Legal Profession: The New Frontier For Cyberattacks


Law Firms Are Now Cyberattack Targets

Retail. Finance. Healthcare. Hospitality. Government. Transportation. You name the industry, it’s likely experienced the ills of data theft. Yet one sector that’s remained relatively unaffected by sensitive information hackers is that of private law.

At least, that was the case, until recently. A newly released study from the American Bar Association suggests firms of all sizes are in computer criminals’ crosshairs like never before.

“Nearly 25% of attorneys acknowledge their offices have been affected by a breach.”

Roughly 1 in 4 attorneys in ABA’s 2018 TechReport acknowledge that their offices have been affected by a breach at one point or another. That’s a considerable uptick from as recently as five years ago, when the rate was in the teens. Of those who attest to being victimized, firms with between 50-99 employees on staff were affected the most at 42%, followed by firms employing 100 or more at approximately 31%.

Rich Santalesa, a cybersecurity expert and counsel for the New York City-based law firm Borstein Legal Group, told the ABA Journal that no industry is entirely immune, but one thing that lawyers and attorneys have going for them is hindsight. Because the frequency of attacks on firms have risen only recently and remain fairly low relative to sectors like retail and healthcare, they can glean insight from others’ miscalculations.

“Law firms as a whole can learn a lot about cybersecurity by looking at other industries,” Santalesa explained. “Unfortunately, other industries have had to learn their lessons the hard way – by having breaches that have received media attention.”

At the same time, though, law firms haven’t entirely escaped the fourth estate’s observations. Indeed, as chronicled by the National Law Review, a Washington-based lawyer noted in February 2018 that attempted cyberattacks were a daily frustration at his firm, up 500% during the previous 24 months. In June 2017, multinational law firm DLA Piper was one of several other organizations whose networks were hijacked by ransomware, forcing the shutdown of the company’s IT systems for days in several of the 40 countries where DLA Piper has offices). And in April of last year, a specialist law firm’s computer networks were breached, which wound up exposing the personal commercial insurance policy data of over 1,500 companies in the U.S.

“North of 446 million records were exposed in 2018 and 1.68 billion email-related credentials.”

Ways Law Practice Data Can Be Breached

Part of the problem – both for law firms as well as virtually all other businesses that aggregate data – is the variety of means by which identifying material can be purloined. As previously referenced in this space, ransomware is increasingly common and phishing – which utilizes bait-and-switch emails to bamboozle targets – has never gone away since this means of communication debuted. According to the Identity Theft Resource Center, north of 446 million records were exposed in 2018, along with 1.68 billion email-related credentials.

“When it comes to cyber hygiene, email continues to be the Achilles Heel for the average consumer,” warned Adam Levin, founder and chair of CyberScout, a Scottsdale, Arizona-based data security services firm.

Left alone or quickly deleted, phishing emails are benign. But because they look so authentic and are designed to mimic the typeface, tone and design of legitimate companies, approximately 33% of them are eventually opened, according to a 2017 data breach report from Verizon.

Adopt A Security Culture

How can law firms immunize themselves from data disaster? It’s virtually impossible to avoid cyberattacks completely, but it starts by doing what so many other companies have failed to do, which is adopting a culture of security, Verizon Communications CSO Michael Mason. Speaking to ABA Journal, Mason said firms should approach protecting their data like they would vetting a babysitter.

“When you hire a babysitter for your child, what sort of background check do you use? Hopefully, something so precious is not put into the hands of strangers without a background check,” warned Mason. “Your firm’s data is also precious.”

He further advised that law firms often assume a “one-and-done” approach toward data security, obtaining a professional risk assessment a single time and assuming that it alone should suffice. These must be conducted consistently over time to remain above the fray, ideally once a year.

Take your network security a step further by moving to the cloud for enhanced data protection and true mobility.  The Afinety Cloud Platorm (ACP) is designed specifially for law firms by law firm experts and runs on the largest, most mature cloud provider in the world, Amazon Web Services.  Click here to learn more about the ACP.

Is Paying the Ransom Always a Non-Starter?

