My Four Favorite Charts from the ILTA 2022 Technology Survey

The International Legal Technology Association’s 2022 survey is a broad treasure trove of data reported from 541 law firms.

There are 11 major topics including Infrastructure, Document Management, Practice Management, and Business Continuity.

My focus is on four of the twenty-seven questions surveyed in the Security section.

  1. Password Management
ILTA 2022 Technology Survey

Password managers are one of the most highly recommended solutions for security. They help with: using complex passwords, deterring repeat usage of passwords, and providing secure storage for passwords. There is a learning curve to using a password manager, but once I got up to speed, I wondered how I would live without it. We have so many passwords to juggle these days. I am surprised that 50% of respondents are not providing a password manager.

2. Multi-factor Authentication

ILTA 2022 Technology Survey

Perhaps the single most recommended security mitigation is multi-factor authentication (MFA). Here we see Duo Security (a Cisco company) is the leader at 45%. There are three Microsoft solutions listed which total 27%.

In legal tech, it’s notable when a third-party solution is more widely adopted than a Microsoft solution as most law firms operate on the Microsoft stack.

3. What do You Secure with MFA?

ILTA 2022 Technology Survey

The largest response is VPN/Remote Access. Then Office 365. It’s very good to see high adoption of MFA for these widely used applications.

4. Which Phishing, Vishing, Social Engineering, or Security Awareness Program?

ILTA 2022 Technology Survey

KnowBe4 is the stand-out at 62%. Others used are Mimecast, Traveling Coaches, Proofpoint, managed service providers, and solutions developed in-house. Only 7% reported “None.” As phishing and social engineering are the cause of about 90% of exploits, law firms are wise to have these programs in place.

You may access the full data-rich report or the executive report from ILTA. Here is the download page.

-Maureen

The Modern Lawyer Report from Above the Law and Litera

How Technology, Mobile Devices, and AI Are Shaping the Legal Industry in 2022

In February of 2022, Above the Law interviewed 500 attorneys on their views on technology, mobile devices, artificial intelligence (AI), and more. Of those 500, Associates made up 32%, Partners were 26%, and in-house counsel were over 12%. Above the Law and Litera have published their findings in The Modern Lawyer Report.

Over 58% over these lawyers consider themselves to be slightly ahead of the curve or a trendsetter in terms of use of technology. The lawyers who agreed to participate in this technology survey appear to be more tech-savvy than the general lawyer population.

Above the Law / Litera

Mobile Device Usage

Roughly 57% of attorneys reported that they can do “many things” or “everything” on mobile devices. From our vantage point this seems high, but consider the point above, that the majority of the attorneys who responded self-report that they are ahead of the curve in using technology. From our view of law firms, the third option, “I can follow email on mobile but that’s about it,” is the the common state of the art in law firms today.

Above the Law / Litera

Document review and approval is certainly the greatest need which attorneys and legal professionals have on mobile devices. Our clients tell us that the ability to review, annotate, compare, sign, and email documents in order to have complete workflows is their goal.

Above the Law / Litera

What is delaying mobile device adoption?

The report cities, “One partner stated, “My vision is too poor to work on such small screens,” while an in-house respondent noted that “security risks preclude the ethical use of mobile for most legal tasks.”

Artificial Intelligence

Artificial Intelligence or AI is a somewhat amorphous term, granted. Over 60% of these advanced technology users consider AI to be valuable to business success in legal services.

Above the Law / Litera

One of the conclusions of The Modern Lawyer Report is that, especially with respect to mobile devices and artificial intelligence, lawyers are not taking advantage of technology’s full capabilities. There is plenty of opportunity for them to adopt these technologies further.

Update: Here is a link to register and download the report from Litera.

If you have questions or comments, I’d like to hear from you. Write to: contact at mobilehelix dot com

-Maureen

Maureen Blando is the President and COO of Mobile Helix, the makers of the LINK encrypted app for lawyers. LINK provides simple workflows for Document Management and Email in a single, secure app. Note: the LINK App offers font sizes up to XXL. (See above. for relevance.)

Meet LINK: The Easy Way To Handle All Your Document Workflows On Your Mobile Device In A Single App

By Stephanie Wilkins

From Above the Law, a new product profile on our LINK app.

Here’s an excerpt:

Do Everything, Everywhere With LINK

When you think about the tools you use most in your day-to-day work, your document management system (DMS) and Outlook are probably at the top of the list. Working in both on your mobile device, though, has historically been a huge struggle, if not impossible. LINK brings them together in a single, secure, easy-to-use app.

