2 Ways To Keep Your Attorneys Up to Date on Legal Industry Trends

August 21, 2019 By Andrew McDermott Leave a Comment

“It’s foolish to follow trends.”

After all, you have a law firm to run. You have client matters to attend to, employees you’ll need to manage and the logistics of successful practice management.

Trends are the absolute last thing on your mind.

But trends management is one of the first things you should be focused on if you’re trying to grow your practice rapidly. The most obvious question though is why.

Your attorneys aren’t focused on trends

Most attorneys are focused on the day-to-day minutia of work. They’re focused on client matters, hourly billings, business development, etc. In fact, most attorneys lose six hours a day on non-billable work.

Trends aren’t on their radar.

Most associates are just trying to make it through their day with some semblance of productivity and efficiency about them. They want to take good care of their clients, serve their firm, boost their careers. The kind of details they’re supposed to focus on.

The majority of attorneys fall into one of four roles.

Finders are rainmakers
Binders are connectors and master networkers
Minders are managers and bureaucrats
Grinders are the workhorses of the firm

Most attorneys are expected to be grinders. Of these four attorney types, minders are the attorney types who are most likely to be focused on trends.

This means you’ll have to help your attorneys along.

Okay, why?

Staying on top of trends gives you the responses you need to perform as expected:

You can identify the trends you’d like to accept, reject, monitor or ignore.
Spot threats, opportunities and potential issues that will make a significant impact on your firm.
Create firm-wide buy-in on any trend, topic or issue under consideration.
Trends management is a helpful add-on your firm can use to keep their teams healthy and operating cohesively.

Of these, the most significant motivator is buy-in.

We’ve all heard stories about attorneys refusing to turn in their timesheets on time or in the correct format (which affects firm revenue). Or, any other issue they simply refuse to comply with. This is the underlying issue at play for many firms.

Buy-in changes all of that.

If you’d like to get the attorneys aligned with the initiatives at your firm, you’ll need buy-in. How do you get buy-in consistently from your attorneys?

You give your employees the chance to weigh in on key issues. If there’s no weigh-in, there’s no buy-in. Here, see for yourself.

So how do you do it?

What are some practical steps you can follow to keep your attorneys up-to-date on legal industry trends?

Tactic #1: Elevate your firm’s mavens

Mavens are information collectors. They’re the employees who have a vast amount of knowledge and wisdom. You’ll want to cultivate and elevate the mavens in your firm. Provided these employees with access to helpful information sources (e.g. research libraries, subscription tools, books, courses and training aids).

Then, ask these mavens to share their knowledge.

Give them the opportunities to share their knowledge with the firm. If you notice a paralegal has the makings of an exceptional researcher, approach them with this opportunity (and more money). Set clear guidelines on these trends.

Schedule a weekly meeting where these mavens, share trends with financial impact (with firm leadership)
Share competitive information, trends outlining which attorneys/firms are passing us by
Outline a shift in client attitudes (e.g. our clients are looking for a lower cost replacement

See what I mean?

Tactic #2: Connect with key influencers and thought leaders

Legal publications have to stay on track.

They need to stay on top of the twists and turns taking place in the industry. What does this mean? They’re more likely to hear about impactful trends and updates before you do. But more importantly, they have context.

They know which trends matter more.

They’re not infallible of course, so you’ll need to temper their advice with your own knowledge and experience. This doesn’t mean you have to be directly connected either. Here are several ways to connect with these publications.

Subscribe to their email list or follow them on social media. You’ll receive a steady stream of trends and updates via their content
Connect with editors, journalists, and influencers personally. This enables you to identify the unknown, unknowns – trends taking place that others can’t see
Follow/subscribe to data aggregators like Statista, ALM Intelligence, Martindale, AALL, and others to curate data you can use to build an instantly responsive, future-proof firm

Future-proof firms follow trends

It isn’t foolish to follow legal industry trends. As we’ve seen, the reality is actually the opposite. Staying on top of industry trends gives you the responses you need to perform as expected.

There’s value here.

You can identify the trends you’d like to accept, reject, monitor or ignore. Spot threats, opportunities and potential issues that will make a significant impact on your firm. Create firm-wide buy-in on any trend, topic or issue under consideration. Use trends management to keep your team healthy and operating cohesively.

It’s the low hanging fruit most firms ignore.

If you’re looking for growth you’ll need to look down the road. With trends management, you’ll have the tools and resources you need to future-proof your firm, no foolish mistakes necessary.

Law Firm Data Breach: What To Do When The Worst Happens

August 19, 2019 By Andrew McDermott Leave a Comment

“I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”

Then-FBI director Robert Mueller shared these sobering words at the 2012 RSA Cybersecurity conference. When it comes to a data breach, it’s not a matter of if but when and how bad. These words aren’t exactly encouraging. It’s as if he believes a data breach is inevitable.

He’s right.

But most firms aren’t prepared for this reality. Many legal professionals prefer to roll the dice. They still assume it can’t or won’t happen to them.

Most firms aren’t prepared for a data breach

The LogicForce Cybersecurity Scorecard states 53% of firms have no disaster response or recovery plan in place. 60% of firms don’t have a security and compliance officer and what’s worse, they have no plans to hire one. 77% of these firms have no cybersecurity insurance.

These firms are exposed.

