Key Tech Considerations For North Carolina Law Firms
2022 Edition

Key Tech Considerations For Your North Carolina Law Firm’s IT In 2022

Do you have a plan for 2022?

Planning for your IT (and for your law firm as a whole) has never been more important. Remote work, evolving cybercrime attack vectors, and other critical topics require careful consideration.

If your IT budget isn’t going as far as you’d like, then you need to start planning it sooner rather than later. By understanding the value IT offers, you can learn how to better spend your IT budget.

IT planning is a key oversight in today’s business world…

You Need To Make A Plan And Follow It…

Despite the fact that 93% of surveyed businesses recognize that IT is strategically and operationally critical (Wakefield Research), very few are doing anything to properly plan their IT.

• 66% find that the amount they’re budgeting towards IT isn’t enough to keep up with what they need from it.
• 77% of those with less than 100 employees have found that their investments in IT are too limited
• A third of those surveyed said that less than 10% of their strategic planning was about IT

That’s why you need to ensure you’re planning your budget properly. That means knowing what your priorities should be, and how to invest in them.

Top 4 Factors For Your 2022 Technology Plan

• Cybersecurity: You cannot afford to underinvest in your cybersecurity. Even a single breach can cost you tens of thousands of dollars. You need to ensure you’re protecting your firm against this year’s most prevalent threats.
• Hardware Management: Do you know how old your computers are? At a certain point, they will reach the End Of Life, which means that you won’t get bug fixes or security updates from the developers any longer. Over time, the security and reliability of these systems will make your computers vulnerable:
  • Your computers could be infected by malware
  • Your antivirus won’t be updated
  • Your online banking transaction protection may expire, and
  • Your financial data could be exposed to theft.

That’s why you need to have a detailed schedule of your hardware and operating systems’ lifecycles so that you can plan ahead of new purchases and upgrades.

• Supply Chain Issues: Don’t forget that new technology is in high demand, and the available supply is especially low. This is due to both the pandemic and a shortage of key components. Any new technology purchases you will make will likely take much longer to fulfill.
• Remote Work Capabilities: If it becomes consistently safe to do so this year, will you bring your entire staff to the office, or continue with remote work in some form? No matter how you plan to proceed, you’ll need to arrange it carefully.

Cybersecurity & Cybercrime In 2022

The year 2021 will largely be remembered as the second year of the pandemic, and rightly so. COVID-19 disrupted lives and caused severe economic hardship, even going into 2022.

However, that’s not the only trend worth considering in 2021.

Since the start of the pandemic, the rate of cyberattacks grew 400%—the fact is that a rising tide lifts all ships. As cybercrime becomes more prevalent, your organization becomes a more likely target, no matter its size.

As countries all around the world went into lockdown and businesses were forced to let employees work from home like never before, cyber bad actors saw an opportunity.

Criminals and Nation-state actors like China and Russia exploited the users as they accessed data and systems remotely, Even some of the best-protected networks in the world were breached.

Companies like SolarWinds and Microsoft suffered crippling hacks that reverberated down the supply chain of their customers, including over 10,000 private companies and government agencies like the United States Department of Justice and even the Department of Defense.

In light of this massive breach, the Department of Homeland Security initiated an emergency review of the entirety of the cyber landscape in the U.S. and is expected to make significant recommendations within the next few months, including setting minimum levels of cyber protection that all organizations will have to implement.

Given how often big-name data breaches make headlines these days, you probably think cybersecurity is only a concern for big businesses. Whether it’s Colonial Pipeline or Kaseya, the one thing they all have in common is that they’re operating on a scale much larger than your organization is.

Are you letting your small size give you a false sense of security?

The Small Business Cybersecurity Dilemma

For smaller law firms, the situation is especially dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.

A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are being included.

Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile. That’s why you need to be aware of the greatest threats to your business and plan against them.

The Top 3 Most Dangerous Threats To Your Law Firm In 2022

Experts anticipate ransomware, supply chain, and Internet of Things (IoT)-based attack vectors will be the most prevalent threats to the business world this year. By understanding how these threats work, and how best to defend against them, you can mitigate the chances of becoming a victim.