LINK is designed to support the workflows attorneys use all day, every day. The app works with today’s most popular mobile devices – iPhones, iPads, and Android phones and tablets – and supports the three leading document management systems, iManage Work®, NetDocuments, and eDocs by OpenText.

LINK for Smartphones and Tablets

LINK is solving the pervasive problem of lawyers being unable to adequately work on their mobile devices. With LINK, lawyers can fully access their documents, compare them, mark them up, edit them, email them, and more, as easily and securely as they can on a computer.

Read the full profile here.

Questions? Write to us at: contact at mobilehelix dot com.

-Maureen

2021. It’s not farewell. Ransomware, Unicorns, Profits, and Work from Home

While we may be happy to wave au revoir to 2021, one midnight does not change world circumstances. I think that the following four trends that are not likely to go away in 2022.

  1. Our most popular blog post in 2021, by a factor of 10, was this post by our CEO, Seth Hallem, on the REvil vulnerability and the ensuing ransomware. Many IT and security people were kept busy over the July 4th weekend with the Kaseya VSA exploit. More law firms and more businesses overall were hit with ransomware than the public is aware of. At the risk of stating the obvious, this will only grow going forward.
  2. Unicorns, IPOs, M & A, and healthy funding rounds were undefeated by the pandemic. We covered the capital infusion in #legaltech here.
  3. Early in 2021, we learned from Thomson Reuters that Big and Mid sized Law had been very profitable in pandemic burdened 2020. Work from home meant more billable hours. Legal IT departments got attorney up and running from home in quite literally a weekend. In early 2021 the question was, would work from home end as quickly as it had begun? The profits lead one to conclude that it would not. The Delta and Omicron variants in 2021 ensured no quick ending.
  4. Finally, in the fall of 2021 companies such as Apple and Big Law firms were gearing up for early January or February 2022 “return to the office” dates. Then Omicron swept through the globe. Now all bets are off for when, and if, companies will return to the office.

Some good, some not so good. Overall, we can be grateful for the healthy demand for legal services and that so much of legal work can be done remotely.

I wish you the best for 2022!

-Maureen

REvil has struck again. What can we do? Design for explicit access.

At a glance… 

  • Kaseya VSA is used by IT organizations and many Managed Service Providers (MSPs) to track IT assets and to deliver software installations and patches to a network of endpoint nodes.  
  • Over the 4th of July weekend, a ransomware attack perpetrated by the REvil gang and its affiliates was delivered through the Kaseya VSA remote management software.  
  • Each Windows node on the network runs a Kaseya agent, which is responsible for downloading and installing patches and software packages from the VSA server. It is common practice for an MSP to use a single VSA server to manage all of the MSP’s client networks, meaning that one compromised VSA server can create a downstream impact on hundreds of individual businesses. 
  • 1,500 businesses may be effected. 

The fascinating anatomy of the hack 

REvil’s successful hack began with an SQL injection attack against the VSA server. The attacked VSA servers were exposed to the Internet, presumably to allow for remote access to the VSA server by an MSP’s employees. An SQL injection attack was crafted by the hackers to (a) bypass authentication, (b) upload a file, and (c) inject a command to distribute a malicious software patch. This software patch was then dutifully downloaded by Kaseya agents installed on Windows endpoints attached to the compromised VSA server. The technical details of how this was accomplished are explained quite clearly in this article by Sophos

The hack itself is fascinating from a technical perspective in multiple ways. First, an authentication bypass renders an entire stack of security technology (authentication providers and MFA) entirely irrelevant. There is no password guessing or credential stealing involved in this attack. Second, the MSP model where client networks are intermingled in a single VSA instance is inherently dangerous in that a single compromised server (whether it be a via a 0-day exploit or a more traditional stolen credential) can spread malicious software across many disparate organizations, geographies, and networks. Third, it is perturbing that a piece of software like the VSA server was directly exposed to the Internet. The lack of any intervening, independent authentication (e.g., a VPN or IIS authentication using certificates or Kerberos) places an inordinate amount of trust in the security architecture of a single piece of software (the VSA server). 

