My Four Favorite Charts from the ILTA 2022 Technology Survey

The International Legal Technology Association’s 2022 survey is a broad treasure trove of data reported from 541 law firms.

There are 11 major topics including Infrastructure, Document Management, Practice Management, and Business Continuity.

My focus is on four of the twenty-seven questions surveyed in the Security section.

  1. Password Management
ILTA 2022 Technology Survey

Password managers are one of the most highly recommended solutions for security. They help with: using complex passwords, deterring repeat usage of passwords, and providing secure storage for passwords. There is a learning curve to using a password manager, but once I got up to speed, I wondered how I would live without it. We have so many passwords to juggle these days. I am surprised that 50% of respondents are not providing a password manager.

2. Multi-factor Authentication

ILTA 2022 Technology Survey

Perhaps the single most recommended security mitigation is multi-factor authentication (MFA). Here we see Duo Security (a Cisco company) is the leader at 45%. There are three Microsoft solutions listed which total 27%.

In legal tech, it’s notable when a third-party solution is more widely adopted than a Microsoft solution as most law firms operate on the Microsoft stack.

3. What do You Secure with MFA?

ILTA 2022 Technology Survey

The largest response is VPN/Remote Access (not exactly the same thing to me). Then Office 365. It’s very good to see high adoption of MFA for these widely used applications.

4. Which Phishing, Vishing, Social Engineering, or Security Awareness Program?

ILTA 2022 Technology Survey

KnowBe4 is the stand-out at 62%. Others used are Mimecast, Traveling Coaches, Proofpoint, managed service providers, and solutions developed in-house. Only 7% reported “None.” As phishing and social engineering are the cause of about 90% of exploits, law firms are wise to have these programs in place.

You may access the full data-rich report or the executive report from ILTA. Here is the download page.

-Maureen

The Modern Lawyer Report from Above the Law and Litera

How Technology, Mobile Devices, and AI Are Shaping the Legal Industry in 2022

In February of 2022, Above the Law interviewed 500 attorneys on their views on technology, mobile devices, artificial intelligence (AI), and more. Of those 500, Associates made up 32%, Partners were 26%, and in-house counsel were over 12%. Above the Law and Litera have published their findings in The Modern Lawyer Report.

Over 58% over these lawyers consider themselves to be slightly ahead of the curve or a trendsetter in terms of use of technology. The lawyers who agreed to participate in this technology survey appear to be more tech-savvy than the general lawyer population.

Above the Law / Litera

Mobile Device Usage

Roughly 57% of attorneys reported that they can do “many things” or “everything” on mobile devices. From our vantage point this seems high, but consider the point above, that the majority of the attorneys who responded self-report that they are ahead of the curve in using technology. From our view of law firms, the third option, “I can follow email on mobile but that’s about it,” is the the common state of the art in law firms today.

Above the Law / Litera

Document review and approval is certainly the greatest need which attorneys and legal professionals have on mobile devices. Our clients tell us that the ability to review, annotate, compare, sign, and email documents in order to have complete workflows is their goal.

Above the Law / Litera

What is delaying mobile device adoption?

The report cities, “One partner stated, “My vision is too poor to work on such small screens,” while an in-house respondent noted that “security risks preclude the ethical use of mobile for most legal tasks.”

Artificial Intelligence

Artificial Intelligence or AI is a somewhat amorphous term, granted. Over 60% of these advanced technology users consider AI to be valuable to business success in legal services.

Above the Law / Litera

One of the conclusions of The Modern Lawyer Report is that, especially with respect to mobile devices and artificial intelligence, lawyers are not taking advantage of technology’s full capabilities. There is plenty of opportunity for them to adopt these technologies further.

Update: Here is a link to register and download the report from Litera.

If you have questions or comments, I’d like to hear from you. Write to: contact at mobilehelix dot com

-Maureen

Maureen Blando is the President and COO of Mobile Helix, the makers of the LINK encrypted app for lawyers. LINK provides simple workflows for Document Management and Email in a single, secure app. Note: the LINK App offers font sizes up to XXL. (See above. for relevance.)

Meet LINK: The Easy Way To Handle All Your Document Workflows On Your Mobile Device In A Single App

By Stephanie Wilkins

From Above the Law, a new product profile on our LINK app.

Here’s an excerpt:

Do Everything, Everywhere With LINK

When you think about the tools you use most in your day-to-day work, your document management system (DMS) and Outlook are probably at the top of the list. Working in both on your mobile device, though, has historically been a huge struggle, if not impossible. LINK brings them together in a single, secure, easy-to-use app.

LINK is designed to support the workflows attorneys use all day, every day. The app works with today’s most popular mobile devices – iPhones, iPads, and Android phones and tablets – and supports the three leading document management systems, iManage Work®, NetDocuments, and eDocs by OpenText.