What Should Law Firms Do When Faced With Ransomware

Ransomware attacks are increasingly common, with some estimates suggesting that they’ve risen in frequency by nearly 500% from 12 months ago, according to Forrester Research. If your law firm IT were to be affected by such a cyber incident, would you pay the ransom?

Entertaining such a question seems to not only go against conventional wisdom but what IT security experts have long cautioned – that you can’t negotiate with the unscrupulous. Further, capitulating to hackers’ demands in no way guarantees that they’ll wind up surrendering the information stolen or encrypted.

However, given the sensitivity of the data involved, some IT authorities say it’s not so nonsensical a notion after all, as its in bad actors’ best interests to deliver on their promises when those they prey upon pay up.

Florida City Opts To Pay $600k To Retrieve Data

From small-business owners to international conglomerates, companies of all sizes have ultimately decided to cut their losses and pay the amount that perpetrators insist on. Even municipalities are acquiescing, the latest example being Riviera Beach, Florida. Located north of West Palm Beach, the city and its 35,000 residents have been unable to use public service utilities over the last three weeks because attackers hacked into the city’s network servers, disabling phone lines, emails and payment processing, The New York Times reported. Unable to retrieve the hijacked data, local lawmakers voted unanimously to pay the $600,000 ransom, which officials are hopeful will put computer servers back online as happened for a  Georgia county that paid $400,000 when it was victimized in March, according to The Wall Street Journal.

Riviera Beach spokeswoman Rose Anne Brown told the Times that it’s coordinating with law enforcement and informed them of its decision prior to wiring the money.

“We are well on our way to restoring the city system,” Brown explained.

“170 government entities have experienced ransomware infections since 2013.”

In addition to Baltimore, which is steadfast in its decision to not paying the ransom, Riviera Beach is only the latest municipality hit by such a cyberattack. Based on data obtained by CNN, no fewer than 170 government entities – meaning cities, counties or state – have fallen prey to ransomware infections in the last six years. Forty-five of these were sheriff’s or police departments. This may be particularly worrisome for law firms, given they’re often in regular communication with law enforcement regarding pending cases, which entails the sharing of data.

“We were crippled, essentially, for a whole day,” Albany Police Department patrolman Gregory McGee told CNN. “All of our incident reports, all of our crime reports, that’s all digitized.”

Acceding To Ransomware May Be Best Of Bad Options

IT teams were able to resolve the issue in New York’s capital city within 48 hours and did so without giving in to the offenders’ demands. However, given the stakes involved, many believe that paying should not be summarily dismissed as a non-starter.

“There’s a tendency to answer the question by sloganeering: Never negotiate with terrorists,” wrote Stephen Carter, law professor at Yale University, in an opinion piece for Bloomberg. “Otherwise, so the reasoning goes, you will get more terror attacks. But while this argument makes sense for those who are likely to suffer repeated attacks, it’s not clear that those less likely to be regular targets should reason the same way.”

Josh Zelonis, a senior analyst at Forrester Research, feels similarly, noting that cities who hold the line may suffer from diminishing returns as Baltimore is learning first hand. The financial fallout from the attack is believed to be in excess of $18 million and counting. In other words, the ransom demanded may be a pittance compared to the alternative.

“Many organizations significantly underestimate the scale of disruption they need to plan for or make too many assumptions about what functionality will continue to exist after an attack,” Zelonis warned.

He added that while paying the ransom may indeed be inadvisable, it should at the same time not necessarily be completely out of the question, but explored “in parallel with other recovery efforts to ensure you’re making the best decision for your organization.”

Of course, the best solution is to avoid becoming a ransomware victim altogether. This is possible by remaining vigilant.   Perhaps above all else this also means leveraging a multilayered approach to data security, including multifactor authentication, software patches, updates and a good disaster recovery plan.  Look to a reliable cloud solution, like the Afinety Cloud Platform, which runs on the largest and safest cloud provider in the world, Amazon Web Services to reduce your risk of outside threats in today’s world.

Ensuring Cybersecurity For Law Firms

How To Ensur Your Law Firm’s Cybersecurity

Cybersecurity isn’t an issue facing the legal profession alone – across the board, it affects nearly every profession and industry. And usually, not enough attention is devoted to it until something serious happens. For example, Forbes reports that a major breach occurred in the legal field in 2017, when 11 million files were leaked from one law firm.