In general, the best way to mitigate hacks of all varieties is to apply a few principles: 

  1. Keep independent networks as separate as possible, and always require authentication to move between them. 
  1. Authenticate users and devices in layers that rely on disparate software stacks. Software is built by humans, and humans make mistakes that cause security vulnerabilities. Using independent software stacks to layer together multiple forms of authentication ensures that a hacker has to find multiple, independent mistakes that are exploitable in conjunction. 
  1. Because there is still no perfect way to prevent endpoint attacks from happening, effective endpoint protection is essential. The Kaseya exploit relied on anti-virus exceptions on the endpoint to allow a malicious file to be downloaded, decoded into an executable, and run via a shell command. This malicious executable then executed a side loading attack to actually launch the encryption process. Effective anomaly detection could have shut down the encrypting process before it got too far, and an alternative approach to using an anti-virus exception would have stopped the attack when it tried to execute the downloaded executable. 

A collective reconsideration of how we protect networks and endpoints is overdue 

This latest attack from REvil confirms the obvious – the business of ransomware is here to stay. Whether it is REvil, a spinoff from REvil, or an entirely new organization that is inspired by REvil’s success, a collective reconsideration of how we protect networks and endpoints is overdue. It has become standard practice to disable security software in order to enable functionality, rather than demanding the opposite – that software declare its intended behaviors in order to enable security software to detect anomalous behavior. 

A system of specific access vs. access to the entire network 

Our LINK system is architected with this last principle in mind. Rather than assume that all mobile devices need access to the company network (e.g., via VPN), LINK assumes that only a small number of applications and data repositories should be mobilized. To configure LINK, IT specifies exactly what intranet applications, email servers, and file repositories (Document Management Systems, One Drive, SMB shares, etc.) should be accessible from a mobile device, and this specification is role-based so that IT can take a pessimistic approach to mobile access (i.e., you can’t access anything unless permission is explicitly granted to you). LINK also uses multiple, independent layers of authentication – SSL certificates to authenticate the device, then traditional password-based authentication if the SSL authentication succeeds. Finally, each LINK installation acts as its own certificate authority for the purposes of SSL authentication. Hence, stealing a certificate for one installation does not grant access to any other installations. 

As we expand LINK beyond mobile, our goal is to promote a different approach to endpoint computing. This approach starts with the idea that users, applications and data need to be integrated explicitly, rather than implicitly. This creates a work environment that is easily encapsulated, encrypted, and protected with limited entry points and exit points to move data in and out of this environment. While no approach is perfect, the more explicit we are about how users, applications, and data interact, the better chance we have to stop the ransomware business before it expands any further. 

-Seth Hallem, CEO & Co-founder, Mobile Helix

Per the Data: Remote Work is Not a Phase in Legal

Is remote work merely a short-term necessity or will it have legs when it is again safe to work in the law firm office? As we head into one full year of remote work, I set out to see if there were data which would substantiate the direction of remote work.

What I learned paints a compelling rationale for remote work continuing. For some people, it might be for only one or two days a week. But the preference for a hybrid work model is clear.

There are two supporting dynamics:

  1. The economics of remote work were positive in 2020. Law firms will likely make changes, for instance in leases, to capitalize on this going forward.
  2. Attorneys made a positive adjustment to working from home and would like to retain some of that flexibility in the future.

In this post, I highlight a few of the interesting data points which I found. You can view and download (no registration) my full slide deck, “Remote Work is Not a Phase in Legal” here.

A key law firm financial metric is Profitability per Equity Partner. The results show that for Big Law and mid-sized law firms profitability grew significantly in the 12 months leading up to November of 2020. In part this was due to law firm rate increases established in December 2019 and to the Paycheck Protection Program (PPP), both on the income side.

Graph Profit per Equity Partner
Profit Per Equity Partner Growth 2019 and 2020

However, on the expense side, it is also due to law firms cutting overhead expenses in all but two categories, technology and Knowledge Management.

Graph Overhead Expense Growth
Overhead Expense Growth by Category 2109 and 2020

Both of the above charts are from a terrific resource, “2021 Report on the State of the Legal Market” by Thomson Reuters and Georgetown Law Center on Ethics and the Legal Profession. This report is chock full of data. I highly recommend reading it if you work in a law firm. And, as good attorneys say, “read the footnotes” for gems. You may also listen to the podcast, “Was the Pandemic a Tipping Point for Law Firms?” which is based on the report. Bob Ambrogi interviewed Jim Jones, Senior Fellow at Georgetown and Director of its Program on Trends in Law Practice. Mr. Jones is a contributor to the report. He adds interesting color to the report findings in this interview.

A funny thing happened while attorneys toiled from home. They appreciated the benefits. The greatest benefit to attorneys and staff is the time gained by not commuting. For time-keepers the extra hours per week can add up to several days per year of additional billable hours plus additional leisure time to boot.