Large firms may be able to take the financial hit from a data breach or adverse cybersecurity event, but what about smaller firms? Can they afford to take the hit? Data from the ABA Tech Report suggests that the answer is no.

Are they prepared for an attack? An ILTA survey showed:

87 percent of law firms do not encrypt laptops, netbooks and mobile devices
61 percent don’t have intrusion detection tools in place
64 percent don’t have intrusion protection tools
40 percent of firms weren’t even aware an attack had occurred
22 percent have a documented cybersecurity training program
Only 23 percent have cybersecurity insurance policies in place

The majority of small-to-medium law firms aren’t prepared to recover from the inevitable attack headed their way.

The law firm data breach: How to recover

Let’s imagine that the inevitable has happened. A disgruntled insider or predatory outsider has broken into your company. What are the steps you should take to recover from an adverse cybersecurity event?

Step 1: Secure your network/data

You’ll want to take steps to lock down your data, traffic and network. You’ll also want to verify that the right employees have access to the right data, at the right time.

Notify your IT or data, forensics team. Request that they conduct a thorough investigation. If your firm has multiple departments, you’ll want to make sure you have the appropriate teams on deck and ready to help.
Consult with your resident experts. If you don’t have an in-house expert you can lean on you’ll want to reach out to a trustworthy third party that can provide your firm with the legal counsel needed.
Lockdown physical access. Any areas related to your breach should be locked down and monitored carefully. You’ll want to change any access codes, locks, or credentials needed. If you have multiple employees, you’ll want to reach out to local law enforcement to determine when it’s safe to resume day-to-day operations.
Prevent further data loss. If you’ve already lost important data, you’ll want to take the appropriate steps needed to lock things down further. If there’s any evidence present in the breach, you’ll want to take special precautions, so you don’t destroy any important pieces of evidence.

These details are important steps you should take immediately after a breach or cybersecurity event. You’ll want to focus your attention on limiting the amount of data flowing out of your firm.

Step 2: Fix, patch or update your vulnerabilities

Identify the source/cause of the breach. You’ll want to identify when, how and why these attackers were able to get into your organization. The IT or data forensics team you’ve identified in step one should be able to help you identify the cause of the breach.
Vet third-party providers. Do third party providers have access to your data via an API or another piece of software? You’ll want to verify that:
- Your providers should have continued access to your data.
- That your provider’s system is secure and any vulnerabilities have been patched.
Cooperate with IT and your forensics team fully. You’ll want to identify:
- Which security measures were enabled at the time of the breach
- Analyze whether you (or a third party) were able to contain any or all of the breach successfully (e.g., via network segmentation.
- Assess user rights management and current group policies to verify the right people have access to the right pieces of data, at the right time.
Create a crisis management plan. You may need to provide the right people – clients, employees, suppliers, providers shareholders, partners and the public with the appropriate level of communication. Your communication and crisis management plan should
- Own the mistake or mishap.
- Not withhold key pieces of data from your audience.
- Not withhold or share information that makes it harder for clients to protect themselves.

Create a list of the questions, objections, fears, and concerns each audience will have. Provide them with details on what you’ve done or are doing to address the problem.

This is an important first step. If you take the time to approach this area carefully, you’ll be able to recover your reputation and limit potential losses ahead of time.

Step 3: Notify your relevant parties

You’ll need to notify the various groups of people mentioned above about the breach. You’ll want to ensure that you’re fully compliant with any and all laws, whether they’re at the local, county, city, state or federal levels. As you know, most states will have specific requirements for releasing information.

If the breach involves health care data, you’ll need to determine whether you’re required to comply with the FTC’s Health Breach Notification Rule or the HIPAA Health Breach Notification Rule. These rules will outline who needs to be notified (e.g., the media) and when.

You’ll also want to notify affected (clients) businesses. If the breach affects a significant or large group of people, you’ll need to notify credit bureaus.

A data breach is inevitable; catastrophic data loss isn’t

The law firm data breach is something your organization can recover from. Create a recovery plan, follow the above steps and you’ll have what you need to restore your business and your reputation to full working order.

Legal Practice Management Best Practices

August 16, 2019 By Andrew McDermott Leave a Comment

It’s the inevitable event.

The one consistent theme in the legal industry that continues to threaten attorneys and law firms. Attorneys do their very best to resist this threatening event yet none are successful.

In the end, those who resist, fail.

How is this event so troublesome that it threatens even the largest, most successful law firms? What exactly is this “inevitable event?”

Attorneys see this coming but many choose to ignore it

What cryptic event am I talking about?

It’s change.

Attorneys, law firms and the legal industry at large have a serious problem with change. Attorneys are seen as Luddites, rather than the early adopters they could be.

But why?

Pundits at Thomas Reuters suggest that this resistance to change may be baked into the legal industry:

“One underlying reason may be the legal profession’s focus on precedent. The very nature of the practice of law, and the U.S. legal system as a whole, largely rests on guidance from previous case law or interpretation of legislative intent. Additionally, the practice of law is inherently risk averse; lawyers are known for writing long memos that issue warnings of what might potentially go wrong, and transactional attorneys often draft from precedent, rather than creating documents from scratch.”

It’s no secret that the legal profession is a cautious, risk-averse endeavor. If you’re practicing law, your entire focus is oriented around reducing and eliminating risk for your clients.

It’s a two-edged sword.