Research by CNA Insurance showed that 80% of the largest law firms in the U.S. have already experienced a malicious breach. In most of those cases, the firms either failed to discover the breach on their own, or discovered the breach a number of months after its occurrence.

Before your law firm falls prey to a cybersecurity incident, here is some helpful advice for taking preventive measures.

Any Device Can Be Compromised

The ABA Journal warns that almost any type of advanced technology has the potential to be hacked. For example, even obsolete equipment being thrown out with the trash – such as old copying machines containing hard drives – could contain data that you don’t want falling into the wrong hands. In 2010, Affinity Health Plan, a Bronx, New York-based managed care provider, had a cybersecurity breach in which hundreds of thousands of health care records were put at risk. The lease was up on the copy machines, and when the equipment left the building, so did files on more than 344,000 clients.

Graphic of cybersecurity matrix_Afinety, IncLaw firms, like other professions, are facing the need for tighter cybersecurity measures.

Dealing With Cybersecurity Vendors?

The American Bar Association’s Cybersecurity Legal Task Force suggested measures your firm can take when beginning a relationship with a new cybersecurity consultant. For example, when you’re doing a background check of the company, make sure the prospective vendor’s existing clients haven’t suffered any recent security incidents or breaches, or that the vendor doesn’t have any lawsuits and regulatory claims against them as a result of such incidents. Also verify that they have all the staff, certifications, programs and equipment necessary to do what they’ve promised – and that they don’t plan on sharing or sending out your data for offsite storage with any outside third-party contractors without your knowledge or permission.

Under Cyberattack? Know The Signs

The Department of Homeland Security says to be aware of “Denial Of Service” attacks, which happen when legitimate users can’t access computer devices or other network resources because a hacker is flooding your server or network with requests or junk data traffic. This attack typically continues until your system cannot respond or simply crashes. Services affected may include email, websites, online accounts or other services that rely on the affected computer or network. Sometimes the hacker accomplishes this by remotely assembling a large group of unrelated computers and systems from other unsuspecting individuals and organizations to join in the attack. The more devices participating in the attack, the harder it is to trace the origin of the hack.

Have A Policy On BYOD / Bring Your Own Devices

Gathering and sharing information is an essential part of a law firm’s business. Despite the growing trend towards e-Discovery and using various digital media for storing or distributing information however, you need to be very cautious regarding thumb drives and other portable USB devices. The ABA Journal compares mini-storage devices to a dirty needle – they can come preloaded with malicious software and are often used by hackers and penetration testers to exploit human vulnerabilities and gain access to a network. According to CNA Insurance, while BYOD capability makes smart business sense because it enables attorneys to access their firms’ networks and download client data onto their devices, it also creates risks stemming from unrestricted use of outside devices. You might want to consider requiring password protection, encryption or remote wiping capability for BYOD situations. Otherwise, when devices are lost or stolen, you’re not only vulnerable to a data breach, but your firm’s network itself may be exposed to malware and viruses.

The Importance of Secure Document Management for Law Firms

Law Practices Need Secure Document Management

The sheer amount of paper produced by any law firm can be staggering. Contracts, briefs, pleadings, motions, discovery – and that’s not even counting evidentiary documents, letters, emails, and photos, all of which must be painstakingly generated, sorted, annotated, collated, and filed for future reference.

Even with digitization helping legal firms replace paper documents and create paperless offices, documentation must still be scrupulously filed and maintained. Without a standardized, streamlined process in place, information management, security, and file retrieval can be overwhelming. The correct document management program can increase productivity and efficiency, automate many basic filing tasks, improve file security, and simplify document retrieval.

Email systems and shared file drives are clumsy and ineffective as a document management option for law firms. Folder-based filing systems can create problems as you scale, with lack of version control, non-standardized naming conventions, and multiple sub-folders destroying attempts at hierarchy and logical indexing. Implementing an email folder system makes file retrieval difficult and can cause server overload due to massive email files. In addition, unencrypted email is extremely insecure, and even encrypted email is vulnerable to user error when forwarding or replying.