LINK for Smartphones and Tablets

LINK is solving the pervasive problem of lawyers being unable to adequately work on their mobile devices. With LINK, lawyers can fully access their documents, compare them, mark them up, edit them, email them, and more, as easily and securely as they can on a computer.

Read the full profile here.

Questions? Write to us at: contact at mobilehelix dot com.

-Maureen

What is the LINK App? Find out in 112 seconds.

In this short video, view the major features of our encrypted LINK app.

LINK is integrated with iManage, NetDocuments, and eDocs DMS as well as Outlook and SharePoint. LINK enables essential workflows in a single app. Review, annotate, compare, and email files. Edit securely with the Word App.

Want to learn more? Email us at: contact at mobilehelix dot com.

-Maureen

Don’t Miss: Thomson Reuters 2022 Report on the State of the Legal Market

It was this time last year when began to learn how profitable law firms had been in the first year of the pandemic. That profitability cast a completely different light on the historical law firm pressure to work long hours in the office.

Therefore, I looked forward to this year’s Thomson Reuters report. There are many terrific charts in the report. Below I’ll highlight three charts, mainly to encourage you to read the entire report. You can find the report here.

Profit Per Equity Partner Growth

This could be called “The Money Chart” in the legal market, growth in Profit Per Equity Partner (PPEP). Growth in 2021 was quite healthy, even compared to the robust growth in 2020. Mid-sized firms lead with 22.4% rolling 12-month growth.

Lawyer Turnover Analysis

The strong demand in legal services lead to the high turnover rate, especially amongst associates. The associate turnover rate for all firms reached 23.2% across all firms. For Am Law 100 firms the turnover rate hit 23.7%. See the report for a chart which breaks this out by firm size.

Associate Compensation Growth

For Big Law firms “facing the retention crisis,” there was nowhere to go but up. Associate compensation rose by over 15% in the Am Law 100.

There is so much more in this report, including:

  • Lawyer head count growth
  • Hours worked per lawyer
  • Expense growth and overhead detail (recruiting, staff compensation, KM, and technology lead)
  • Demand growth by practice

The report navigates “managing the way back” and lists specific, actionable recommendations. A new, essential approach for law firms: “flexibility.”

I encourage you to download the “Thomson Reuters Institute and Georgetown University Law Center on Ethics and the Legal Profession: 2022 State of the Legal Market Report.

In case you are wondering, I am not associated with either entity. I like data and thought that many of you would find this data interesting, too.

-Maureen

🔥 Legal Tech: Tracking 12 Months of IPOs and Funding Rounds

A post by Artificial Lawyer provides a clear summary of the trend in the first half of 2021, “Legal Tech Funding Hits $1.4BN, While M&A Soars.” Here, James Goodnow writes about “The Insider’s View On Legaltech VC Funding,” with some salient funding insights from Kira CEO and co-founder, Noah Waisberg. Kira was recently acquired by Litera.

But the reality is that investments are clipping along at fast pace. It’s hard to keep up. I could not find a post which captured the current rounds, so I created a spreadsheet of the past 12 months of legal tech IPOs and funding rounds (Series A and higher). I’m not claiming that it is comprehensive. I’m sure that I’ve missed a few. If you have any to add or any corrections to offer, please let me know via: contact at mobilehelix dot com.

Legal Tech iPOs and Funding Rounds - 12 Months, 2021-November

On November 23, 2021, transcription company Verbit announced that they had closed $250 million in a Series E round that values the company at $2 billion. That’s after raising $157 million in a Series D in June 2021 at over $1 billion valuation, making it one of the first unicorns in legal tech. (To be accurate, Verbit serves more than the legal tech market.)

Also in November, Grammarly, another company with business in legal and beyond, raised $400 million at a valuation of $13 billion. I had to double-check that. Wow. Grammarly has a tool which corrects and improves writing.

Here’s my earlier post on unicorns in legal tech, “We have FOMO in legal tech!”

-Maureen

We have FOMO in legal tech! 🦄

What is FOMO?

Fear Of Missing Out

Today’s legal tech headline:

“Litera secures further investment from Hg”

Terms of the deal were not disclosed. But we know that:

  • May 2019: Hg purchased Litera investment firm K1 Investment Management. At the time Hg Capital Trust stated that as part of the acquisition, it would lead an investment of $39M in Litera.
  • Litera has trebled in size, per CEO, Avaneesh Marwaha.
  • And from the same press release:
  • Litera is approaching more than 1,000 employees across 17 different countries
  • Litera also has gained over 10 times the number of users since Hg first invested, now serving over 15,000 customers
  • Since 2019, Litera has acquired twelve companies.

And there are 🦄 unicorns in legal tech!

November 2021: Everlaw raised a $202M Series D round at a valuation over $2B.

