Law Firm Security Pressures Alleviated With Financial Strategies

We know the consumer-industry stories of hackers infiltrating Target and, more recently, Home Depot:

“Here's the thing about breaking into a multi-billion-dollar company and stealing the credit card information of millions of customers: It's just not that hard.” Mashable.com

Law firms are now at the center of the storm because they store some of their clients' most sensitive business information and are viewed by criminal elements as a less-defended path to that data. Firms must take care to understand and respond to evolving security trends with response strategies.

A growing number of clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.

Some companies are asking law firms to stop putting files on portable thumb drives, e-mailing them to unsecured iPads or working on computers linked to a shared network. In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies.

The vulnerability of American law firms to online attacks is a particular concern to law enforcement agencies because the firms are a rich repository of corporate secrets, business strategies and intellectual property. One concern is the potential for hackers to access information about potential corporate deals before they get announced. Law enforcement has long worried that law firms are not doing enough to guard against intrusions by hackers.

But behind the big headline stories are people, the IT professionals themselves working amongst what may be at times contradictory pressures.

The inaugural 2014 Security Pressures Report from Trustwave, based on a survey of more than 800 IT professionals, reveals the security threats most concerning to these practitioners. One of the main areas of pressures faced by IT professionals is to “do something” but, alas, without the resources, as evidenced in these statistics from the 2014 report:

• 65% of IT pros are pressured to use security products with all of the latest features, despite 1 out of 3 not having the resources to do so effectively.
• More budget, more security skills/expertise and more time to focus on security are the top three items on wish lists for IT pros in 2014.

(The survey is available at http://bit.ly/1u7DZAi.)

It also uncovers the pressures these respondents have faced, are facing and expect to face in regard to confronting these threats. The report exposes from whom these professionals feel the most pressure when attempting to secure their organizations and how they predict pressures will shift in the future.

Here are some additional key findings from the 2014 Security Pressures Report:

• 54% of IT pros felt more pressure to secure their organizations in 2013 compared to the previous year, and 58% expect even more pressure in 2014.
• Targeted malware was the threat IT pros felt the most pressure to protect against, with 64% noting increased pressure over the previous year.
• Customer data theft worries 58% of IT pros, more than reputation damage, fines and legal action combined.
• External threats caused more pressure than internal security threats, but employee accidents caused more pressure than employee malfeasance.
• 50% of IT pros say their owners, boards of directors and C-level executives are applying the most pressure, while 13% say it's coming from themselves.
• Pressure from the top may not always have security in mind, with four out of five IT pros feeling pressured to roll out IT projects, despite concerns they were not security-ready.
• Advanced security threats, the adoption of emerging technologies and security product complexity are the top three operational pressures IT pros face.
• Emerging technologies that IT pros are most pressured to use include the cloud and mobile applications, despite feeling they both pose the greatest security risks.
• Budget-wise, new capital outlays are the most under pressure, with headcount the least.
• 85% of IT pros said a bigger IT security team would reduce security pressures and bolster job effectiveness.
• Three out of four IT teams currently run security in-house, but 82% use, or are looking to use, managed security services in the future to help alleviate pressures.

Financial Strategies That Help

Here is the question on the minds of law firm IT departments, CFOs and Executive Directors: How are we going to pay for the security technology that's necessary today if it's not in our firm's budget “today”?

Advances in technology and software upgrades, especially in the data security arena, are being made with extreme rapidity. A firm that wants to protect itself and its clients with the most up-to-date versions of security technology available may not want ' or be in a position ' to purchase the technology outright. Leasing or financing provides the opportunity for an IT department to replace or upgrade equipment on the fly as upgrades are released, while at the same time working within a budgeted monthly payment. The decision cycle can also be shortened since the request for another large capital expenditure can be circumvented.

These days, a monthly expense is an easier solution for many law firm decision makers versus paying cash for the total cost. Many products are now being offered as a monthly subscription because the monthly payment 'as opposed to a total cash purchase ' is the most efficient way for a firm to stay within budget and have the flexibility to keep vital technology up-to-date. Leasing a firm's hardware, software and other soft costs is a solution that can strategically allow a firm to convert what might be a large purchase into an affordable monthly expense. Financially, this means leasing beneficially conserves cash reserves, keeps bank lines of credit open for short-term use, and cuts the out of pocket costs for security upgrades while still enabling new projects in the budget.

These combined financial strategies allow for flexibility and quick decision making, which are distinct advantages when the security landscape is in constant flux.