According to the 2015 edition of the annual Legal Technology Survey Report (which is compiled by the American Bar Association’s Legal Technology Resource Center), only 35% of lawyers used email encryption during the four years preceding the surveys publication. When asked what security precautions are used when sending confidential or privileged communications to clients via email, 71% of lawyers said they rely on the confidentiality statement in the message body.

Secure document management for law firms_Afinety Document management systems are more secure than email

Instituting a document management program in place allows sensible, streamlined organization of all files, including email, documents, and electronic media. Searchable and indexable protocols can be readily established, with documents filed hierarchically and indexed in a virtual, centralized, hub for easy access. Email and scanned comment profiling, metadata indexing, and optical character recognition (OCR) conversion make finding documents accurate, easy, and fast.

Lack of document security poses a serious privacy risk for any law firm. Multiple levels of internal and external security that permit users access to read, delete, and/or edit each document are required, and authentication protocols are crucial to client confidentiality. A good document management system will provide a complete audit trail for the document’s entire lifecycle and help ensure that the firm’s intellectual property and confidential client information are being handled properly.

Sharing documents with clients and colleagues is a constant requirement, but while sharing via email or paper copy is easy and fast, it’s neither reliable nor secure. Once an attached document is sent or forwarded to an incorrect recipient, there is no undoing it. If sensitive or confidential information was exposed, there is risk and liability if it is used against your firm or your client. A secure document management program provides safe alternatives to colleague and client communications, with authentication required to retrieve or view any documents.

A designated, encrypted portal can allow documents to be privately sent, received, and reviewed with no exposure.  Only appropriate document access is assured, while version control and document history are maintained. Documents can also be safely collaborating on within the document management program, which creates a secure shared environment within which documents can be reviewed, copied, edited, tracked for changes, saved in the latest format for all users, and shared with pertinent viewers for review or annotation.

A uniform scanning process ensures that scanned files will be organized, indexed, and secured, while OCR can be implemented on image files such as pdfs to enable full text searching across all documents. Physical media such as photographs, DVDs, and CDs, can also be digitized and indexed to reduce the space needed for a physical media library and facilitate sharing these files alongside pertinent documentation. This also improves searching capability and can produce immediate benefits for the entire firm.

The American Bar Association, in Opinion 477, laid out updated recommendations for safeguarding client privacy, and strongly urges the security of client data to be discussed with legal clients to ensure they are aware of risks if less secure forms of document sharing are used. With a safe, secure document management system, many risks can be eliminated or minimized.

How To Spot Phishing In A Legal Firm

Alert: Phishing Methods That Law Practices Need To Know

Everyone has experienced phishing in some way, whether through a phone call from an obscure agency, a letter claiming its recipient won a contest he or she didn’t enter or an urgent email either offering a fortune or threatening legal action. Phishing is one of the oldest scams in existence, and this is what makes it so dangerous.

With powerful new ransomware being developed by cybercriminals, some may believe that all cyberattacks are increasingly sophisticated, but this is only partly true. Phishing today is more cunning than it was years ago, but it still operates on the same simple principle: trick the user into a response. With legal firms handling so much confidential data, they cannot afford to ease up on phishing. Firms don’t need to be hit with ransomware like WannaCry to suffer a breach.

Phishing Is Evolving

Phishing isn’t what it was even five years ago. The days of the Nigerian Prince are largely over. These cyberattacks depended on malicious attachments to infiltrate a secure network. Thanks to providers like Google and Microsoft, however, these emails were increasingly filtered to spam folders. The suspicious attachment, especially from an unknown source, was easy to detect.

In order for phishing to work, the recipient first needs to see it. Recent Proofpoint research has uncovered a switch in phishing tactics. Phishing emails are now far less likely to use the filter-catching attachments, opting instead for emails with dangerous hyperlinks and attached archives like compressed Javascript files. This change is designed to beat the automatic filters and deliver the message into a regular inbox where it has a much higher chance of being read.

This change also allows phishing to deliver far more than ransomware and malware. Adware, banking trojans and generalized information theft are now possible through these malicious messages.

Phishing can be used to deliver a host of unfriendly software into a network, or to steal confidential employee information_fraud alert image_Afinety, Inc.Phishing can be used to deliver a host of unfriendly software into a network, or to steal confidential employee information.