Ransomware Continues To Evolve And Proliferate

Ransomware is a type of malware or trojan that infects a network and blocks access to data stored on those networks by encrypting all the files in a way that is difficult, if not impossible, to decrypt.

The hackers who deploy the malware agree to provide a unique decryption key in exchange for a payment, usually in Bitcoin or some other cryptocurrency, making tracing and prosecuting the hackers difficult.

The malware is mostly spread using emails with embedded links that are sent out en masse to thousands if not millions of email addresses that can be readily obtained for less than $100.

The hackers anticipate that at least some of those emails will be opened and some of the links clicked, downloading malware to the unsuspecting user’s PC and starting the encryption process. Overall, it is a very easy process to manage, and the rewards are exponentially higher than the cost.

The best way to defend against ransomware is to work with an IT company whose team can implement a range of cybersecurity protections that will keep your data protected and your business in operation, no matter what happens.

Recommended Ransomware Defense Measures

• Access Controls: Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
• Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
• Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects. The ideal way to handle this is with MDR, an outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered. MDR fully manages your cybersecurity defense, both keeping an eye out for threats, as well as providing the expert team to address them when they occur.
• Data Backup: If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
  • Back up data on a regular basis, both on and offsite.
  • Inspect your backups manually to verify that they maintain their integrity.
  • Secure your backups and keep them independent from the networks and computers they are backing up.
  • Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.

Inherent IoT Vulnerabilities

Did you know that there will be 75.44 billion IoT devices installed worldwide by 2025? This technology, from wearables to office space appliances, has become a big part of the business world—do you know what it is and how it works?

Smart technology, (also known as IoT) is a natural evolution of the Internet, consisting of a range of new “smart” and “connected” products and technologies used in commercial, consumer, and government environments. It could be your Wi-Fi-enabled coffee maker that you can set with a smartphone app or a smartwatch that tracks exercise activity for you to review. On both the consumer and office side, vendors are rushing to meet the growing market demand for new products that are always-on, connected, and available.

The ever-expanding network of smart devices offers a range of convenient benefits to consumers and offers exciting applications in the business world.

Whether it’s a smart fridge, a smart display menu at a Mcdonald’s restaurant, or the smart console in a user’s car, IoT devices can vary greatly in purpose and usage. However, it comes with its share of security concerns as well.

Statistica estimates that only 28% of business executives are intending to invest further in security for smart technology. Furthermore, 90% of businesses experienced at least one breach of their OT systems in 2020.

Cybercriminals Are Targeting Weak Links In The Supply Chain

Are you the most viable target in the supply chain?

The fact is that cybercriminals know where their efforts will be most effective. They won’t have much success targeting massive companies that have the necessary resources to defend themselves. That’s why they target smaller companies in the supply chain of those larger businesses.

Cybercriminals can take advantage of the small company’s lower security standards and still access the same data. If you run a small business that shares data with larger companies, you need to consider yourself a target by proxy.

The ever-growing tide of cybercrime threats shows why cybersecurity and risk management are so important. Do you know how to properly oversee the defense of your law firm?

Critical Smart Technology Security Layers

• Password Management: Just as a user shouldn’t leave the default administrator login and password set on their router, their laptop, or other hardware, they shouldn’t do so with the networked robotics either. Smart technology users should make sure to set unique and complex passwords for all devices that are connected to the organization’s network and update them every 90 days.
• Use Isolated Networks: Isolating smart technology to their own private networks will make it easier to provide protection against breaches—if someone is able to hack into your smart technology, it won’t give them access to the rest of your network.
• Network Monitoring: Using a more layered approach to network security can incorporate hardware devices, such as professionally configured and maintained network firewalls to help identify whether the information is coming from a listed/safe device, or from a device outside of the trusted network.  Additionally, network visibility and reporting can incorporate out-of-the-box best practices to recognize whether a device has become exploited by targeting suspicious data traffic and monitoring whether or not the commands are originating from the listed device or by an endpoint outside of the network.
• Updates and Patch Management: Just as patches and updates need to be applied for conventional software and hardware in use, the same is true of smart devices. The firmware that these devices operate on will need to be kept up-to-date with the latest patches issued by the developers to make sure that they are kept secure against recently discovered vulnerabilities.
• Commercial Grade Firewalls: As we mentioned, this type of security hardware adds another layer of protection between hackers and your smart technology, ensuring it’s kept safe from common types of attacks. Make sure you invest in commercial-grade firewalls, which are developed with business use and purposes in mind, as opposed to limited consumer firewalls.