June 2021: Verbit raised $157 million in Series D funding at a valuation of over $1B.

April 2021: Clio raised a $110M Series E round at a valuation of $1.6B.

December 2020: Ironclad raised $100M in Series D funding at more than $950M valuation.

Ah, FOMO…

To quote investor Kjartan Rist on FOMO, “The fear of missing out on the next billion-dollar opportunity is one feeling that never really goes away.

FOMO is nothing new in Silicon Valley VC-land. But it’s new and exciting in the world of what is broadly referred to as “legal tech.” Legal tech has been known for slow adoption and conservative processes, including mainly using software which is deployed on-premises at the law firm or business entity. In many cases this changed with the pandemic. The overnight necessity to support attorneys and staff working from home catalyzed adoption of cloud-hosted software throughout legal.

My short summary of the phenomenon in legal tech:

☁️ Cloud scales = hyper growth potential

💉 Accelerated by the pandemic

⚖️ Legal (law firms, corporate legal) finally accepts Cloud/SaaS

💰 Capital wants in

🙌 Win / Win / Win

There’s more to this story. For example, FOMO leads to frothy valuations.

But for today…

🥳 Congratulations to the unicorns, the parties to M & A, the newly funded, and the rapidly growing companies in #legaltech! It’s an exciting time to be in legal tech.

-Maureen

Clio 2021 Legal Trends Report

Yesterday was the first day of the Clio Cloud Conference 2021. Clio does a fantastic job of wowing the attendees and creating a community of loyal followers.

Every year the don’t-miss speaker is CEO and Founder, Jack Newton. Jack has big visions. And his execution with Clio has been huge. In April of this year, Clio raised a $110M dollar Series E funding with a $1.6B valuation. When Jack speaks, people are eager to hear what Jack is planning next.

Of the many announcements from Clio today, three are:

  1. Clio Payments: Jack Newton says, “…the most frequent point of friction in attorney-client relationships is collections.” Clio Payments is integrated with the Clio cloud-based practice management platform and syncs with accounting platforms, such as Quicken and Xero.
  2. Clio Ventures: Clio will invest in “promising early stage companies and diverse founders” developing for the Clio platform. Clio has acquired a few companies, most recently Lawyaw, a YC-backed legal document automation company, which had been a Clio partner.
  3. Clio 2021 Legal Trends Report: I look forward to this annual report, full of timely data. The PDF is a free download with registration. I highly recommend that you take a look at it.

I’m highlighting a few points which interested me. There is much more in the report.

First Key Take-away: Client expectations have changed

As we saw in the 2020 Legal Trends Report, the pandemic understandably accelerated clients’ willingness to work with a lawyer remotely. With Clio’s annual data collection, they were able to illustrate the change from 2018 to 2021.

The report further digs into this data by stage of engagement and type of remote communication medium.

Second Key Take-away: Remote services are only part of the picture

I’ve yet to see any survey of criteria on choosing a lawyer in which responsiveness was not the top criteria. Here, “Responsiveness to questions” leads “Price transparency” by a hair. No technology, no remote or in-person meeting capability, is likely to surpass the importance of responsiveness.

Third Key Take-away: Growing firms are really growing.

This data mirrors the data which we saw in early 2021 with respect to the blockbuster year that Big Law had in 2020. See the report for a deeper dive, for example, that growing firms are more likely to be using on-line payments, client portals, and CRM.

And there is more fun stuff!

Vicariously, I like to study the hourly rates by state and by practice.

Also, the KPI data on utilization, realization, and collection rates is eye-opening.

You can download the report from Clio here.

I’d like to thank Clio for widely sharing this fascinating data about the legal market each year. They are committed to the legal community.

-Maureen

REvil has struck again. What can we do? Design for explicit access.

At a glance… 

  • Kaseya VSA is used by IT organizations and many Managed Service Providers (MSPs) to track IT assets and to deliver software installations and patches to a network of endpoint nodes.  
  • Over the 4th of July weekend, a ransomware attack perpetrated by the REvil gang and its affiliates was delivered through the Kaseya VSA remote management software.  
  • Each Windows node on the network runs a Kaseya agent, which is responsible for downloading and installing patches and software packages from the VSA server. It is common practice for an MSP to use a single VSA server to manage all of the MSP’s client networks, meaning that one compromised VSA server can create a downstream impact on hundreds of individual businesses. 
  • 1,500 businesses may be effected. 