Why Comprehensive Employee Training Matters

One of the most dangerous aspects of phishing is that every employee is at risk. Cybercriminals can target executives, assistants and everyday employees once they have the right email address. It only takes a breach at one level to potentially expose an entire network.

Take this real world example: an HR officer preparing the office W2s. This officer receives an urgent email from the CEO (or at least from a very similar email address), stating that there’s been a problem and HR must email the W2s back right away, so that they might be fixed. The tone of the email implies that the problem is severe and that immediate action must be taken. Given that it’s the boss, why hesitate?

In this instance, personal identifying information of not just the HR rep but the entire staff has been exposed. Life-crippling data like Social Security Numbers are now in malicious hands that can use the information for a variety of nefarious deeds.

Phishing can also retrieve passwords, usernames and a host of other information that can enable network access. Many legal firms operate on older systems, ones created before the principle of least privilege, software construction designed to limit employee access to only the files they need, was widely implemented. This means that an assistant might have full access to case files and other sensitive data.

“Most successful phishing attacks are designed to look like emails the recipient is expecting.”

The Telltale Signs Of Phishing

According to Verizon’s 2017 data breach report, roughly a third of phishing emails are opened. Organizations cannot be dismissive of any kind of cyberattack that has this level of success. While phishing has evolved, the benefit is that it has retained certain common characteristics. This makes the malicious messages easy to spot, so long as an individual knows what to look for.

A Wombat security report claimed that the most successful phishing attacks were, unsurprisingly, designed to look like emails the recipient was expecting. That HR example was one such instance. This practice, known as spear phishing, is designed to camouflage into the regular inbox traffic. However, the email – while similar – will always be at least slightly different.

Be weary of suspicious domain names. For example: may be real but is likely malicious.

Instruct staff and partners to never click on an embedded link from an unknown source, even if the email looks legitimate. Employees should also be weary of any correspondence containing multiple spelling or punctuation mistakes. Hackers rarely have the same commitment to standards that corporations do.

Lastly, train all staff to beware of any messages with intimidating or overly urgent tones. Phishing schemes are designed to make a person act first and think later. It is not uncommon for these malicious messages to threaten legal action or firing in an attempt to force an immediate response. Employees should be advised to contact a supervisor if they ever feel threatened before responding to an email.

You've Been Hacked image_phishing_Afinety, Inc.Phishing tones are typically charged, whether ecstatic or enraged. They are trying to discourage rational thought.

How A Cloud Solution Helps

Unfortunately, many legal firms do not have the budget to retain a full time information security specialist to monitor for phishing schemes and keep employees up to date on cybersecurity trends. Many do not even have the resources to fully meet all cybersecurity needs.

In an increasingly dangerous technological landscape, legal firms can feel like little fish in a very large pond. However, passing off data solutions to a trusted cloud provider can help. Cloud companies typically have much more in the way of resources to help prevent data breaches. Companies like Microsoft annually invest $1 billion in cybersecurity research, according to Reuters.

At Afinety, we take all aspects of cybersecurity seriously. Our cloud platform has been tailored to the legal industry, making sure all of your needs are met. As phishing and other cyberattacks continue to evolve, so will our product. Contact Afinety today to learn exactly how our experts and software can help your firm.

Why Legal Firms Are Switching To Cloud Computing

 What’s Driving Law Firms’ Need For The Cloud

While many sectors have been quick to embrace cloud computing, law offices have traditionally lagged behind. Part of this has to do with regulation concerns governing case data and another aspect is the lack of technical expertise not infrequently present within a law firm. However, according to a recent article from Big Law Business, legal firms are finally starting to make the shift away from in-house data centers.

This move is being prompted not just by the advantages of cloud computing but by shifting international laws and data regulations. Larger legal offices that deal with clients from around the world are finding it easier to rely on cloud technology.

Help With GDPR Adoption

A large factor driving this change is the deployment of the General Data Protection Regulation (GDPR) by the European Union. This law was written to better protect user privacy rights within an increasingly digital world, setting clear definitions as to what information can and cannot be discretely collected and used without the user’s informed consent.

