Uneventful, seemingly steady times can lull firm leaders into a false sense of security. They can impact a firm’s ability to be prepared should a crisis or catastrophe arise. It’s critical as business leaders to put solid plans of action in place in the event of a natural disaster, pandemic, act of violence, or other unexpected event. Let’s start by asking a few key questions:
- The hope is your law firm made it through Covid unscathed, but are you ready should there be another pandemic that forces lockdowns or inhibits access to the office?
- Do you have cyber security measures in place in the event your firm experiences a data breach and/or a ransomware attack? Is your team undergoing cyber security training regularly?
- In the event of a natural disaster, is there a plan in place that ensures you have ways to communicate with your team and your clients on the status of the operation so your firm does not face a detrimental business interruption?
- What about the security of your building; do you have a way to quickly notify your team of emergency situations and feel confident they have the knowledge of what to do to stay safe in your office?
If you answered no to any of the above questions, you should feel a strong sense of urgency to act now and create plans for all possible worst-case scenarios. Often, we know firms have some measures in place, but they are not updated or frequently reviewed with their team. That’s a vital mistake. It is no question many of us walk around with the mindset that something terrible will never happen at our place of work. Sadly and too often, it’s truly not a matter of “if” these things happen, but rather “when.” No matter the size of your business, your firm should have robust disaster response and preparedness plans in place.
Cyber Security
During my tenure in law firm administration, I received countless emails that appeared to be coming from my team and attorneys. These emails consisted of requests to update payroll information and sometimes asked me to click on a fake ShareFile link to upload file information. My team received these emails on a regular basis as well. Scammers have gotten savvy with their phishing schemes, and they are much harder to detect than those of 5-10 years ago. Once you fall victim to one, it is difficult to know the full extent of the damage and stolen information. When a user’s account has been compromised, their email can then be used to send additional phishing emails to those inside and outside the organization. This can be embarrassing to your firm when other attorneys or offices call to determine the legitimacy of your emails.
How do you stay vigilant and prepare your team?
First, your IT department or company, if outsourced, should have emails that come from outside the organization flagged. Visually, this can look different based on what your company uses for email. The word EXTERNAL can be in the subject line, in the body of the email, and/or out to the side of the email in your inbox, as seen below.
Example of inbox with the external tag.
The [External] tag does not mean the message is a scam. It is to help the recipient remember to stop and consider if they know the sender and if they were expecting an attachment or link sent from them prior to opening/clicking on anything. If the email appears to be a scam, the recipient should notify their systems administrator, who can contact the IT department so the team is all on notice.
There are several security training platforms your IT company can investigate and implement at your firm. These platforms will proactively train your team on how to identify a phishing email or encrypted attachment by automating simulated phishing attacks for your team. Reporting is often provided to show how the team did. This helps management identify weak areas to focus on and provide additional training as needed. If you’d like to go a step further, which we recommend, many of these companies also offer compliance training software. As with any new software implementation, it is important to communicate the why behind it to your team. You want them to understand this is an additional layer of protection for the firm and clients. This is not being used to track their computer, and it is not a reflection of their work.
Crisis Communication Plan
In the event of a natural disaster, there may be mass power outages, flooding, and overall destruction. It would cause me a lot of anxiety not knowing what is going on with my job and my colleagues. Additionally, during these times, your clients may be struggling to contact you and wondering, “How does this affect the trajectory of my case?” When creating your firm’s disaster response plan, it will be important to lay the foundation of solid communication – who notifies who and how they are doing it?
Today, we are all more connected than ever with our cell phones and social media, making two-way communication that much easier. At some point in time, I am sure you have received an automated text message that reminds you of an upcoming appointment. This automation can also be set up for your company. There are several online platforms you can utilize for this.
Pro tip: You can also use the software for automated surveys or other communications to your clients. Just make sure they opt in first!
Messages can be customized to mass update your team. If your firm is smaller and cannot justify this expense, create a simple telephone tree.
The firm’s social media profiles should be utilized to post updates on the status of your office(s) and operations. If your hours change or if your office experiences damage that will prolong office services, you can quickly notify everyone with a status update, tweet, or Instagram post. While many people do have cell phones and social media access, there are some who do not. As an extra layer, it would be beneficial to record an automated voice message that notifies clients or providers when they contact your firm what the status of operations are. If this becomes prolonged, you will want to make sure you update the recording often. These measures will provide a solid foundation for communication to continue in times of chaos.
Office Security and Safety
In recent news, we learned of a tragedy in which an attorney lost his life when a client opened fire inside of one of their office locations. This unthinkable act of violence was a devastating blow to the attorney’s family, firm, and legal community at large. Our condolences go out to everyone involved. While this senseless act shook all of us and we hope these things will never happen, the reality of the situation is it could happen to any office, in any profession, by any individual, whether it is a client, a service provider, or a random stranger. Of course, not all tragedies can be avoided, but there are measures that you can take to keep your team as safe as possible.
The security of your building will look different depending on the size, location, and layout. If your office is in a larger building, you likely have a landlord that facilitates security measures for your suite through a third-party vendor. If you are in a stand-alone building where your firm is the solo occupant, you likely have security measures in place through an outside company. No matter the size of your practice, if you are utilizing a third-party vendor for security, consider asking what additional security measures they offer and choose what works best for the size of your firm.
In larger buildings, many office suites already have electronic locks on the doors that you can automate with the security company that installed them. We would recommend keeping your suite locked at all times. Your team can use a fob or code to gain access, and expected visitors can be provided with a temporary code ahead of time or have a way they can alert someone to their arrival and be let in. If it is an unexpected visitor, investigate a call box where the receptionist can speak to them to determine their needs prior to entering the office. You might even consider a panic button up front where reception sits that locks down your entire office while alerting your team members and local law enforcement that there is a threat. While we understand these measures can add an impersonal touch to your office environment, or a lot of hoops to jump through for your clients and potential clients, they are becoming necessary. Team members and clients may feel more at ease and safe with these types of measures in place.
Standing Strong
It is noted in an American Bar Association Center for Professional Responsibility publication that the Model Rules of Professional Conduct are broad enough that certain inactions of a lawyer as it pertains to preparedness for disasters could lead to an ethical violation. This is one of many reasons you want to ensure your firm has a plan and it is reviewed often by the team. If you are wondering where to start, you can check out the American Bar Association Committee on Disaster Response and Preparedness online. There you will find several resources, including guidelines on disaster planning, issues in cyberspace, and guidance on creating a Business Continuity plan.
We cannot predict the severity of bad weather, the next major cyber attack, or the varied threats that loom in the day-to-day world. As leaders of your firm, you should stay up to date on safety measures and do everything you can to prepare your offices and team members. Keeping you, your team, and your clients safe should be a paramount priority.
Learn More About The Author
