percent of women. One slip and someone could have the key to all of your secure data and access to all bank accounts.
So what should you do? First, create strong passwords. Every password should be at least 12 characters long and contain a mix of uppercase and lowercase letters, numbers and symbols, and the password should not contain real words. More information regarding password creation is easily found by searching for “what makes a strong password” in your favorite search engine.
In addition to creating strong passwords, consider using a password manager. There are a wide variety of online password manager applications like RoboForm, Free Password Manager or LastPass. These apps let you access your passwords from anywhere you have access to the Internet. Online password managers allow you to have a multitude of passwords, protected in an encrypted environment, and accessed by a “master password.” A search engine query for “password manager reviews” will help you find the best solution for your needs and work style.
If you would rather not have your password management system online, investigate a flash drive solution like those provided by IronKey (flash drive and password management software) or RoboForm, which offers a variety of solutions including software you install on your own flash drive. These solutions provide an encrypted application on a flash drive, which must be carried with you and accessed through your computer USB port.
The password concept shouldn’t stop at the doors of your practice. What about the business of your life? Do you have a system in place that would allow your family to access important accounts and documents in case of an emergency?
Protect your passwords, share access with at least one trusted individual, and then you can cross password management off your beer-truckable list. But what about that list? Let me think. There is succession planning for your practice, secure redundant backup of all your data, a disaster plan for your firm, docket management—and the list goes on.