While much of these new regulations link back to the growing prevalence of social networks, even basic communications like email and instant messenger fall under GDPR review. As such, many tech companies that service international clients, including cloud service providers, have updated their solutions to be in full compliance of the GDPR. By making the switch to the cloud, legal firms save themselves the time and energy that would be needed to ensure their data infrastructures follow the new EU law.

Reduced Storage Needs

Another large benefit of cloud solutions is the reduced need for space. Traditional filing systems included filing cabinets and, typically, an off-premise third party storage provider. This infrastructure, while solid, was easily impacted by lost or missing information, in addition to piling up sizeable annual costs – even for smaller legal firms.

Switching to a cloud solution relegates the majority of data, especially archived cases, to digital only, freeing up space and eliminating third party storage costs.

Even on-premise, digital storage requires devoting a room to servers and other hardware_Afinety, Inc.Even on-premise digital storage involves devoting a room to servers and other hardware.

Secure Data That Is Readily Available

However, space saving is not the primary reason to digitize confidential information. As the American Bar Association pointed out, cloud platforms offer a variety of benefits including improved mobility and, more importantly, data security. The vast majority of cloud solutions are designed to be transparent, letting administrators keep an eye on each aspect of the system. This reduces the time needed to detect malicious data breaches, allowing the cloud security to crack down on the problem before it is severe.

Most cloud software builds in automated responses, working to close breaches as soon as they’re detected. Storing data on the cloud also allows it to be encrypted and stored behind multiple levels of authentication, including at least one password. In addition, cloud infrastructures tend to utilize the principle of least privilege. This means that the average user has their permissions restricted to only the files they need. Doing this lowers the risk of accidental change and makes it so that, if a cybercriminal gains access to an account, the whole system does not have a chance of being compromised.

As digital laws continue to shift in response to the GDPR and other regulations, expect even more legal firms to adopt cloud platforms. A modern world calls for innovative solutions.

Cybersecurity Costs: Why Legal Firms Should Adopt Cloud Solutions


Every week brings a new headline about cybersecurity, or rather the data breach that has occurred because company X was hacked by cyberattack Y. Ransomware, malware, distributed denial of service, phishing – each week it’s a new culprit and a different victim. The news can be intimidating. Many of the companies being hardest hit have resources and reputations.

This creates the idea that cyberattacks are all powerful, disruptive forces that can strike anywhere at any time, rather like lightning in a storm. However, just like lightning, cyberattacks have safeguards. They can be guarded against by taking precautionary steps, many legal firms are simply dragging their feet when it comes to putting up the metaphorical lightning rod.

The Current State Of Law Firm Cybersecurity

Data from a LogicForce report confirms that many legal firms are not doing enough when it comes to matters of cybersecurity. Unlike certain industries, law offices have specific standards set on data governance and information security. The penalties for violating said regulations are severe, including loss of license and income.
Nevertheless, the LogicForce report found that only 5 percent of law firms were compliant with their own cybersecurity and data retention policies. In fact, the overwhelming majority – 77 percent – hadn’t even formed concrete cybersecurity protocols.

This slowness when handling such vital matters is not only dangerous but potentially costly.  Studies found that SMBs are paying roughly $117,000 per data breach incident. Larger companies can expect each cyberattack to cost over $1 million.

LogicForce data concluded that cybercriminals have no rhyme or reason when it comes to determining which firms they target. Large or small, wealthy or new – every law firm is at risk and cannot afford to delay cybersecurity policies. Cybercrime is not like its traditional counterpart. The infiltration does not need to be designed to a specific building blueprint or staff makeup. Part of what makes cybersecurity such a pressing issue is a hacker’s ability to target multiple businesses in different industries and locations simultaneously.

While every law firm LogicForce surveyed was targeted for classified client data, only 60 percent were even aware they’d been breached. Cybercrime does damage over time. The longer a malicious third party has access to data, the more files they can access. Organizations that can detect a breach within its first day can drastically limit the damage being done.

Cybercriminals can target multiple servers and networks simultaneously_Afinety, Inc.Cybercriminals can target multiple servers and networks simultaneously.