'Securing' the Right Lessor

When choosing a leasing partner, it is important to find one who will work in your interest and not just exclusively in theirs ' and a lessor who understands the constraints of the legal industry. Leasing is not just a one-time transaction; it is a long-term relationship. It's in your firm's best interest to be highly selective. If the vendor decides to bring a lessor into the relationship, here are some best practices we recommend:

• Be highly selective, do your due diligence and select a lessor with a depth of experience in the unique concerns facing the legal industry. Vet potential partners in peer groups, such as ALA, ILTA or any user group, such as Elite and Aderant.
• Seek lessors with excellent and highly responsive communication abilities, flexibility in solutions offered and predictability and longevity of the management staff.
• Forge relationships with vendor-neutral, customer-focused lessors. Best practices dictate that you forge relationships with lessors that can deliver on your ever-changing requirements ' which can include anything from delayed payments, step payments, special contract terms, individual contact points, customized lease documents, etc.
• Look beyond the least rate factor. Of course the rates and credit acceptance offered by the lessor are important considerations. However, these are rarely the predominant factors in maintaining long-term partnerships. In fact, the primary selection criteria should be the service level and experience of their potential business partner, along with the strength and transparency of the Master Lease Agreement.

Leasing, when best practices are implemented, is seen as a tremendous advantage. However, when vetting your potential lessor, there are certain terms and conditions that some may include in their master lease and supporting documents that may not be to your firm's advantage. We recommend your firm red flag terms and conditions such as the following and press for more information:

• Fair market value on software;
• Fair market value language that is determined solely by lessor;
• Undefined quarterly interim rent or quarterly commencement dates;
• Restocking fees;
• Seven-day window to return equipment at the end of term or the lease extends for 12 months;
• No “right to use” the software at the end of the lease;
• Pro-rata 1/30th language;
• Long term automatic extensions if your notice date is missed;
• Notice windows that only allow you to give notice of intent between 90 and 120 days prior to the end of term, or some variation thereof; and
• Requirement to return equipment in the original packaging material and with original manuals.

Information Is the New Oil

As The Security Pressures Report illustrates, overall security-related pressures increased from 2012 to 2013, and more pressure is expected in 2014. Compared to 2012, 54% of IT pros felt more pressure to secure their organizations in 2013. Compared to 2013, 58% of respondents expect to experience more pressure to secure their organizations in 2014.

But also evident in the report is the gap between what your IT professionals know needs to happen and the financial resources that it requires. It's being said now that “information is the new oil,” and the threat to that resource is only increasing ' no law firm wants to be the next Target or Home Depot. Leasing is a financial strategy that can provide immediate, concrete results right now, and builds in flexibility and quick decision making over the long term ' a financial win-win for today's market.

Scott McFetters, a member of this newsletter's Board of Editors, is President of CoreTech Leasing, Inc. CoreTech is an independent leasing company working in strategic partnership with over 100 law firms. For more information, please visit www.coretechleasing.com, follow on Twitter @CoreTechLeasing, and like on Facebook at www.facebook.com/technologyleasing.

We know the consumer-industry stories of hackers infiltrating Target and, more recently, Home Depot:

“Here's the thing about breaking into a multi-billion-dollar company and stealing the credit card information of millions of customers: It's just not that hard.” Mashable.com

Law firms are now at the center of the storm because they store some of their clients' most sensitive business information and are viewed by criminal elements as a less-defended path to that data. Firms must take care to understand and respond to evolving security trends with response strategies.

A growing number of clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.

Some companies are asking law firms to stop putting files on portable thumb drives, e-mailing them to unsecured iPads or working on computers linked to a shared network. In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies.

The vulnerability of American law firms to online attacks is a particular concern to law enforcement agencies because the firms are a rich repository of corporate secrets, business strategies and intellectual property. One concern is the potential for hackers to access information about potential corporate deals before they get announced. Law enforcement has long worried that law firms are not doing enough to guard against intrusions by hackers.

But behind the big headline stories are people, the IT professionals themselves working amongst what may be at times contradictory pressures.

The inaugural 2014 Security Pressures Report from Trustwave, based on a survey of more than 800 IT professionals, reveals the security threats most concerning to these practitioners. One of the main areas of pressures faced by IT professionals is to “do something” but, alas, without the resources, as evidenced in these statistics from the 2014 report:

• 65% of IT pros are pressured to use security products with all of the latest features, despite 1 out of 3 not having the resources to do so effectively.
• More budget, more security skills/expertise and more time to focus on security are the top three items on wish lists for IT pros in 2014.

(The survey is available at http://bit.ly/1u7DZAi.)

It also uncovers the pressures these respondents have faced, are facing and expect to face in regard to confronting these threats. The report exposes from whom these professionals feel the most pressure when attempting to secure their organizations and how they predict pressures will shift in the future.

Here are some additional key findings from the 2014 Security Pressures Report:

• 54% of IT pros felt more pressure to secure their organizations in 2013 compared to the previous year, and 58% expect even more pressure in 2014.
• Targeted malware was the threat IT pros felt the most pressure to protect against, with 64% noting increased pressure over the previous year.
• Customer data theft worries 58% of IT pros, more than reputation damage, fines and legal action combined.
• External threats caused more pressure than internal security threats, but employee accidents caused more pressure than employee malfeasance.
• 50% of IT pros say their owners, boards of directors and C-level executives are applying the most pressure, while 13% say it's coming from themselves.
• Pressure from the top may not always have security in mind, with four out of five IT pros feeling pressured to roll out IT projects, despite concerns they were not security-ready.
• Advanced security threats, the adoption of emerging technologies and security product complexity are the top three operational pressures IT pros face.
• Emerging technologies that IT pros are most pressured to use include the cloud and mobile applications, despite feeling they both pose the greatest security risks.
• Budget-wise, new capital outlays are the most under pressure, with headcount the least.
• 85% of IT pros said a bigger IT security team would reduce security pressures and bolster job effectiveness.
• Three out of four IT teams currently run security in-house, but 82% use, or are looking to use, managed security services in the future to help alleviate pressures.

