Tech landscape 2011: Top product picks; Rise of Mac viruses; Security for thumbdrives, iPhone; and more
It’s once again time to catch up on the latest—greatest and not so great—in legal technology for attorneys, especially those in solo and small firms. And for that, we turn to authors of the 2011 Solo and Small Firm Legal Technology Guide: Critical Decisions Made Simple—Sharon D. Nelson, John W. Simek and Michael C. Maschke.
Windows 7 is the current Microsoft operating system. For business purposes, you mention using either the Professional or Ultimate Edition. Can you talk a bit about the differences between the two and why a lawyer would want to go with one versus the other?
Maschke: As you said, those are the two versions we recommend to solos and small firms. When clients come to us and ask us for our recommendation, we generally recommend that they go with the Professional Edition of Windows 7, which is generally about $20 cheaper.
There are a few differences between the two versions. The Ultimate version includes a feature called BitLocker, which is a Windows-based hardware encryption scheme that will protect an end-user’s data on his or her laptop or desktop machine.
The Ultimate version also includes some additional language support, which many of our clients here in the States don’t have a need for.
The $20 upgrade cost for the BitLocker addition, in our opinion, isn’t necessarily worth it. For an encryption solution on computers, we instead recommend that clients go with one of many third-party tools, such as TrueCrypt and PGP. Those are alternatives to Microsoft’s BitLocker, which has a number of known vulnerabilities.
Now that Macs are becoming more popular, the “bad guys” are following. What are some of the ways Apple is addressing malware?
Simek: I could go on with this one. I really love the Apple marketing folks. If you go on their website to the OS X page, you’ll see, in big letters, “OS X doesn’t get PC viruses.” Of course it doesn’t. Because it’s not a PC! Guess what though, it gets Mac viruses.
They’ve done a couple of things, although it’s fundamentally not that much different than the Windows world. Internally, the OS X operating system has security set ups so the user isn’t running at privileged access normally. They have a concept called “sandboxing,” so if you download any content via the Internet, OS X knows that it came from the Internet and prompts you to click before you can actually execute.
Something that Apple did early on that Microsoft just came around to doing recently is the concept of "auto run." So the Mac OS X doesn’t automatically launch anything when you put in a flash drive or a CD or other external device into the computer. In the Windows environment, up until recently, Microsoft used to auto run, although a recent patch has stopped that.
Built into the operating system itself, they’ve taken some steps to make it more secure. Have they gotten it all right? I don’t know, it seems that whenever Apple sends out a patch to its operating system, there are hundreds and hundreds of fixes within it. Either they didn’t get it right in the first place, or there are that many things that need to be fixed.
Unfortunately, as Macs have become more popular, they are becoming more and more targeted. It’s unfortunate. And it’s important that attorneys realize that just because they use an Apple product doesn’t mean they are immune. All too often, I think, they believe they are.
What do you recommend in terms of computerized case management?
Nelson: Probably more than ever before, we really have a clear favorite for solos and small firms, and that’s PracticeMaster by STI. We’ve done a number of installations for our clients and they have been very pleased. The billing component, Tabs3, is also an excellent component and most firms will use both of those applications.
The price is right. The basic version is $150 for one license, and $50 for each additional license. If you need the premium version, which most lawyers probably will opt for, the cost is $395 for the initial license and $150 for each additional license.
STI support is truly excellent, and you can get a trial license to make sure the software will work for your firm. They’ve recently released version 16, which has a lot of new features, including something called WorkFlows, which will automate tasks. For instance, if you put a contact in as a new client, it will automatically generate a “welcome client” letter. There are a lot of similar functions. The e-mail integration is greatly improved, and that is something that people have been looking for.
We’ve also seen a lot of lawyers turning to Software as a Service for case management. Rocket Matter is one good program, but our favorite is Clio, which costs $49 a month for each attorney and $25 for each non-attorney. It offers calendaring, time and billing task management, e-mail integration and contact management. We have yet to meet an unhappy Clio user, which is a pretty good recommendation in and of itself.
Back to top
More lawyers than ever are working on the go, and thumb drives are increasing in popularity. Please talk a bit about new security systems or technologies for use with thumb drives.
Maschke: Within the legal technology field at least, it is widely believed that law firms are four or five years behind in securing their data. In reality, what we see, it’s probably a little worse than that.
As USB devices become more popular and have an ever-growing capacity for the amount of storage they can hold, there are two categories of things that law firms should keep in mind. One about the actual USB devices themselves, and the other is what can actually be done on the network itself to secure the environment.
First, with regard to the actual flash drive—you shouldn’t use a USB device without hardware-based encryption. Hardware-based encryption is always on, so whatever data is on the drive, is always protected. If you lose your USB no worries—no one is going to be able to crack or break the encryption.
The second thing that hardware-based encryption may offer, depending on the make and model of the USB drive you decide to go with, is a secure password management feature. Rather than saving your user names and passwords in a web browser, which we recommend that no one do—but that most attorneys and end users do anyway—the password feature will securely store your user names and passwords on the USB drive. This eliminates the need for users to store them in a browser, therefore making those names and passwords a little bit more secure.
Second, these devices come with what is called a secure-erase feature. If your device is lost and someone tries to guess your password, after a number of incorrect attempts, the device will actually securely wipe itself, rendering all of the data on the device useless.
One of the secure USB devices we recommend is made by IronKey. For a couple of hundred bucks, they come in various storage sizes; it’s a USB device that comes with hardware-based AES-256 encryption. The military uses it, so we know it’s secure.