How Cloud Solutions Can Help

Many legal firms can feel powerless when it comes to cybersecurity. It can feel like this specialized new form of protection demands either mass resources or a talented and trained IT staff. However, law offices do not need to combat cybercrime on their own.
Part of the reason cloud solutions like Afinety Cloud Platform have become popular is due to their increased cybersecurity abilities.  Multifactor authentication, data encryption and email protection are ways in which firm can protect themselves from breaches.  Many cloud solutions are designed with detection tools to watch for attempted data breaches. For example, Afinety’s anti-intrusion service successfully blocked a total of 6,931 breach attempts and 1,152 would-be virus attacks on our clients’ networks all within the month of April of this year!

Law offices clearly need help with their cybersecurity efforts and cloud solutions can provide that crucial aid.

5 Tips For Developing A Paperless Law Firm


Efficiently, Securely And Successfully Operate A Paperless Law Practice

Most of the work we do today is done on the computer, but that doesn’t mean paper has gone away. Many organizations still rely on paper for internal processes, external contracts and billing procedures.

Shifting to a paperless office is not only good for the environment, but also for business. Cloud-based, digital solutions can improve productivity, control costs, and reduce office redundancies.

Here are six ways to transition your law office away from paper:

1. Convert Existing Paper Documents Into Digital

It’s hard to go digital if most of your existing documents are in paper form. Therefore, one of the first steps toward a truly paperless office is to digitize those existing assets. Depending on the amount of documents currently housed at your offices, you may decide to take on this task yourself, or outsource it to a vendor. Similarly, you can encourage your staff to digitize their personal documents via an app. There are a number of apps that can use a smartphone’s built-in camera to capture crisp, clear images of documents.

2. Invest In Collaboration Solutions

One of the primary benefits of a paperless office is the boost in productive collaboration that you can expect to see. Cloud-based collaboration solutions make it easy for personnel to access and edit documents from any device, at any time. In fact, some solutions make it possible to “check out” documents so that multiple stakeholders can work on the project without worrying about overwriting each others’ work. When considering collaboration suites, choose a solution with ample security protection.

The cloud securely makes your documents available from any authorized device_Afinety, IncThe cloud makes your documents available from any authorized device.

3. Store Everything In A Secure Cloud

When your law office handles confidential information, it’s your responsibility to make sure it stays that way. Cloud solutions can provide multiple levels of security, ensuring that the only people who see your documents are those with the authority to do so.

Security is especially important during the transport of documents. A cloud solution eliminates many of the threats inherent in transporting paper documents because the data never actually moves from the cloud. A secure cloud will ensure that your confidential information remains closed off from prying eyes.

4. Incentivize Paperless Productivity

Creating a paperless law office requires the buy-in of all stakeholders. To incentivize the shift toward digital documentation, you’ll need to ensure that your digital solutions are capable of not only replacing paper, but also developing increased technology. To be sure, the environmental impact of paper is an important reason for making the switch, but your firm should see other benefits as well.

As you transition away from paper to cloud solutions, make sure everyone understands why the office is making the switch. Transparent lines of communication will help everyone get on the same (digital) page.

5. Consider E-Billing And E-Signatures

Contracts and bills are two areas where paper still remains a part of the modern law office. And yet, many intuitive cloud solutions exist for these important aspects of the business. Plus, many professionals prefer the benefits offered by paperless solutions. In fact, a survey from found that 78 percent of millennial business owners prefer paperless bills over the traditional method.

When all of these processes have shifted to a digital medium, you’re office will be in a better position to track all kinds of new metrics, allowing for further improvements down the line. Though it’s hard to track signature requests in paper form, doing so for e-signatures takes a matter of seconds.

Cloud solutions can eliminate the need for excessive paper documentation at any law office. To lean more about how to leverage the cloud at at your firm, visit today.

Law Firm Cloud Security Threats To Look Out For In 2018


Each new year brings with it a new set of challenges for businesses to overcome.

This is the case for law firms implementing or hoping to adopt cloud technologies. Cloud systems offer companies abundant opportunities to advance their capabilities and reach new heights; however, these systems come with their own inherent security risks as well.