Now 85% of attorneys want to work from home at least one day per week.

Image Remote Work
“Lawyers put in 20 extra work days when working from home,” Legal Cheek, Aishah Hussain, January 8, 2021

Finally, here is an infographic with a few of the more illustrative points regarding remote work in law firms. You may download the Remote Work infographic PDF here.

Remote Work is Not a Phase in Legal infographic

How does this compare to your experience of working from home this past year? What work model would you like to see going forward?

-Maureen

F5 Labs on Phishing in 2020

Last week in my post on Okta’s 2021 Businesses at Work report, I mentioned the F5 Labs 2020 Phishing and Fraud Report. It is cited in the Businesses at Work report for its warning on Office 365. In brief, that warning is that Office 365 is a rich target because if an attacker breaches Office 365, they have access to email and much more, including potentially to SharePoint and OneDrive. F5 Labs warns to use Multi-Factor Authentication (MFA) with Office 365.

The F5 Labs Phishing and Fraud report is full of useful information. It’s a tutorial on phishing, a source of exploit data, and a guide as to how to protect from phishing.

In this post, I share 3 of the many images in the report to tempt you to looking at the full report.

Phishing Incidents Dealt with by F5’s Security Operations Center – F5 Labs

We’ve known for years that phishing is the number one cause of data breaches. F5 Labs estimated, as shown above, that the number of phishing incidents in 2020 was projected to increase by 15% compared with 2019.

Sample Phishing Subject Lines – F5 Labs

As anyone who has an email inbox knows, phishing perpetrators are nothing if not topical. In addition, they prey on fear. These cyber-criminals were quick to capitalize on COVID-19. Starting in March 0f 2020, fear and false information about COVID-19 became a hot subject for phishing, as this list conveys.

Steps in a Phishing Attack – F5 Labs

The report explains financial fraud, deception techniques such as custom URLs, and the trajectory of phishing in the report. It concludes with pragmatic sections on “Protecting the Business” and “Protecting Users.”

F5 Labs also explains financial fraud, deception techniques such as custom URLs, and the trajectory of phishing in the report. Phishing is a challenging problem. It is social engineering. The attackers’ schemes mutate. We humans are the weak link. F5 Labs has useful research here, free tor the reading.

-Maureen

LINK App: New – List All Files

Here is another fantastic feature request from a LINK user.

Sometimes you need a list of every file in a folder or even in a Workspace in iManage Work or NetDocuments DMS. Search may not help as you don’t know exactly what you are looking for. Now in LINK you can create the list, annotate it, then Air Print, email, import to iManage or NetDocuments, or save in LINK to My Files.

To create the list, tap the ellipsis icon to the right of any folder or Workspace. Tap “List All Files.”

The list is displayed.

To annotate, tap the Paper & Pencil icon and mark away.

After annotating, you can use the icons in the lower right to Air Print, email, import to iManage, or save in LINK to My Files. Or, tap the X in the upper left to get a succinct menu with options to import, email, or save to My Files.

Don’t you love it? 🙂

-Maureen

LINK App: New Editor in our 3.8 Release

LINK now has a new rich text editor. We think that you will like the look of the new User Interface. In addition, the new editor provides a much more comprehensive set of editing tools.

New Font & Page Format Tabs

The new editor has four major formatting tabs:

  1. Font Formats, shown above
  2. Page Formats, show above
  3. Insert “+”, for inserting hyperlinks, tables, special characters
  4. Undo

Also, now when Send-and-File is on, the Envelope icon is green. Tap the Envelope icon to toggle Send-and-File on and off per email.

This new editor component is used to:
• Compose emails
• Compose calendar event bodies
• Compose Outlook notes
• Compose Outlook task bodies
• Create HTML notes that are saved directly in a mobilized file system (e.g., DMS or SMB shares)
• Create signatures in email settings

One of the things that I like about our new editor is that its behavior feels a lot like Word. Since we have muscle memory for Word, it’s a natural feel.

Let us know what you think!

-Maureen

LINK App: Add to Favorites & My Matters

New in LINK and by popular demand, you can now:

  1. Add a workspace, folder, or file to Favorites
  2. Add a a workspace to My Matters
My Matters & Favorites Image

Just tap the ellipsis menu to the right of the workspace, folder, or file name.

This 36 second video shows how quick it is to do so.

If you have questions, email us at: contact @ mobilehelix dot com.

-Maureen

Register for our ILTA Webinar on July 20th: Paperless? It’s Easy with the LINK App