In terms of computers and networks the thumb drives are plugged into: More and more, we’re seeing as a result of our data breach investigations, employees stealing or taking data with them through the use of USB drives. The end user believes it’s a way for him or her to transmit data without being caught.
As the employer, there are a couple of things you can do. One, you can prohibit the use of USB drives through group policy if we’re talking about a Windows-based network environment. This would allow the administrator to specifically prohibit the use of USB drives and even CD-ROM drives.
If, however, you want your users to be able to use removable storage, we would definitely recommend that "logging and auditing" be enabled. This will allow you to be alerted when a device is plugged in.
You also want to be able to archive your logs. So if there’s a problem down the line and you need to go back to a certain point in time, you can find out who plugged what into the relevant computer system, and data dating back to the relevant time period will be present. Besides the built-in Windows-based solutions, there are third-party applications that will do this for you.
Servers are a major decision and expense for small businesses. You are recommending that more small firms consider virtualization. Why?
Simek: A major decision and expense, yes, but actually the cost of virtualization when you sit down and look at it, really isn’t that major after all, when you consider the cost reduction in hardware from consolidation, maintenance and power to other components.
Virtualization is essentially taking one or more servers, taking an image of their contents and running that content on the memory of a single piece of hardware. So you have multiple “virtual servers” running within that single physical hardware device.
For small firms, I’d suggest they could start with one server—that’s all you need for your file and print sharing. It helps you centralize your anti-virus, your patch distributions, and it’s also a central place for you to secure your files.
But the key reason to do virtualization is that the server becomes hardware-agnostic. So if, for whatever reason, you have a hardware failure, with your computer, you can quickly run down to Staples or Best Buy or wherever, and buy a replacement, copy the files back on it and launch it Everything is just as it was before. The server doesn’t care what kind of hardware you have connected to it--unlike the traditional server model where you had to load the disk drivers, you had to load the network drives, and everything else.
So virtualization helps a great deal in business continuity. That’s the primary key here.
Back to top
Now I’d like to ask each of you—what’s the greatest discovery, tool, heartbreak or “ahh”—in the latest year of so? Or, alternatively, what do you see coming down the pike that you’re keeping your eye on?
Nelson: Without any question it is the rise of the iPad as a lawyer’s tool, which astonished a whole lot of us. I recommend that anyone who is interested in the iPad listen to the next issue of “The Digital Edge: Lawyers and Technology,” a Law Practice Management Section podcast of the ABA that I record with Oklahoma’s practice management adviser, Jim Calloway. This particular podcast features Tom Mighell as a guest. He’s the author of iPad in One Hour for Lawyers. The podcast will simply list—we don’t have time for it here—tons and tons of law practice applications.
I guess I’d say, while the iPad and now the iPad 2 are primarily consumer devices, attorneys are very quickly finding work-arounds to take this very slim and slick device on the road and go to court with them. By using programs such as DropBox and Documents-to-Go, they’re solving some of the problems in working on documents.
As we see applications develop, more and more of the solutions are becoming elegant as opposed to simply being work-arounds .
If you search the App Store using terms such as “legal” or “law,” you’ll be amazed at how many programs are currently available. There are a lot of research tools such as FastCase to keep you up to speed with case law, there are also juror selection programs like iJuror, and presentation programs to actually use in court.
We’ve seen lawyers swear by their iPads when they use them for case management with apps like Clio or Rocket Matter, which I’ve already mentioned. During down time in court, which everyone has, they can work on entering time, they can calendar, they can organize their tasks, they can work on documents — it really makes them a lot more efficient.
And of course if they’re bored, they can always wait around playing a nice, relaxing game of Angry Birds.
Simek: I’m going to mention cloud computing. That’s a big buzz phrase and certainly covers a lot of different things. We’ve seen a tremendous amount of interest in it, and tremendous movement in that direction.
We’re going to keep our eyes open and our ears to the ground in terms of where cloud computing is going to go. My nickname is Cloud Curmudgeon among those who know me. I’m not saying that you shouldn’t be using it, but certainly you should be very cognizant of the issues that revolve around it. There was a whole track at ABA TECHSHOW on cloud computing.
We’re seeing a big push in the legal field. Sharon talked about Clio and Rocket Matter, which are Software as a Service, or cloud services. More and more people are leaning that way, thinking it will be cheaper in the long run. It may or may not be. We’re watching that and are cautiously optimistic that it’ll be a good technology to take us into the future.
How about you, Michael?
Maschke: The last thing that I wanted to touch on, in moving forward to what we’ll see happening in the next year, or least what we hope, is increasing security awareness among law firms. Currently what we encounter with a lot of firms is an “It can’t happen here,” “It won’t happen to me” attitude. As more and more data breaches, especially among large law firms, become more public and more stories appear, we think that security will come to the forefront more than it currently is.
Recently, security awareness has been helped by the FBI report that stated that law firms are becoming increasingly targeted by hackers and cybercrime organizations.
With the move toward cloud computing and end-user mobility with smart phones and iPads, etc., we hope and believe that security will become more of a significant part of the decision–making process when considering moving toward those solutions.
Last year you expressed concern about iPhones and suggested attorneys not use them when confidentiality is concerned. Do you still have those misgivings? And, are there similar ones related to the iPad aside from the many positives about the device you’ve mentioned?
Simek: Unfortunately, Apple still can't seem to get security right. The iPad runs the same operating system as the iPhone and is subject to the same issues. We thought Apple may have solved the PIN compromise problem with iOS 4. The reality is that researchers have been able to access a fully patched iPhone 4, which was PIN protected, within 6 minutes. Not a good thing.
(For more on smart phone security and the iPhone, see Nelson and Simek’s recent Law Practice Magazine article.)
Back to top