Financial Strategies That Help

Here is the question on the minds of law firm IT departments, CFOs and Executive Directors: How are we going to pay for the security technology that's necessary today if it's not in our firm's budget “today”?

Advances in technology and software upgrades, especially in the data security arena, are being made with extreme rapidity. A firm that wants to protect itself and its clients with the most up-to-date versions of security technology available may not want ' or be in a position ' to purchase the technology outright. Leasing or financing provides the opportunity for an IT department to replace or upgrade equipment on the fly as upgrades are released, while at the same time working within a budgeted monthly payment. The decision cycle can also be shortened since the request for another large capital expenditure can be circumvented.

These days, a monthly expense is an easier solution for many law firm decision makers versus paying cash for the total cost. Many products are now being offered as a monthly subscription because the monthly payment 'as opposed to a total cash purchase ' is the most efficient way for a firm to stay within budget and have the flexibility to keep vital technology up-to-date. Leasing a firm's hardware, software and other soft costs is a solution that can strategically allow a firm to convert what might be a large purchase into an affordable monthly expense. Financially, this means leasing beneficially conserves cash reserves, keeps bank lines of credit open for short-term use, and cuts the out of pocket costs for security upgrades while still enabling new projects in the budget.

These combined financial strategies allow for flexibility and quick decision making, which are distinct advantages when the security landscape is in constant flux.

'Securing' the Right Lessor

When choosing a leasing partner, it is important to find one who will work in your interest and not just exclusively in theirs ' and a lessor who understands the constraints of the legal industry. Leasing is not just a one-time transaction; it is a long-term relationship. It's in your firm's best interest to be highly selective. If the vendor decides to bring a lessor into the relationship, here are some best practices we recommend:

• Be highly selective, do your due diligence and select a lessor with a depth of experience in the unique concerns facing the legal industry. Vet potential partners in peer groups, such as ALA, ILTA or any user group, such as Elite and Aderant.
• Seek lessors with excellent and highly responsive communication abilities, flexibility in solutions offered and predictability and longevity of the management staff.
• Forge relationships with vendor-neutral, customer-focused lessors. Best practices dictate that you forge relationships with lessors that can deliver on your ever-changing requirements ' which can include anything from delayed payments, step payments, special contract terms, individual contact points, customized lease documents, etc.
• Look beyond the least rate factor. Of course the rates and credit acceptance offered by the lessor are important considerations. However, these are rarely the predominant factors in maintaining long-term partnerships. In fact, the primary selection criteria should be the service level and experience of their potential business partner, along with the strength and transparency of the Master Lease Agreement.

Leasing, when best practices are implemented, is seen as a tremendous advantage. However, when vetting your potential lessor, there are certain terms and conditions that some may include in their master lease and supporting documents that may not be to your firm's advantage. We recommend your firm red flag terms and conditions such as the following and press for more information:

• Fair market value on software;
• Fair market value language that is determined solely by lessor;
• Undefined quarterly interim rent or quarterly commencement dates;
• Restocking fees;
• Seven-day window to return equipment at the end of term or the lease extends for 12 months;
• No “right to use” the software at the end of the lease;
• Pro-rata 1/30th language;
• Long term automatic extensions if your notice date is missed;
• Notice windows that only allow you to give notice of intent between 90 and 120 days prior to the end of term, or some variation thereof; and
• Requirement to return equipment in the original packaging material and with original manuals.

Information Is the New Oil

As The Security Pressures Report illustrates, overall security-related pressures increased from 2012 to 2013, and more pressure is expected in 2014. Compared to 2012, 54% of IT pros felt more pressure to secure their organizations in 2013. Compared to 2013, 58% of respondents expect to experience more pressure to secure their organizations in 2014.

But also evident in the report is the gap between what your IT professionals know needs to happen and the financial resources that it requires. It's being said now that “information is the new oil,” and the threat to that resource is only increasing ' no law firm wants to be the next Target or Home Depot. Leasing is a financial strategy that can provide immediate, concrete results right now, and builds in flexibility and quick decision making over the long term ' a financial win-win for today's market.

Scott McFetters, a member of this newsletter's Board of Editors, is President of CoreTech Leasing, Inc. CoreTech is an independent leasing company working in strategic partnership with over 100 law firms. For more information, please visit www.coretechleasing.com, follow on Twitter @CoreTechLeasing, and like on Facebook at www.facebook.com/technologyleasing.