Perspectives

Protect Your Network From Your Employees

If your IT company is acting like all threats to your data and to your business’s computers are external, they’re missing the largest threat. Most intrusions into computer networks are made by, or made possible by, employees.

If your IT company isn’t taking steps to protect your network from your employees, while of course in no way blocking or slowing their work, you’ve got the wrong IT company. Not only should your IT company be preventing intrusion via email, regularly finding and removing viruses, and implementing one or more levels of firewall between the Internet and your internal network, but your IT company should also be locking your employees’ computers.

What is locking a computer?

Employees use the same software again and again. They might use as few as four programs. This makes it possible for your IT company to lock their computers to those programs, and a few other known and trusted applications. If your employee inadvertently or deliberately loads in a hostile program, one that might, for example, encrypt your server, snoop out and copy away your information, or log the passwords used by all employees, your IT company should have software resident on that employee’s computer that will prevent this unknown software from running. This is locking a computer.

No one measure can protect your network completely. If your IT company is telling you that they have one piece of software that does the complete job, they’re wrong. Your IT company should be speaking in terms of increasing security, measures that you can take that are almost invisible to your staff but individually give you good protection against intrusion and data theft. Together these measures make it very unlikely that ransomware, data theft, and password logging will succeed.

Call or email us. We understand network security. We’ll send a professional to your office to tell you how secure you are, and more importantly, what vulnerabilities you need to have fixed.

Ransomware on the Rise

Ransomware takes your data from you and charges you to give you back access. Often your data isn’t removed, but encrypted in place, because moving will take too long, even on fast internet connections.

Before they became our customers, a number of business owners walked into their businesses one morning and all of their customer information, all of their solutions to old problems, all of their plans and documents, were encrypted and unavailable to their business. They had an email asking for many thousands of dollars to return access.

Worse, while ransomware attackers often do restore access when paid, sometimes they don’t. No guarantees.

In short, ransomware is a catastrophe to your business, a setback of months, and many thousands of dollars. And paying may not solve the problem.

Ransomware prefers to target small businesses. Small businesses don’t have the same security as large businesses, but small businesses have more money, and more data, than private individuals do. This makes a small business a logical target for ransomware. Since ransomware often enters a network through email, and your employees often open emails, ransomware has an easy time getting into a small business network.

A secure email with a browser add-on that only opens an email if its contents are verified is helpful, but is no guarantee. One or more layers of firewall, preferably monitored, also helps. Monitoring matters because an intrusion may happen weeks or months before the ransomware attack itself. The program inserted into your network or server may move your data or may scout out and bring in the ransomware attack. Monitoring is helpful for noticing that initial intrusion, and the unusual traffic as your network is scouted.

Some businesses think that cloud data is automatically secure from ransomware. It isn’t. While cloud services make every effort to exclude ransomware, they are not immune. You may login to your server on the cloud and discover it encrypted.

Many small businesses have a backup, but don’t update it regularly. Some business don’t even backup every few months. While a three month or six month old backup is better than nothing, using that to recover from ransomware will still be damaging to your business and to your profits.

What can you do?

1) Back up your data, preferably in two locations. Your first location is always local. There must be a drive of sufficient capacity sitting near your server. This is because that data has to be reloaded to your server after the ransomware attack. You must load (potentially) several terabytes of data back onto your server so that your business can resume operation. This can takes days or longer on even a fast internet connection, and these are days in which your business is handicapped.

2) Ensure that every backup has a history of at least a few days, so that if your server is encrypted on a Saturday, that Monday morning your IT company can restore you to Friday evening. A simple backup is great in the case of a lightning strike (if it survives), but may itself be encrypted by the time you discover the ransomware, because it backed up the encrypted data, and didn’t have a history.

3) A remote backup is also necessary. The backup that sits in your server room is subject to many of the same hazards as your server itself. A physical break-in, a fire, an electrical surge of sufficient force, all could be hazardous to both. Remember, the remote backup is neither as fast to reload nor as convenient – it’s best to think of it as the backup of the backup.