The cautious, risk-averse nature that makes attorneys (you) so formidable is also the same nature that creates this strong resistance to change. Contrary to popular belief, this isn’t a personal defect, it’s a strength. This is how you’re able to defend your clients so effectively.

Here’s the downside.

This strength needs to be aimed. Most attorneys aim their cautious, risk-averse nature at anything that’s perceived as a threat. But research shows this is the wrong move.

Why is it the wrong move?

When attorneys ignore change they increase risk

Increased risk leads to danger, disaster and loss. Here are a few objective examples to demonstrate what I mean by increased risk.

Law firms following the traditional model push their associates to produce more work (i.e. chargeable hours) year-over-year. Their associates eventually reach a breaking point as mistakes, errors, and negligence begin to take hold.
Individual attorneys lose six hours each day to nonbillable work. They could automate, semi-automate, and/or outsource this nonbillable work but for whatever reason, most don’t. Most attorneys/small firms struggle with rainmaking or business development unnecessarily.
Clients aren’t willing to pay for legal research, junior/first-year associates and large bills for legal miscellany (e.g. photocopies, food, travel expenses, etc). Traditional firms have resisted this push leading to a significant loss of business.
A research report by Verizon found legal professionals were the easiest to hack. This creates an avalanche of liability that results in unnecessary lawsuits, penalties, fees, lost goodwill, and lost client trust. A key example? Cravath Swaine & Moore and Weil lost $4 million to cybercriminals in 2016.

Can you see the risk?

Change resistance increases risk, danger, disaster, and loss sometimes exponentially.

Why pundits perpetuate change resistance

Pundits and experts tell you to do something you know you can’t do.

Take unwarranted risks.

They ask you to trust third-party firms (i.e. security firms) with your client’s sensitive data. You’re asked to trust, no, to let go of the responsibility that comes with business development.

These risks seem unreasonable.

If you’re like most attorneys and law firms this triggers psychological reactance. Most attorneys and firms in this position feel their choices are being limited in some way as if they’re being asked to behave in an irresponsible or imprudent manner.

So they resist.

There’s a better solution. One that provides attorneys with the agency and control they need to avoid risk while simultaneously addressing the need for change. I mentioned it just a few paragraphs ago, did you miss it? If so, here it is again.

Aim your cautious, risk-averse nature.

When you don’t know how to recognize the legitimate threats around you everything seems dangerous. What does this mean for you then? It means you need to follow a few specific best practices.

Create heuristics to recognize potential (yet unknown) threats and opportunities
Aim your cautious, risk-averse nature at threats. Attack aggressively, win decisively
Accept and plan for failure
Create heuristics to limit, learn from and exploit failure

1. Create heuristics to recognize potential (yet unknown) threats and opportunities

You can use a basic form of heuristic analysis to identify unknown events that exist in or around your law firm.

What exactly is heuristic analysis?

Heuristic analysis is a methodology that’s used by cybersecurity software providers to identify unknown threats. Here’s how security professionals use this heuristic model.

They examine suspicious looking code
They compare suspicious looking code to a database of known/confirmed threats
They flag anything that matches confirmed threats in their database

Pretty simple, right?

Believe it or not, this simple heuristic model has all the tools you need to spot potential threats and opportunities for your law firm. We just have to adapt the process above to suit our needs.

Here, take a look.

Examine suspicious elements (e.g. people, circumstances, offers, events, etc.)
Search for precedents that match (or are similar to) your suspicious elements
Flag suspicious elements that are confirmed

Okay then.

How would you go about using this in your law firm? Let’s look at a recent example. Law.com shared a story about a client poaching lawsuit.

A personal injury firm’s case that accuses a New York area competitor of paying clients out of a briefcase full of cash to switch law firms has escalated, with the plaintiff revealing that one of its paralegals went undercover as a potential client to obtain “forensic” proof of wrongdoing by William Schwitzer and his law firm.

Ginarte Gallardo Gonzalez & Winograd raised eyebrows last year with a lawsuit in Manhattan Supreme Court claiming that Schwitzer and his firm, William Schwitzer & Associates, used non-attorney “runners” to entice Ginarte clients in a doctor’s office waiting room to switch firms. The Ginarte firm revealed Friday that one of its paralegals pretended he was injured on a construction site and recorded conversations with the runners and two lawyers at Schwitzer’s firm.”

It’s a wild story, isn’t it?

It seems both these firms have missed the point. These firms are competing for client business. From the sound of things, their competition is routine and cutthroat. Can heuristic analysis be used to identify the types of clients most likely to switch law firms?

Absolutely.

Let’s apply the same heuristic model to this scenario.

Examine suspicious elements (client poachers, clients switching law firms)
Search for precedents that match (or are similar to) your suspicious elements
Flag suspicious elements that are confirmed

First, we start asking questions to identify suspicious elements. We keep questions until we get to the source of the problem.

Which clients switched firms in favor of [competitor]? What motivated them to leave?
When did they decide to leave? Where were they?
Which clients stayed with us. Why did they stay?
What are the differences between clients who stay and clients who leave?

Research into this story confirmed some important details. Clients were being offered $2000 and a free Uber to switch. This narrows things down considerably, doesn’t it? The data in this example shows many personal injury clients need money but they’re temporarily unable (or unwilling) to work.

These details aren’t complicated, are they?

