Biscom Delivery Server

Video Run Time – 2:26

Law firms face the daily task of protecting themselves and their clients from breaches of confidential data that could lead to noncompliance with government regulations, large fines, damaged reputations, and loss of business. What some firms are not aware of is that the most ordinary tools and practices – from emails to software configurations – can open a legal organization up to breaches.

Biscom is hosting a webinar on the issue of law firm security and the hidden dangers that lurk within firms. Our Legal Practice Director, Charlie Magliato, will be joined by Jeffrey Brandt, Editor of the Pinhawk Law Technology Daily Digest and noted legal technology thought leader. They will discuss the vulnerabilities posed by the proliferation of mobile devices, the consumerization of technology and cloud computing.  In addition, they will also talk about the following which can be helpful to a law firm as they assess their security program:

• High-profile data breaches  - law firms are no longer immune.
• Culture and technology pressures that contribute to increased risks
• The increasing demands of both national and state government regulations
• How  employees, clients and vendors  contribute to data breaches
• Current and emerging security best practices

Webinar Details:

Date: Wednesday, January 25, 2012

Time: 12:00 pm – 1:00 pm EST

Register Now

During the past quarter, I’ve had the privilege of hosting a series of ILTA roadshows focused on security issues around file transfers. The roadshows – held in Boston, New York and DC – typically welcome around 20 IT professionals each from multiple law firms. The intimate size helps us all to have frank discussions about what keeps IT up at night.

On the forefront: Breaching client confidentiality and regulations.

Beyond the obvious dread of jeopardizing a law firm’s reputation and opening it up for massive fines, there’s a personal take as well. IT leaders are realizing that they are responsible for technology safeguards that protect client data and comply with federal and state data privacy regulations.

The Culprits: Email and FTP Sites

Two methods of potentially risky file transfer kept surfacing during our conversations: Email and FTP sites.

The attendees expressed concern that there seems to be little regard from attorneys and staff when  it comes to potential security breaches caused by using email and unsecured FTP sites  to transfer client documents and files.

It is almost like the proverbial Sword of Damocles is hanging over legal IT’s head. IT is only one wrong click or FTP error away from heavy fines and potential damage to law firms’ reputations.

Revenge of the Large Email Attachments

The 2010 ILTA member technology purchasing survey identified email management as the biggest issue facing legal IT for the third year running and the roadshow attendees verified that the ever-increasing size of email attachments is a growing support issue.

Is this scenario familiar?

An attorney tries to attach a 50 MB+ PDF to an email addressed to a client.  If the email is lucky enough to traverse the firm’s exchange gateway, there is a good chance it will get bounced back due to recipient email size limitations.  The attorney then receives an undeliverable message (sometimes not until the next day) and contacts IT for help.  Cue the IT support drama!

Would you believe that one of the most popular remedies is to break up a large file into multiple smaller files and then send multiple email messages?  This is a quick fix, yes, but doesn’t speak to a law firm’s technical prowess.

And Don’t Even Start us on FTPs

Another common option is for IT to erect an FTP site. After a communal groan, the attendees agreed FTP sites are often difficult to use, challenging to secure and an overall pain in the neck.

What do you think?

Does your law firm face challenges when transferring large files?  What do you think are the leading security issues around this?

Leave a comment below so we can continue the conversation.

Coming to a City Near You

ILTA is planning more roadshows for Biscom so hopefully I’ll be in your neck of the woods soon.  Feel free to reach out to me at cmagliato at biscom.com if you have a specific city in mind you’d like to see us in. I will keep you posted.

Healthcare IT News just published an interview with Mark Haas, associate director of health information services at Mass General Hospital, one of the premier hospitals in the world. Mark discusses how MGH implemented Biscom Delivery Server to more than double the number of release of information (ROI) requests they can handle with the same staffing. MGH is now handling 52,000 releases per year with the help of BDS.

Another interesting statistic – MGH has reduced their costs for providing these medical records to insurance companies, law firms, and others who request them from $16.08/request down to $5.61 – a 65% savings. MGH also benefits by using BDS to comply with meaningful use objectives.

To see the full case study on MGH, go here.

Lora Bentley from IT Business Edge asked a smattering of people for their opinion on privacy — whether it’s alive or dead. I started thinking about this and to me, privacy is what we make of it — we can choose whether we keep our lives private (as much as it’s possible to do these days) or open ourselves up to the online world. To me, privacy is both alive and dead, and we’re ultimately responsible for it. That’s when a vision of Schrodinger’s cat popped into my mind — pretty esoteric reference to those who did not take quantum mechanics in college, but what can I say, I’m a bit of a nerd.

I also remembered an article that came out not too long ago about some teen who killer her boyfriend because she was drinking and driving. Not only was this a horrible event, for which the girl was going to be charged as a minor (she was only 17), but she posted a picture of herself on Facebook titled “Drunk in Florida” a month later. The judge caught wind of this and changed his decision, denied her youthful offender status, and instead charged her as an adult. Now, this girl, in my opinion, did not choose wisely regarding her online privacy. However, it was her choice. How much of ourselves we put out there is really up to us.

I don’t subscribe to the idea of complete privacy, because these days that’s pretty hard to do (who doesn’t buy an occasional something from Amazon?) However, we do need to be judicious. And of course, when it comes to obeying the law (e.g. HIPAA, SOX, GLBA, etc.), we should also be aware of the consequences if we don’t protect confidential or sensitive information.