The fascinating anatomy of the hack 

REvil’s successful hack began with an SQL injection attack against the VSA server. The attacked VSA servers were exposed to the Internet, presumably to allow for remote access to the VSA server by an MSP’s employees. An SQL injection attack was crafted by the hackers to (a) bypass authentication, (b) upload a file, and (c) inject a command to distribute a malicious software patch. This software patch was then dutifully downloaded by Kaseya agents installed on Windows endpoints attached to the compromised VSA server. The technical details of how this was accomplished are explained quite clearly in this article by Sophos

The hack itself is fascinating from a technical perspective in multiple ways. First, an authentication bypass renders an entire stack of security technology (authentication providers and MFA) entirely irrelevant. There is no password guessing or credential stealing involved in this attack. Second, the MSP model where client networks are intermingled in a single VSA instance is inherently dangerous in that a single compromised server (whether it be a via a 0-day exploit or a more traditional stolen credential) can spread malicious software across many disparate organizations, geographies, and networks. Third, it is perturbing that a piece of software like the VSA server was directly exposed to the Internet. The lack of any intervening, independent authentication (e.g., a VPN or IIS authentication using certificates or Kerberos) places an inordinate amount of trust in the security architecture of a single piece of software (the VSA server). 

In general, the best way to mitigate hacks of all varieties is to apply a few principles: 

  1. Keep independent networks as separate as possible, and always require authentication to move between them. 
  1. Authenticate users and devices in layers that rely on disparate software stacks. Software is built by humans, and humans make mistakes that cause security vulnerabilities. Using independent software stacks to layer together multiple forms of authentication ensures that a hacker has to find multiple, independent mistakes that are exploitable in conjunction. 
  1. Because there is still no perfect way to prevent endpoint attacks from happening, effective endpoint protection is essential. The Kaseya exploit relied on anti-virus exceptions on the endpoint to allow a malicious file to be downloaded, decoded into an executable, and run via a shell command. This malicious executable then executed a side loading attack to actually launch the encryption process. Effective anomaly detection could have shut down the encrypting process before it got too far, and an alternative approach to using an anti-virus exception would have stopped the attack when it tried to execute the downloaded executable. 

A collective reconsideration of how we protect networks and endpoints is overdue 

This latest attack from REvil confirms the obvious – the business of ransomware is here to stay. Whether it is REvil, a spinoff from REvil, or an entirely new organization that is inspired by REvil’s success, a collective reconsideration of how we protect networks and endpoints is overdue. It has become standard practice to disable security software in order to enable functionality, rather than demanding the opposite – that software declare its intended behaviors in order to enable security software to detect anomalous behavior. 

A system of specific access vs. access to the entire network 

Our LINK system is architected with this last principle in mind. Rather than assume that all mobile devices need access to the company network (e.g., via VPN), LINK assumes that only a small number of applications and data repositories should be mobilized. To configure LINK, IT specifies exactly what intranet applications, email servers, and file repositories (Document Management Systems, One Drive, SMB shares, etc.) should be accessible from a mobile device, and this specification is role-based so that IT can take a pessimistic approach to mobile access (i.e., you can’t access anything unless permission is explicitly granted to you). LINK also uses multiple, independent layers of authentication – SSL certificates to authenticate the device, then traditional password-based authentication if the SSL authentication succeeds. Finally, each LINK installation acts as its own certificate authority for the purposes of SSL authentication. Hence, stealing a certificate for one installation does not grant access to any other installations. 

As we expand LINK beyond mobile, our goal is to promote a different approach to endpoint computing. This approach starts with the idea that users, applications and data need to be integrated explicitly, rather than implicitly. This creates a work environment that is easily encapsulated, encrypted, and protected with limited entry points and exit points to move data in and out of this environment. While no approach is perfect, the more explicit we are about how users, applications, and data interact, the better chance we have to stop the ransomware business before it expands any further. 

-Seth Hallem, CEO & Co-founder, Mobile Helix

Word App Editing Just Got Easier for Lawyers with LINK

We have developed several editing workflows using the Word app over the years. Our newest one is the easiest one which we have seen anywhere. This is in part because our LINK app securely integrates your Document Management System and Email with the Word app. Therefore, you can choose to edit a file from DMS or an email attachment and it will open directly in Word.

Take a look at our 2 minute, 44 second video to see this workflow.

Here’s what you don’t have to do in our workflow:

  1. No need to copy the file in the Word app. LINK encrypts the file and moves it to Word.
  2. No need to save the file as .docx in the Word file. LINK converts .doc to .docx for you.
  3. No need to delete the file from the Word app after editing. LINK deletes it.

This video shows how straightforward it is to edit from LINK with the Word app.

LINK is integrated with iManage Work® 10, on-prem and in the Cloud; NetDocuments DMS; OneDrive; Network File Shares; and OpenText eDocs is in development. LINK is also integrated with Microsoft Exchange, therefore, you have your Outlook Email, Contacts, Calendar, Tasks, and Notes within the LINK App.

If your attorneys are looking for a simple way to edit files in DMS or in Outlook email with the Word app, email me. We are happy to show you a demo of this workflow.

-Maureen

contact @ mobilehelix dot com