It’s an opportunity for you to create a compelling value proposition for your firm and your clients. What does this mean then?

You can identify the characteristics of a loyal/disloyal client, enabling you to market your services appropriately
You can find a way to provide indigent/injured clients with the short-to-long term income they need (directly or via third-party providers)
You can use the strong value proposition you created above as a sales and negotiating tool to win and retain prospective clients
Create client intake tools and educational resources to inoculate new clients against poachers
Create an irresistible offer that acts as an economic moat protecting your firm against bigger, stronger, unscrupulous or more aggressive competitors

This is the power of heuristic analysis.

With the right set of questions, a clear plan of attack and actionable data, your firm has the tools it needs to create a competitive advantage your competitors will struggle to overcome. You can use heuristic analysis to identify strengths, weaknesses, opportunities and threats.

Heuristic analysis is a best practice that’s rarely discussed. Use it to:

Identify A player employees
Discover the reasons why your clients are leaving
Create irresistible offers and compelling value propositions that motivate clients to stay
Simplify rainmaking and business development, attracting an avalanche of leads, clients and revenue
Systematically increase your billable rates (and collection realization rates) year-over-year
Keep A player employees happy and loyal without the exorbitant incentives and bonuses required by employees at most firms

The possibilities are endless. And here’s the important part. Heuristic analysis works well when you compare and contrast across a variety of dimensions including:

Region, location and jurisdiction
Comparison by practice areas (e.g. real estate law vs. corporate law)
Legal industry compared with other industries (e.g. venture capitalists, accounting, consulting, etc.)

When it comes to heuristic analysis, the sky’s the limit.

2. In your cautious, risk-averse nature at threats. Attack aggressively, win decisively

I’ve mentioned that you can use heuristic analysis to evaluate your firm’s strengths, weaknesses, opportunities and threats. Strengths and weaknesses typically aren’t time-dependent. Opportunities can be, but there’s often a fresh one just around the corner.

Threats are different.

If you identify a threat it’s typically wise to take action immediately. This is the time to do what you do best.

Attack.

You want to use your cautious, risk-averse nature to minimize and/or eliminate threats. You aren’t always required to rush into battle but it’s a good idea to attack threats (the problem) aggressively, where appropriate, and win decisively. Here’s a list of threats you may face in your firm.

Losing prospects
Losing clients
New competitors
Industry disruption via innovative processes, competitors or events
Falling billing and/or collection realization rates
Poor/delayed timekeeping
Falling utilization rates
Decreased productivity and/or performance
Decreased morale
Decreased lead flow
Decreased profitability by client/practice area/timekeeper/role
Consistent failure to hit/achieve goals and key performance indicators
Law firm culture/values clash

You’ll want to identify your primary, secondary and tertiary metrics.

Primary metrics are about survival, these are the metrics you check regularly
Secondary metrics are about growth, the ones you monitor on a semi-regular basis
Tertiary metrics are concerned with expansion, those you monitor less often

This needs to be defined by you. Here’s a short list of the metrics you can monitor your firm. Primary threats should be addressed immediately. Secondary threats addressed urgently and tertiary threats addressed promptly.

3. Accept and plan for failure

Good practice management takes time. It’s difficult to extract both immediate and long-term value consistently. What does that mean for you? That you accept and plan for failure.

How do you do that?

Let’s say the attorneys in your firm are turning their timesheets in at the end of the month. You know the longer they wait to record their time, the more inaccurate your billable time and realization rates will be.

You lose 10% of your billable time (revenue) if you record time the day of, once a day.
You lose 25% if you wait 24 hours to record your time.
You lose 50% if you wait one week.

If they’re turning in timesheets at the end of the month you’re losing 50 to 70 percent of your billable time. That’s an incredible amount of lost revenue. Imagine making 50 percent more simply by recording your time as-it-happens?

That’s a painful example of failure.

You won’t always be able to plan for failure ahead of time. Often times, you’ll experience failure first. This is your chance. You can accept the failure now, then plan for that failure in the future.

Here’s how you do that.

Recount a personal or professional failure you’ve experienced
Outline how things went wrong and how they could’ve gone wrong
Identify (a.) Your ideal solution to the problem if you don’t know that move on to (b.) The person or professional who knows how to solve your problem

You’ll want to create a comprehensive list of the ways things can and will go wrong. This can be scary to outline in detail but it’s important. Outlining your worst fears – the way things can go wrong, it’s a form of inoculation. It de-fangs the fear, anxiety and stress that comes with failure.

The strategy is straightforward.

When you experience failure, make it worse. Outline the mistakes you made and the mistakes you could have made. Make a list of everything that went wrong. Then make a list of everything that could go wrong. Then identify the solution.

That’s it, simple right?

4. Create heuristics to limit, learn from and exploit failure

How are you supposed to learn from failure? If you’re running a firm with other associates you know how hard it is to change their behavior. How are you supposed to limit, learn from and exploit failure if you can’t persuade your employees to change their behavior?

It’s simple.

You apply the right behavior model. Best practices fail and poor behavior continues when you’re missing the right behavior model.

Okay, first things first.

What do I mean by “behavior model?” It’s behavior prediction and forecasting.

A behavioral model is a collection of data you use to make predictions about future behavior. I’m oversimplifying things here intentionally. I don’t want us to get bogged down or lose focus.