Consult us to ensure that your backups are being made automatically, every night, and with a history that will protect the backups themselves from ransomware. Don’t be one of the businesses that lose tens of thousands of dollars to the growing threat of ransomware!

Why you need your office wired and not just on WiFi

The 21st century is a great place to live in. We have bathrooms everywhere, food on every other corner and a vast amount of data accessible all the time at our fingertips. When it comes to internet connectivity there is no doubt that the possibility of staying in touch all the time is a relief, specially without the need for any of those cumbersome wires that are so ugly.

One of the marketing geniuses of our generation is the realization by companies that business owners are also people, what a breakthrough. They have then adapted a sort of “if it works for your home then it should also work for your business” marketing strategy. So, when business grade setups are required and the IT person recommends a wired office, the business owner believes it to be a splurge. After all, if it works for my home it should work for my office, right?

What they are not considering is the fact that when the WiFi system fails, and there is no secondary backup for the internet on the computers, then the entire office is without a connection. This not a problem when the case is the home, since you can just connect to your phone’s service provider and at least Netflix from there. No, in the case of the business you cannot work from your phone, and there is the entire office not having anything to do during billable hours. This is an unnecessary strain for both you and your IT company.

That is why every single office should be wired, and then the WiFi can be used as a secondary source of internet in case the cable fails. But do not hold your breath, cables rarely, if ever, break.

We hope you enjoyed this weekly piece of IT insight! Let us know if you liked it!

Choose a Local IT Company

Hiring an IT company is cheaper and more effective than having an in-house IT person. The IT company works only when there’s work, and has staff at several levels of expertise that are able to address simple printer issues as well as cloud encryption and security concerns.

Which IT company is best for your business? You will benefit from a clear understanding of what your IT company offers. With this understanding you can better choose, and negotiate with, your IT company.

Obviously your IT company must keep your computers (workstations, servers, wifi, printers, etc.) running smoothly. The part that isn’t obvious is whether your IT company is following best practices. Their goal here has to be to minimize your business downtime, and to do this you should be seeing them less, not more. Some easy ways to tell whether your IT company follows these practices include: cabling are labeled and bundled, old stations are replaced before they generate regular failure downtime, and data is secure, protected, and backed up.

Less obviously, your IT company exists to support your staff. Your staff must call your IT company immediately and without hesitation when they encounter any problem that will create downtime for them. Your staff must be familiar with the person they will call, and comfortable that the person they will call wants to help and understands the setup in your office.

Remote IT companies have help desks that answer questions. Your staff will hesitate to call them, and will spend additional time in that call, because the remote IT company has a person on the call who has never been to your office, and most likely has never been within 100 miles of your office. This will consume precious employee time, and will make your employee hesitant to call.

What the remote IT company doesn’t have is a person who regularly visits your office and tries to find problems before they cause you downtime. Isn’t less downtime what you’re paying for? The remote IT company operates on an efficient business model, but it’s efficient for them, not for you.

When comparing a local IT company whose employees visit your company regularly and a remote IT company, understand that the cost to the IT company of those personal visits is large. The IT company makes an investment in your efficiency, and will be more expensive. Don’t compare a remote IT company with a local one that visits your regularly!

Everyone Loves Easy – Why Macs Rule and Fail Your Business

The most common refrain of any user of technology is that a technology should be easy to use.  This is true whether you are the owner of a business, a user on the factory floor, or the IT professional responsible for making technology work.  Everyone – everyone – loves easy.

So, if everyone loves easy, why isn’t technology easy?

“Technology is easy! That’s why I use a Mac.”

Which is a great response.  Macs are super easy.  So, why doesn’t everyone own and use a Mac?

While there may be many answers, I believe the most relevant is that “easy” is defined by context.  The more you define the problem, the more a product or solution can be tailored to those experiences.

Macs do a tremendous job of handling the bulk of what a daily computer user does, but it doesn’t do well outside of that box.

