Tag Archives: cyberattacks

Legal Technology Trends for 2017

It is common, at the beginning of the year, to ponder upon what the year ahead will bring. Several experts have published their predictions for trends we can expect in legal technology, in 2017. So, what are they saying? Generally speaking, they expect lawyers to become more mobile, more collaborative (using the cloud do to do), and more responsive (using social media to engage with clients and potential clients). 2017 is also expected to see a rise in the usage of AI (Artificial Intelligence), and to be the year that E-Discovery goes mainstream. Cybercrime & Cyberwarfare, too, will remain in the news.

Let’s have a closer look at these items.

More Mobile

In 2016, for the first time worldwide, we saw more mobile devices being used online than desktops. This trend is expected to continue. More lawyers will start using mobile apps. They also will start accommodating their mobile clients – and potential clients – more. (We recently published two articles on the subject, where you can find more information).

Cloud

2017 will see a further increase in cloud usage. The could will play an increasingly important role in collaboration between lawyers. Bigger law firms are expected to start using big data analytics. The cloud will also play a significant role in the further development of AI and E-Discovery (see below).

Cybersecurity

Cybercrime will continue to rise, and will continue to become more and more sophisticated. AI will increasingly be used in cyber-protection, as well as in attacks. Experts also expect an increase in cyberwarfare.

Social Media – Business Social

More lawyers will start embracing social media, and as a result they will become more responsive, i.e. engage more with clients and potential clients. More specifically, for lawyers, an increase is expected in the usage of professional or business social media. Some experts foresee an important role for new players (service providers) on this market.

AI

In 2017, AI will continue its rise, and become more omnipresent. The main focus of artificial intelligence in legal tech will remain on Machine Learning. More specifically, AI will continue to push legal technology in the fields of Legal Research (with, e.g., virtual Legal Research assistants), Contract Review, Security, and E-Discovery (see further). One expert also expects AI to be introduced in legal practice management, as well as legal project management, which, in turn could lead to significant advances being made in those fields.

E-Discovery

Last, but not least, 2017 is the year E-discovery is expected to go mainstream. E-Discovery, also spelled eDiscovery, stands for electronic discovery. It refers to the discovery of relevant information in legal proceedings – such as litigation, government investigations, or Freedom of Information Act requests – where the information that is being analyzed is stored in an electronic format. Think, e.g., about the recent example of the FBI analyzing tens of thousands of emails that were leaked by WikiLeaks, in just four days. As more and more information is being stored electronically, E-Discovery is becoming more and more important. In 2017, it is expected to go mainstream.

Experts predict the following trends for E-Discovery in 2017:

  • The increase in social media usage implies that E-Discovery will have to be able to incorporate the analysis of social media information as well.
  • The Internet of Things will also have a serious impact on E-Discovery, as it will have to learn to process the data that are produced by billions of devices. In the US, e.g., there is a murder case where Amazon is asked to give access to the data one of its digital Echo devices (virtual assistants) may have recorded as evidence.
  • Because of these two developments (social media & Internet of Things), data privacy is becoming more important than ever.
  • Machine Learning is expected to become the most important technology for E-Discovery.
  • Cross-border compliance will continue shaping E-Discovery: multinationals, e.g., must comply with laws in several countries. This has implications on what can be stored where, which in turn has its effects on E-Discovery.

 

Sources

Cyberattacks: are you prepared?

It shouldn’t come as a surprise that in an online world, cybercrime is on the rise. Not a week goes by without some cybercrime event in the headlines. So, we thought it would be a good idea to have some articles on cybersecurity. In this article, we will focus on cyberattacks, and more specifically on security breaches. Criminal security breaches typically happen for one of two purposes: hackers break into your system to either steal (and sell) your data, or to hold them for ransom by encrypting them with keys only they have.

Lawyers are not exempt from this risk, on the contrary. Because of all the sensitive data they store, law firms are appealing targets for hackers. A survey in the US taught that 80% of law firms have already been hacked at some stage. (The reporter writing the article suggested that the other 20% was either unaware, or lying about it).

Lawyers keep a lot of sensitive information on their clients. Because of the attorney-client privilege, they have an obligation to secure and protect that privileged information and data breaches erode the foundation of that attorney-client privilege. Data breaches can lead to fines, to law suits for malpractice and/or other damages, and to a loss of clientele. It is therefore important to take appropriate measures.

Now, typically, storing your information in the cloud is considered more secure and cheaper, as a) the hosting company will have all the know-how in-house, and b) the cost of security is shared, as it is spread over the different customers. But one must keep in mind that with a cloud solution, because it is always accessible, from anywhere, by anyone, at any time, that each additional user and each additional device increase the risk of a data breach. Most security breaches in the cloud are due, not to poor security on the host’s side, but to insecure devices or insecure behaviour by the users.

A recent example comes to mind. A firm in the US asked a security expert to test their security. It took him only 20 minutes to gain access to their data, with administrator privileges. How did he do it? He first looked for staff members on professional social media. Then he checked whether any of their accounts on social media or with other online service providers had ever been hacked. (You may remember the Yahoo or LinkedIn hacks, e.g., where data of millions of users were put online). Within minutes he found that an account of an administrator had been hacked, and that his login credentials were available online. When he tried to use the same credentials (user-id and password) to gain access to the law firm’s data, his attempt was successful. The weak link in the otherwise fairly secure setup was that a user was still using a password he had used before in an online account that had been hacked.

One of the most common cause of data breaches is the use of insecure devices. Laptops, tablets and phones are prime targets for thieves. Yet, many lawyers still store unencrypted client data on a laptop or on a mobile device.

So, is your firm secure? What can you do to increase security? Here are some suggestions:

  • Install intrusion detection and prevention systems, and enterprise-grade firewalls, not just on your servers but also on desktops and laptops. After all, gaining access to one device is enough to gain access to the information.
  • Enable encryption on all devices, including on mobile devices like phones, tablets and laptops.
  • Encryption should also be used for all communications between the devices.
  • Separate professional and private accounts. Don’t keep client data, e.g., on a private email account.
  • Only use secure servers. Can your server limit access to your data from everyone but yourself?
  • Continuously back up your data to secure servers. You may also consider using a trusted third-party to keep backups of your data.
  • Finally, make sure you have a response team in case of a breach, and enable a data loss / theft protocol, so everybody knows what steps must be taken when and by whom.

 

Sources