It seems like not a day goes by without another article or news headline featuring a security breach, whether it be Equifax or a law firm. In light of law firm breaches finally becoming public, there’s been a fever pitch focus on security – and rightfully so. These breaches are evolving from pure ransomware to malware wipers capable of rendering all locally saved data inaccessible, even after the ransom is paid.
In response to these threats, many firms are looking to the cloud as a means to become more secure. For most firms, this is a very sound decision, as cloud providers are able to spend significantly more on security measures. However, simply moving your document management system (DMS) to the cloud won’t solve your security issues.
In most firms, DMS adoption is mediocre to downright nonexistent. This year, Fireman & Company has interviewed almost 2,000 lawyers across a wide range of projects and one common theme crosses firms and practices: lawyers work very hard to avoid using the DMS. Most often, they’ll put files on their local C drive, or a network share, because they feel it’s simpler and easier to save and retrieve documents that way. Left unaddressed, this is a ticking time bomb, even if you move to the cloud. Malware wipers are designed to delete, or permanently encrypt, the data on any hard drive they touch. This was the method used in the attacks on several law firms and what was part of the Sony breach. Documents stored on C drives and network shares are susceptible to these malware wipers. Fireman & Company has seen firms where over half the work product sits outside the DMS.
The bottom line is this: poor adoption is a major security issue.
Unlike other security issues, technology isn’t the answer. This problem can be solved only by people and process.
Start by being honest about your DMS adoption. Adoption means that lawyers are using the DMS effectively, which implies much more than measuring basic system interactions. We have seen DM administrators willfully blind themselves to user avoidance behavior by falling back on meaningless usage stats. There is no need to be defensive about your levels of user adoption; after all, most of the legal industry is equally bad. Get a clearer view of user behavior by analyzing useful metrics. Look at how many files live on your file shares (Varonis is a good product for this). You might be surprised how many people are circumventing the DMS.
Next, listen to your lawyers. They will almost universally deliver one message: they need flexibility. Matters can be large or small; practice needs vary by the area of practice, geography industry. Partners have their own, equally effective ways of managing matter files. In plain English, get the system out of the way and let the lawyers practice law. What would you prefer: Knowing that all of your matter content is in an organically structured, flexible DMS – or a perfect taxonomy that is misused and avoided?
Planning for DMS adoption is about much more than how you structure matter workspaces. You need to understand why lawyers have been frustrated with document management. Here is one example. Many litigators save their first drafts of pleadings outside the DMS. They know they are not complying with the firm’s risk management policy, but it’s more important to them to avoid having raw drafts – which reflect on their work quality – floating around the DMS and search results. So, get creative. Make it easy to save first draft pleading in the DMS as private documents and make it simple to render later drafts public. Understand your users’ needs; they know how they need to work. Build empathetic processes.
We are entering a significant DMS upgrade cycle. Do not risk continuing legacy approaches to DMS design; this will only exacerbate adoption challenges. For instance, think about how to leverage DMS-based artificial intelligence features to simplify, streamline and enhance work product quality and productivity.
There are other benefits to driving better DMS adoption. With better adoption compliance, you can more confidently, comprehensively, and systematically ensure ethical walls and security are enforced. When you’re asked to produce a complete record of a client file, you can be more confident you’re turning over all work product. Better adoption also ensures your work product is actually under the umbrella of security your DMS provides. Lastly, your partners will appreciate that you are trying to maximize the (not so trivial) investment in the DMS.
With so many firms planning DMS upgrades in the next 12 to 18 months, this is the perfect time to revisit your DMS adoption. If done right, you can be a hero in the eyes of your lawyers and staff, and put your firm in a better security posture in the process.