This is about the point in the conversations where most people introduce Microsoft and the whole thing becomes an Apple versus Microsoft showdown.  That isn’t the point of this piece (that’s the point of the Comments section).

Apple versus Microsoft – Not so fast

The bigger picture is that Apple has always prioritized their end user, the person who wants to do some fun stuff at home seamlessly.  Microsoft has always prioritized their end user, the business.  Microsoft makes products that satisfy business needs, not the person and not the person who makes the technology work.

That’s why everyone and every business doesn’t use MacOS.  And that’s why technology isn’t easy.  There comes a time where the context, the problems, of technology aren’t framed around the person, but the business.  Microsoft makes it easy for businesses to audit, manage, and secure devices the world round.  Those things are appealing to businesses, because everyone loves easy.

Sherwood Chamberlain helps businesses to organize and implement technology to achieve specific business goals while supporting the people who use it on daily basis.  If you have questions about how Sherwood Chamberlain can help your business, reach out to us at sales@sherwoodchamberlain.com

Organize Information in Your Law Office by Context

In this article you will learn how to organize information to increase productivity by structuring information in your law firm to be more accessible and accurate.  When implemented correctly, context will help your team to take the next step in a process naturally.  You can take this design further with workflow automation.

A lawyer does not a law firm make

You want to organize your law office to reduce wasted, non-billable hours, close cases faster, improve client satisfaction, and to keep from pulling your hair out.  While you as a lawyer may view your job as devising a case strategy or knowing the law, the first thing you must acknowledge is that your firm is in the information business.  The quicker a lawyer in your firm receives the right information, the better the outcome for you and your clients.  The second thing to acknowledge is that the flow of information is bidirectional.  It occurs 1) from you (the lawyer) to your team or vice versa and 2) from the client to you/your team or vice versa.

Information Gathering

Often times, we find that law firms focus on gathering information almost exclusively from the viewpoint of the assistant or paralegal.  Firms have a fairly well-structured process for the intake of a new client and, generally, manage to collect/request new documents as the case develops.  Paper forms are still, unfortunately, the norm and are later scanned into the system.

The aforementioned examples are process that neatly align with simple triggers and deal with teams that are centrally located.  While having processes for this type of work is essential, it is only half of the equation and completely ignores the bidirectional nature of how information flows in a law office.

Lawyers collect information a variety of ways.  A lawyer will send/receive emails related to the case, make case notes somewhere, record a deposition, log billable hours, and wish a client Happy Birthday.  The result is nearly 50% of documentation isn’t recorded.  This leads to a lot of wasted time.

The overall success of a case, client relationship, and fiscal health of your firm depends on the accurate capture of all information.  Technology can greatly aid you in the accurate capture of information with electronic forms, video recordings, smart tagging, and text-to-speech recordings.  These are specific tools, but they will not organize your law office by themselves.  In the next section, we’ll discuss how to do that.

Policies and Procedures

As you identify the various channels and methods of gathering information, you’ll soon discover that your operational information is divided into four categories:  documents, cases, contacts, and billing.  Each type of information is important to the business to a different degree.  The first step to building a policy that will organize your law office is to identify the relevant compliance requirements of each.  Armed with this knowledge, you can decide on the appropriate procedures and, later, what systems best fit your needs.

It is hugely important that your methodology for identifying, storing, and retrieving information of each kind be thoroughly documented in the simplest language possible.  Even more important, however, is to make sure everyone knows where to find the Policies and Procedures.  A review of its location and the any changes must be completed regularly.  People forget and how people use technology to communicate changes rapidly.  If you do not review the location, purpose, and methods of each information type, your policies will be ignored or age badly.  Your team will begin to do what is easiest for them individually and not what is best for the law firm.  You must audit your policies.

Managing Documents

When most people think about managing documents, they think about their folder structure on a server and, sometimes, a file naming convention.  They’re right, but let’s take a moment to remind ourselves that the goal is to store and retrieve the relevant information quickly.  We must keep that goal clear in our mind as we develop a structure so that it remains simple to understand and navigate.