BJ Fogg, a researcher at the Stanford Persuasive Technology Lab, created the Fogg Behavioral Model (FBM). The FBM was designed to answer a simple question.

“What causes behavior change?”

The FBM shows there are three elements to behavior change.

Motivation. A compelling reason for people to change their behavior.
Ability. The capability to change behavior in the desired fashion.
Triggers. A prompt or call-to-action that tells people to “do it now!”

These are the elements that work whether we want them to or not. This is how you change behavior and results in the long term. Here are some examples of each category.

Motivation

Motivations rely primarily on desire, things we want and things we want to avoid.

Sensation governs pain and pleasure. These can be both subjective and objective.
Anticipation regulates hope and fear. This includes subsets like expectation and frustration.
Belonging regulates social rejection and social acceptance.

Ability

Ability relies on ease and simplicity. If it’s easy-to-do it more likely to be done. What about simplicity? You making simple by removing barriers. The more barriers you remove, the more simple behavior change becomes.

Time. “It takes too long” or “That was faster than I expected.”
Money. This has a negative financial impact on me/us vs. a positive financial impact on me/us.
Physical effort. “This is exhausting and hard” vs. “easy and enjoyable.”
Cognitive ease. Easy to think about, difficult to think about.
Social acceptance. This is socially unacceptable (stressful) vs. this is socially acceptable.
Regularity. “This isn’t something we normally do” (irregular) vs. “At 2 PM I usually…” (regular).

Triggers

Triggers are known by different names. They’re often called requests, offers, cues, calls-to-action or prompts. When it comes to changing behaviors (i.e. as-it-happens billing) there are three types of triggers.

Spark: A trigger that’s paired with a motivator (like the ones we’ve discussed above) works best when motivation is low.
Facilitator: A trigger designed for people with high motivation but low ability. This trigger is a helpful way to learn how to use a new software feature. Acting on this trigger means a recurring task will be more difficult at first, then easier to accomplish again in the future.
Signal: This trigger is appropriate for staff members who have both high motivation and the ability to act. These triggers simply serve as reminders to take action. They’re simple, straightforward and clear.

This is how you limit, learn from and exploit failure. This is how you attack failure preemptively. These best practices aren’t as obvious, but they are timeless.

Use these heuristics to improve:
Business development	Rainmaking
Time tracking	Expense tracking
Billing and invoicing	Online payments/payment processing
Collection realization	Utilization rates
Document assembly	Document management
Project management	Employee productivity
Data and cyber security	Access management
Accounting	Reporting (e.g. financial, practice, security, etc.)

The possibilities are endless.

Here’s the most important part about these heuristics and best practices. They’re timeless. These strategies and tactics aren’t trends or fads. There relevant today and they’ll be relevant in 2030. They’re simple details that require a bit of consistent thinking.

Can your firm counter the inevitable?

Change is the consistent theme of the legal industry that continues to threaten attorneys and law firms. Attorneys do their very best to resist change yet, in the end, none are successful.

Change comes for us all.

Attorneys, law firms and the legal industry at large have a serious problem with change. The same, cautious, risk-averse nature that makes you so formidable is also the same nature that creates this strong resistance to change. Contrary to popular belief, this isn’t a personal defect, it’s a strength.

Aim your cautious, risk-averse nature at your problems.

When you don’t know how to recognize the legitimate threats around you everything seems dangerous. Follow these best practices and you’ll find your firm is prepared for the inevitable, the unexpected and the unknown.

3 Simple strategies attorneys can use to improve their law firm’s data security

August 14, 2019 By Andrew McDermott Leave a Comment

It’s an unpreventable disaster.

One hundred six million people have been affected by the Capital One data breach. A former Amazon employee exploited a vulnerability in Capital One’s cloud system using it to steal sensitive personal and financial data from their customers.

There’s no way anyone could have seen this coming.

There’s just one problem with this belief. It’s completely untrue. A Wall Street Journal report shows the vulnerability that led to the Capital One hack was known (and shared) by security researchers since 2014. It’s no surprise; criminals frequently target financial organizations.

What about law firms?

Which industry is more appealing to cybercriminals?

If you guessed law firms, you’re right.

News outlets like the BBC and the WSJ state that law firms are a favorite target for cybercriminals. A report by Recorded Future lists state-sponsored attacks on law firms from China, Russia, and Iran are on the rise. Land a large client and you become a target for cybercriminals. Wait a minute. The majority of law firms are small. Many of them serve individuals or other small-to-medium businesses?

How are these firms at risk?

The ABA TechReport shows most attacks are directed at small and medium sized firms.

27 percent of attacks were directed at firms with 2 – 9 attorneys
35 percent of attacks were directed at firms with 10 – 49 attorneys
33 percent of attacks directed at firms with 50 – 99 attorneys

As far as cyber criminals are concerned, small law firms are the low hanging fruit. They’re easy pickings for criminal opportunists looking for an easy payday.

Why?

Law firms have a treasure trove of data. They have client, firm and customer data in the form of agreements, documents, contact details, insider information, personal and financial documents.
Law firms have deep pockets. Cybercriminals assume law firms have a significant amount of cash on hand in the form of hourly billings or cash in a client’s trust account.
Law firms are exposed and vulnerable. A LogicForce report listed 4,169 publicly confirmed breaches since 2016. That number is increasing rapidly. What’s worse, 40 percent of firms weren’t even aware an attack had occurred.

