Adam Citron Of Nerdio On Critical It Issues For Law Firms

We spoke with Adam Citron, senior cloud computing strategist, about some of the most critical IT issues facing law firms, including data security, disaster recovery and how Nerdio is equipped to meet the unique IT needs of the legal world.

AALM: We know that security is an issue for all types of businesses, but why is it especially important for law firms?

Citron: A law firm’s data becomes more valuable over time. The data collected by a practice contains everything from calendar entries to contacts to case documentation to email and phone logs to client data. The more data a firm compiles, the more valuable it becomes. So if that data is somehow lost – by data breach, by system failure or by a malicious attack – that loss comes at a hefty price.

AALM: What data security issues are top of mind for law firms?

Citron: Besides the overall issue of protecting the firm’s data, the issue that should be at the top of the list for law firms is safeguarding client data. First, law firms are virtual treasure troves of valuable information, all of it sensitive, confidential information about both individual and business clients, privileged attorney-client communications, information about client intellectual property like patents and copyrights, a range of personally identifiable information and more. That’s all in addition to a firm’s own case and strategy information. It’s a wealth of information that cybercriminals would love to get their hands on, and it’s critical that it be protected for business, legal and ethical reasons.

AALM: What do law firms have to fear? Where are the threats coming from?

Citron: The short answer is everything and everywhere. There’s data theft, risks of data leakage, and then inadvertent data breaches caused by human error. To get serious about cybersecurity, law firms need to better understand the threat landscape. Cybercriminals perpetuating attacks on law firms are extremely sophisticated, and their attacks are highly targeted. Other less sophisticated but more common invasions include insider misuse, loss of an unsecured device, communication over unsecured networks and unapproved downloads of software onto the firm’s network or devices.

AALM: Speaking of mobile devices, what are some of the concerns regarding mobility in the legal profession?

Citron: Mobile technology has changed the way lawyers operate. As we move toward an increasingly paperless world, smartphones and tablets allow attorneys to access law firm data remotely. But the more accessible data becomes, the greater the danger the wrong person will gain access. Most law firms haven’t taken the appropriate steps to protect themselves and their clients from security breaches. They need expert assistance in establishing and enacting mobile device management plans that encrypt data, train employees to ensure compliance and institute disciplinary actions for violations. Law firms can’t and shouldn’t avoid mobile technology, but risks must be minimized to keep data secure.

AALM: What do firms need to do to make sure they’re adequately protected?

Citron: A law firm’s security measures should include a broad range of protection. Firms should have desktop protection in place to ward off the ongoing threat of viruses, malware and malicious attacks. That should be accompanied by backup and disaster recovery measures that keep all of a firm’s data backed up and secure. And law firms should have mobile device management programs in place to secure and monitor all mobile devices in real time, with the ability to remotely lock or wipe lost devices.

AALM: You mentioned disaster recovery. Are there recommended methods specific to law firms?

Citron: A good disaster recovery program for a law firm comprises plans to restore the IT infrastructure, systems and data networks within the clear strategic goals established at the outset. This includes the specific procedures involved, assignment of responsible employees, internal and external notification requirements, timeline for recovery and operational processes while the firm works in contingency mode. Relying on experienced, competent third parties with off-site facilities to help manage and maintain a firm’s IT operation is one way to ensure both disaster preparedness and data protection.

AALM: What is the first step to set up a disaster recovery plan?

Citron: The most important components of a disaster plan is defining the recovery time objective (RTO) and recovery point objective (RPO). It is important to understand how quickly the firm needs its systems fully up and running after a disaster strikes. While most people would prefer little to no downtime, as the time requirement lessens, the complexity and cost of a solution can go up significantly. The second important factor is determining how far back the firm would prefer to go when restoring data. For example, if a server crashes today due to a virus, are the firm’s requirements to be able to go back six hours, 24 hours or multiple days?

AALM: What does this mean for a law firm’s inhouse IT staff?

Citron: Law firms are focused on practicing law, and that’s where their focus should remain. Many firms likely have an in-house IT person or maybe even a small team. This is essential, especially as the firm size increases, as in-house staff will get to know the firm’s people, needs and workflows intimately. They will be best positioned to make recommendations to enhance the productivity of the work force. That is, of course, if they are not bogged down by traditional IT issues, such as managing desktops, servers and email management. While maintaining some in-house staff, many firms are outsourcing management of the servers and desktops to third parties like Nerdio, and getting access to enterprise- grade technology, expert-level knowledge and exhaustive support at a fraction of the cost, freeing up the firm’s internal resources to be more strategic.

AALM: How does Nerdio specifically address those needs for law firms?

Citron: Think of Nerdio as a way to augment the expertise of your internal IT team. They would no longer need to worry about many of the core components of running IT, like managing physical servers, securing data, and ensuring backup and disaster recovery. Firms no longer need to constantly pay for system upgrades and replace operating systems and servers. We provide a secure private hosted environment to maintain all desktops, servers and data, managed by and in conjunction with internal staff. The service includes the main components needed to efficiently and securely run an IT environment including virtual desktops, virtual servers, email hosting and much more, all secure and compliance driven.

AALM: Does Nerdio replace in-house IT function?

Citron: Not at all. We provide specialized support for that in-house IT team, and we help law firms and other organizations maximize their IT investment. We become an extension of a law firm’s IT team and support them through collaboration. The service does replace the need to have servers and storage devices and backup systems onsite. The Nerdio platform is comprised of the essential security and services needed to run a law firm practice, outside of software specific to that firm, such as practice management. That being said, for firms with no IT staff Nerdio can handle all IT functions.

For more information, visit