Let’s imagine you’ve completed a case and sent out an invoice.  You have either sent this invoice through a payment system or via paper(less) billing.  Where does the actual invoice reside?  Is it a document (PDF), is it in the billing system, or do you keep a copy of both?  When a client asks about the invoice via email, where do you save the email conversation?  If a client likes to receive more detailed notes on their invoice, where do you store this information for next time?

Document management is about storing and receiving documents – PDF, Word, and Excel files.  It is not about managing invoices or information on the client.  Those belong within a billing system or a client relationship manager.  There are some document management solutions that offer advanced search to make finding information inside of your email easier.  Your inbox is not a filing cabinet and is not part of document management.

Once you’ve stripped all of these things away, your folder structure becomes a lot more straightforward.  While there are many ways to organize your folders, we find the best way for a law office comes from the American Bar Association’s article on organizing paper files.  You can see how these principles are applied in the modern era using this real-life example of an Immigration practice.

Everyone will prefer something slightly different.  Use the above examples to help structure your own method, but keep it mind that you can’t please everyone in a large firm.  Keeping it simple is far more efficient than a more complex system (or ‘robust’, if you prefer) tailored to the desires of one or two people.  If people don’t understand it, they won’t use it.

Time-tracking / Billing System

You need to know how fiscally healthy your practice is.  A billing system allows you to know this.  No matter the system, the two questions it must answer are, ‘Where is the money going?’ and, ‘Where is the money coming from?’  Billing is a highly predictable process and is easy to automate, so long as the information input into the system is accurate.  The easier the system is to input information into, the more likely that information will be recorded.  Disputes and other notes can be added as attachments inside of most systems.  There is no reason to keep individual copies of files separate from the system.

Client Relationship Management (CRM)

Most new client work will come from existing clients.  Managing the information related to CRM is about leveraging your network for more business.   This kind of information is unlike any other stored by your practice because it’s a function of Sales and Marketing, not case management.

Many small firms have one or two rainmakers that store this information in their heads or make extensive use of the Notes section of their Outlook or Gmail Contacts.  The tool you use is unimportant.  What matters is the quality of the information.  Many CRMs make it easier to store emails by topic or category, record the quality of an interactions, and maintain a list of potential sales leads.

Though outside the scope of this article, it is worth noting that it can be difficult to get rainmakers to buy into using a CRM.  Many see their value to the firm as directly related to the relationship they maintain with the client.  This is all the more reason to acknowledge that this is a type of information that determines the success of your law office.

Case Management or Practice Management Software

As your law office grows and the cases grow in complexity, you’ll find that no matter how well thought-out your original design, it’s gets a bit clunky.  Once you’ve reached this point, you should turn to a Case Management or Practice Management software.  It takes all of the above concepts and fuses them together.  Instead of recording client information in multiple locations, you only record it once and that information is shared across multiple systems.  As a tasks are assigned and completed, forms and notifications will be sent automatically.  Rest assured, the work you’ve done to organize your law office will serve you well.  You cannot make full use of practice management software without a proper understanding of how information flows in your practice.

Putting it all together

Every law office does things a little differently and, often, the firm owner believes this is part of their competitive advantage.  When the firm is small, this is likely true.  The system is superior because its primary user is its creator.  As the law office grows, the systems and structures need to make sense to others who do not have as much insight into the entire process.  Information becomes much more contextually relevant and your systems for identifying, storing, and retrieving the right information quickly must adapt.

Sherwood Chamberlain has helped many law offices in Miami to organize their information so that it is contextually relevant.  The team member does not have to understand the entire design to know how to find and store information.  We reinforce good system design through constant training and policy review.  Once we’ve established a foundation, we introduce workflow automation so that work happens automagically, rain or shine.  If you have additional questions about how to organize the information in your law office to improve operational efficiency on the way to automation, contact us, phone: (888) 967-7768 x2, or leave us a message below.