Law firms act as indirect information brokers. They’re expected to safeguard their client’s business. Sure that’s not your core business. You’re focused on taking care of your client’s legal matters. But that doesn’t matter to these cybercriminals.

You have client data and they want it.

What law firms can do to improve data security

As information brokers, law firms can take precautionary steps to ensure that the information in their possession, law firm and client data, stays in their possession. Aren’t most firms doing this already?

Not at all.

A recent report from LogicForce had some surprising implications.

53 percent didn’t have a data breach response/recovery plan
77 percent of firms didn’t have cyber insurance
95 percent of respondents were noncompliant with their own cyber policies
100 percent were noncompliant with their client’s policies

The vast majority of law firms are vulnerable to a data breach. That’s obviously bad news for law firms. But it’s also very good news for law firms.

Here’s why.

These vulnerabilities provide law firms with the clarity and direction they need. Let’s take a look at some of the steps law firms can take to secure their data.

1. Create a cybersecurity policy

A cybersecurity policy outlines the systems, procedures needed to guard your data against attacks. This policy provides firm-wide direction outlining:

Who is responsible for what
Who has access to what (and when)
How your data should be protected
Who is responsible for protecting firm data

Your cybersecurity plan should include instructions on (a.) the security programs you’ll need to implement (e.g., antivirus, firewall, and anti-exploit software). (b.) how hardware and software patches or updates will be applied. (c.) how your data will be backed up when it will be backed up and where.

2. Move to the cloud

The implication here is this: The majority of small to medium firms aren’t prepared for a data breach. This isn’t because law firms are somehow inadequate or lazy.

Not at all.

It makes sense that many firms aren’t prepared for the inevitable disaster. First, there’s cost. Here’s what you’ll need to spend to build your own IT department.

Title/Role	Small	Medium	Enterprise
Network Operations Manager	$109,260	$123,729	$139,641
Network Administrator	$69,782	$79,194	$89,733
Help Desk Support Rep	$49,248	$55,123	$62,368
Installation and Maintenance Technician	$88,978	$106,212	$126,511
	$317,268	$364,258	$418,253

These numbers are only focused on employee salaries; they don’t include benefits, bonuses or incentives. It also doesn’t include:

Laptops, mobile devices, and other hardware
Software licenses and setup fees
Consistent data backups, maintenance and archiving
Internet and network services
24-hour support (including higher on-call salaries)

These expenses make a compelling case for law firms to move their operations to the cloud. Cloud-based practice management software, document management platforms and project management tools enable you to offload your network security to a trustworthy provider.

With cloud software, the responsibility rests on your provider’s shoulders.

They’re responsible for security, backing up your data regularly and maintaining compliance. It’s your provider’s job to protect your firm from criminal activity, inappropriate access, freak accidents and acts of God. From negligence and mistakes.

3. Create a disaster response and data recovery plan

According to the LogicForce Cyber Security Scorecard, law firms experience a never-ending avalanche of attacks. Their report shows law firms experience:

10,000 network intrusion attempts per day
1,000 invalid login attempts per day
59 percent of all emails are classified as spam, phishing or ransomware

How can cybercriminals keep up this frantic pace? These attacks are carried out by automated scripts or programs. They’re equal opportunity predators. While small firms are low hanging fruit predators will pursue firms of any size, specialty or classification. If you have the resources they want they’ll search for a way in.

Good data security makes your law firm a hard target

A breach may be inevitable, but data loss isn’t mandatory. At some point, these predators will find the “in” they need. Will they find a firm that’s protected all of its data or a firm filled with sensitive (and exposed) client data? It’s up to you. With a disaster recovery plan in place, you’ll have the resources you need to limit the damage done to your business.
It’s not a matter of if your organization is attacked but when and how hard. The time to prepare is now. Make security a top priority, utilize data loss prevention tools, be ready. They’re coming for you either way.

4 Legal Industry Trends For Modern Lawyers

August 13, 2019 By Andrew McDermott 1 Comment

Several shifts are taking place in the legal industry. Some of these shifts are more obvious, while others are progressing quietly behind the scenes.

Are you ready for these changes?

For most firms, it’s business as usual. Only it isn’t business as usual for clients. Many of these clients have a different set of expectations from the firms they hire. Firms with a “business as usual” mentality have much to lose.

Let’s take a look at a few of the 2019 trends shaping the legal industry.

Trend #1: Client expectations are growing, again

Clients are spending less, demanding more, and expecting greater value. Today, clients have more choices than ever when it comes to choosing a firm to meet their legal needs. The abundance of choice means they’re now in the driver seat.

Clients increasingly refuse to pay for research. They won’t pay for new/first-year graduates or shoddy work. Clients demand more value and efficiency. They want more work for less money, in less time.

Here’s what’s frightening.

According to an Altman Weil survey, 94 percent of respondents stated they knew these changes were required, that clients expected them. Yet, only 49 percent stated they’ve changed their approach.

Can you see that?

The majority of attorney/firms see the writing on the wall, but more than half refuse to change. Jaw-dropping, isn’t it?

Trend #2: Digital transformation is here

Greg Verdino describes digital transformation as:

“Digital transformation closes the gap between what digital customers already expect and what analog businesses actually deliver.”