As the technology continues to develop, so too does the need for law firms to protect themselves from malicious actors and other lapses in cloud safety. Here are some of the top cloud security concerns companies should be prepared for in 2018.

Secure Your Law Office IT & Cloud Network To Prevent Cyber Security Threats_Afinety, Inc.Data security is tied to the inherent strength of a company’s API infrastructure.

Where Is Cyber Security Accountability?

“Ransomware damages for 2017 are expected to surpass $5 billion.”

Companies adopting the cloud often think that the responsibilities of data protection fall to the provider when in reality this job belongs to the customer using the provided cloud system.

“We are in a cloud security transition period in which focus is shifting from the provider to the customer,” said, Jay Heiser, vice president and cloud security lead at Gartner, Inc., to cybersecurity publication CSO Online. “Enterprises are learning that huge amounts of time spent trying to figure out if any particular cloud service provider is ‘secure’ or not has virtually no payback.”

Cloud providers are generally not required to protect customer information or workloads in manners that exceed the terms of the service level agreement. Meaning anything not covered within the agreement is left to the customer to safeguard.

Companies should study their provider’s shared responsibility model to determine what additional protections they may need to employ.

Ransomware Attacks On Business

Ransomware is a type of malware that when activated, locks the affected computer or system’s files with a powerful encryption. The ransomers then demand the victim pay a fee to decrypt their data or lose if permanently. According to the MIT Technology Review, companies often pay the ransom, especially if the inaccessible data was not backed up. Cases of the malicious attack have been growing over recent years.

“In 2016, an average of 40 percent of spam emails contained malware links to ransomware, an increase of 6,000 percent over 2015, when less than one percent contained ransomware,” said Marc van Zadelhoff, general manager for IBM Security, to Cyber Security Ventures.

Ransomware damages for 2017 are expected to surpass $5 billion. MIT Technology Review stated smaller companies could be a big target in 2018 because even a modest compromise of data could potentially lead to a significant payout for hackers.

“Ransomware doesn’t discriminate” said Robert Herjavec, founder and CEO of Herjavec Group, an international information security and advisory firm, to Cyber Security Ventures. “Hackers aren’t just after financial information anymore, it’s personal. We’ve seen movies held captive, healthcare data, financial data. Data is being used as a weapon.”

Law firms host particularly sensitive data, so extreme care should be taken to ensure it’s safe from exploitation. Companies can protect themselves from ransomware by training employees on malware detection, implementing efficient anti-malware protections and undergoing frequent data backups.

Application Programming Interface Weaknesses

Based on a report from the Cloud Security Alliance, CSO stated vulnerabilities within a company’s application programming interfaces, or APIs, can expose them to a potential data breach or cyberattack.

APIs are services that can connect cloud service provider functions with that of the company. A business may use an API to manage, provision and protect data, then transmit chunks of information to the cloud service’s storage banks. Human errors such as the mismanagement of API configurations, access by unqualified or unauthorized staff and failure to encrypt data are all possible through a faulty interface.

If flaws exist in the API it can put the security of the overall cloud platform at risk, thus making the two systems heavily dependent on one another.

API inefficiencies can be avoided with persistent management from developers and operations teams. Vulnerability scans, reporting, patching and configurations enforcement can all keep company APIs secure and prevent susceptibility to unwanted action.

Afinety has been helping law firm succeed for many years. The Afinety Cloud Platform utilizes Amazon Web Services, one of the world’s most used and adaptable cloud systems. Contact us today for more information.

How law firms can ensure confidentiality in the cloud [Video]

How The Cloud Provides Law Practice Confidentiality

Law firm clients expect their attorneys to maintain confidentiality when processing, storing and transmitting data within cloud environments. Legal professionals can uphold these demands in a few easy ways.

Federal and industry regulations contain specific steps to secure information. Personally identifiable data must be protected with sophisticated security strategies like encryption and two-factor authentication. Using these tools together will help ensure that unauthorized users cannot access sensitive files.

Cloud providers are constantly improving their protection measures to meet safety and governance needs. At Afinety, we configure the cloud environment to mitigate law firm pain points and meet your confidentiality standards. Stay tuned with Afinety to learn more about how law firms can utilize the cloud.