According to a recent survey by PwC, 80 percent of law firms believe digital transformation is essential for future survival/success. You see where I’m going with this, right?

That’s right.

A startling 77 percent of firms haven’t bothered to begin making the transition. We’re in an “Innovate or Die” cycle yet most firms can’t be bothered to give clients what they want. Again, client expectations have shifted dramatically changing the way business is done in the legal industry.

Today your clients expect an “always-on” availability from you and the attorneys handling their matters. They expect you to be available via phone, text, email, video conferencing, live chat and even Whatsapp. The expectation is clear – if they’re using it, you should be too.

Trend #3: Virtual and remote law firms grow

Virtual law firms are growing in prominence as the remote work culture becomes mainstream. Savvy law firms are using the virtual model to create innovative firm models that work with, rather than against, client expectations.

They’re using a virtual law firm to:

Create multiple brands, all housed under the same (digital) roof. Use alternate brands to test. Test your business models, services, messaging, pricing and fee structure – anything you want – without hurting your brick and mortar firm. Significantly less risk if it fails.

Find what works, quickly. Using DBAs, websites and microsites you can create multiple versions of your virtual law firm. You can test ideas against each other. Competing with yourself means you’re able to answer questions your peers haven’t even begun to ask. Which clients spend the most money and why? Which service areas produce the greatest amount of profit? What kind of work creates the greatest amount of job/work satisfaction?

Increase hiring effectiveness. Dr. Bradford Smart, the author of Topgrading, found that a miss-hire costs businesses 27 times an employee’s salary. A comprehensive hiring process is a great idea. Hiring attorneys on a freelance basis to test their abilities before you hire them, even better. Hiring, maintenance, and management costs are reduced. Severance, opportunity, and disruption costs can be reduced or eliminated.

Reduce operating expenses. Office space and associate salaries take up as much as 2/3rds of your revenue. With a virtual law firm, you’re able to dictate when and why you take on major expenses. Your performance data will tell you whether it’s worth it (or not). Grow rapidly (or slowly) scaling up or down as demand and performance dictate.

Trend #4: Cyber attacks against law firms are on the rise

Several sources state that law firms are now prime candidates for attack. In fact, 80 percent of the largest law firms have been victims of a data breach. This trickles down the chain to smaller, less protected firms. The risks to law firms are severe.

Here’s why.

Law firms have valuable data.
In 2016, cybercriminals stole confidential M&A data from a bevy of firms including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. Attackers were able to sell the data for $4 million. These firms haven’t fully recovered from the attack.
Law firms have money. Cybercriminals stole a large six-figure sum from a firm’s trust account. They used a combination of malware and social engineering to extract passwords from the firm’s bookkeeper. It goes without saying that this increased their firm’s liability. It also means business development/acquiring new clients is a tough uphill climb moving forward. When trust is broken, it’s unlikely to return.
Law firms are unprotected and unprepared. According to the 2017 Logicforce Law Firm Cyber Security Scorecard, 62 percent of firms don’t have a dedicated IT professional. Less than 33 percent have cybersecurity training programs and only 41 percent of firms have formally documented security policies. Firms are attractive targets because they don’t have the policies and protocols needed to defend their firm.

The importance of these trends continues to grow. These are actionable, real-world trends that affect your firm’s ability to survive and grow in a competitive environment.

Which trends matter most?

There are tectonic shifts taking place in the legal industry. Traditional models are losing ground as innovative models are continuing to grow in prominence.

Most firms are aware of these changes.

But as we’ve seen from the data, they don’t care enough to make the appropriate changes needed for their firms to survive. Some of these shifts are more obvious, while others are progressing quietly behind the scenes. it’s business as usual for most firms. Not so for clients.

Are you ready?

You can be. As we’ve seen, knowledge gives you the tools and resources you need to future-proof your firm. Take the small steps you need to grow and you’ll have what you need to stay ahead of the coming shifts in the legal industry.

2 Ethical Ways Attorneys Can Maximize Their Use of Facebook

May 16, 2019 By Andrew McDermott Leave a Comment

In the right hands, Facebook is an incredibly powerful firm building tool. But it has a sweet spot – B2C firms. Even better, it produces significant value when the right amount of effort is applied.

Which is why it’s ignored.

Most lawyers prefer to focus their limited time and attention on business development platforms they view as a “sure thing.”

Many lawyers ignore Facebook for one simple reason

It isn’t a sure thing.

These attorneys prefer to focus on tried-and-true, but minimally effective strategies like purchasing leads. You pay a third-party platform a flat fee for a particular lead. Next, you wait for the leads to come in. Finally, you race to follow up with each and every lead you receive.

On the surface, this sounds great.

It’s an easy way to attract the attention of eager and motivated clients. If you’re running a consumer-facing firm this is exactly what you’re looking for.

Here’s the problem.

Many firms receive the same set of leads you do. This means at least three or five other firms are racing to get in touch with the same prospect before you do.

This is very bad news.

If you’ve purchased these leads before you know where I’m going with this. These lead services are typically riddled with problems.

The prospect’s contact info is often missing or incorrect
Prospects are irritable and unwilling to negotiate further due to being inundated calls
Prospects are price conscious, disloyal and focused on “deals”
Many of these services don’t offer refunds. Ten bad leads at $60 per is a $600 loss

Most firms accept these losses as a cost of doing business. They continue to pay for these nonexistent/low quality leads on a daily, monthly or annual basis.

It’s a tremendous waste of money.

Facebook is tremendously valuable…

If you know where to look.

If you’d like to put Facebook to work you’ll need one thing above all else.

Consistency.

Consistency is the key to making all of this work. You’ll need to invest for the long term. If you’re a trusted source people can depend on, Facebook will supply you with a steady stream of eager, motivated and focused clients. Here are two ways lawyers can use Facebook for effective and comprehensive business development.

Strategy #1: Closing prospective clients

Here’s a simple and straightforward strategy you can use to win over prospective clients. First, you’ll need to determine what your clients want. The strategy we’ll follow is straightforward and simple.

Choose one specific practice area (e.g. bankruptcy). If you’re like most firms, your focus is spread across multiple practice areas. You want to choose one practice area to start. Why? You’ll need time to work the kinks out of your advertising campaign.
Do keyword research on bankruptcy, credit, and debt related topics. Head over to Google keyword planner and Google trends to start searching for content ideas. You’re looking for educational content ideas – Helpful content you can create for your prospective clients.
Create educational content (on your selected topics). Your content should be practical. It should present your client’s problem in their own words. Recommended solutions to their problem, and a way to contact you if they prefer you to handle things for them.
Advertise your educational content to a specific and highly targeted audience (i.e. a specific demographic in your state or county). You want to outline the demographics and psychographics of your ideal client ahead of time.
Use retargeting/remarketing to follow up with prospects who have already visited your site. You want to present these clients with an irresistible offer and a compelling value proposition. An irresistible offer could be a compelling bonus, discount or incentive that gets prospective clients to take action immediately.
Show prospective clients the next step. What do they have to do to receive your compelling offer? Do they call you, stop in to see you personally or schedule a free consultation? Make their next steps easy, simple and clear. The easier it is for clients to request/pay for your services the more likely they are to do it.

Strategy #2: Build a stable platform for clients

Facebook groups are a goldmine.

They’re easy ways to build an audience of like-minded prospects around a specific practice or focus area. There are two ways to use Facebook groups to attract prospects.

Build a group. Building a group gives you control. You’re able to structure the terms and conditions of the group. You decide whether your group is open to the public or private for members only. Groups you build can be targeted to a specific demographic or psychographic.
Join a group. There are hundreds of thousands of groups on Facebook. These groups are structured around a particular topic, theme or focus area. They’re a great way to attract a massive audience in a very short period of time. Groups you join are helpful but they tend to be broad, serving a massive audience over a larger area.

I’d recommend that you use both. Here’s how you do it.

First, build a group.

You can follow these instructions to create your own Facebook group. You want to use the demographics and psychographics you outlined earlier to determine who you’ll accept or reject. If you’re a bankruptcy attorney in the state of Kansas, focus your attention exclusively on bankruptcy credit and debt topics. Only accept members if they live in the state of Kansas.

Easy, right?

Next, join a group.

You want to create a list of Facebook groups you can join. Your goal? (a.) Help the members of other groups. Offer legal information, help, and support to people in relevant groups. (b.) Post content as your page. Here are some instructions and how to do that.

Redirect prospects who visit your page to your Facebook group first and your website second. Why send them to your group first? Why not send them to your website and try to convert them there?

They’re not ready.

Google ads are more like an auction. Prospects are in a buying mindset. Facebook is like a party. Prospects are in a socializing mindset. When you drive prospects to your website it’s often viewed as a hard sell. Sending them to your Facebook group gives you the chance to build a relationship and add value.

What if prospects are in a buying mindset?

It’s a great problem to have. They can visit your website or contact you for a consultation.

Here’s why this group strategy works.

Building a group of your own builds a stable audience of eager, like-minded clients.
Joining someone else’s group gives you the opportunity to add value to people in your area who may be looking for a professional with your skills
When you serve group members you trigger the law of reciprocity. Prospects who feel indebted to you or impressed with your legal information are far more likely to contact you for help. These prospects typically won’t haggle over price. They also tend to trust your judgment and expertise, become stable long-term clients.

What if you don’t have the time?

That’s easy.

You use the same strategy elite attorneys use to get an enormous amount of work done in a very short period of time.

I’m talking about dead time.

Dead time is occupied time. The time where you’re doing something tedious, repetitive or mindless (mostly). Eating lunch at your desk, your daily commute to and from work, working out, etc. Here’s how you use it to get more work done.

Hire a virtual assistant to manage your Facebook group
Have them send you specific questions from members
Use a digital recorder or your smartphone to record your answers to member questions
Have these answers transcribed and posted to Facebook (or post them as a video or podcast)

It’s easy efficient and helpful.

Facebook could be your secret weapon

In the right hands, it’s a powerful firm building and business development tool. It’s a platform many attorneys choose to ignore. Facebook is the perfect B2C platform for small, medium and large consumer-facing law firms.

The good news, it’s being ignored.

Most attorneys choose to focus on the sure thing. As we’ve seen, the sure thing isn’t really a sure thing. These lead services come with problems of their own. A severe amount of competition, disloyal clients and poor quality overall.

Your hands are the right hands.

Start today, be consistent and you’ll find Facebook is the secret business development weapon you’ve always wanted.