Managing Your Hardware In 2022

How To Tell When Your Hardware Is Getting Old…

• New Versions Are Available: While the mere existence of a newer OS or new model in the line-up doesn’t mean you should automatically upgrade, it is an indication that you will have to do so sometime soon. When a newer version is released, it means the clock is running out on how long the providers will continue to support the version you’re using.
• You’re Falling Behind The Competition: You may be noticing that your competitors have far surpassed your capabilities and are able to provide clients with features and products that you are unable to offer. If you are finding it hard to keep up with your competitors, it might be time to consider how new technology can enhance the work you do.
• Fixes Don’t Last Long: The older technology gets, the more support it will need. That means paying more and more for support to come in and get it running again, the returns on which will quickly diminish.

Outdated Technology Is Expensive—How Much Does Downtime Cost Your Firm?

If your old tech is working so poorly that it stops you and your staff from working, then it’s time to replace it. The downtime caused by old hardware isn’t worth the money you’re saving by hanging on to it.

Whether you agree or not, it’s a fact—Ponemon Institute estimates that every minute of even partial downtime can cost as much as $5,600.

The main cost of downtime is not the fix itself, it’s the halt in your firm’s productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.

The economy of downtime is unforgiving—it grinds your firm to a halt, racks up expenses, and keeps you from getting anything done.

• Expense Vs. Revenue: During downtime, you incur all the expenses of running a firm without the revenue you would usually generate.
• Loss of Focus: Even if downtime does not grind everything to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem—again reducing productivity.
• Affected Service Delivery: Furthermore, while your systems are down, you can’t deliver services or sell products to current and potential new clients.
• Cost Of Repair: However you approach fixing the problem, it’ll cost time and money.

It’s Time To Take Stock Of Your North Carolina Law Firm’s Hardware

• Does Your Hardware Function Properly?
• Can you turn it on?
• How long does it take to start up?
• How long does it take to execute tasks like opening applications?

Is The Software Up To Date?

Now that you’ve determined how functional the hardware is, the next step is the software. Even if this technology hasn’t been turned on in a week, there will likely be some updates that have to take place. Updates are important because they correct existing errors and mistakes in software, and patch potential flaws that could leave it vulnerable to security threats. One by one, open up each program you would plan to use on a regular basis. If there are updates that need to be installed, a pop-up window will likely open on start-up. However, if the previous owner turned off that automatic function, you’ll need to manually check for updates, which can be done in the program preferences.

What Is The Status Of Licenses And Warranties?

After double-checking that everything is up to date, the next step will be to confirm the status of any existing licenses and warranties.

Depending on the type of firm, there may be specific software needed for daily operations. The bottom line is that if you need it to get work done, you should know whether you can use it.

Keep Supply Chain Issues In Mind

Are you aware of the ongoing supply chain issues that continue to affect the availability of vital business hardware?

This is the result of a confluence of both demand and supply chain shocks including a global chip shortage, labor shortages, manufacturing disruptions from the pandemic, and higher demand.

Independent of the cause, the impacts are continuing to reverberate throughout the global economy. At Parkway Tech, we are feeling the effects via an inability to quickly procure important hardware.

Manufacturers that rely on these components (Lenovo, Dell, HP, Cisco, etc..) are anticipating delays in the fulfillment of new hardware and products. They expect the effects of the shortage to last at least through the remainder of 2022. Please prepare for potential delays and longer-than-normal lead times for the hardware.

Supply Chain Delays And Chip Shortages—What’s Causing All The Trouble?

While chip manufacturers fail to produce a sufficient supply of these key components, prices will inevitably go up. TSMC planned to hike its prices in line with the limited amount of components they are able to produce.

This has resulted in a bidding war among major manufacturers. As globally active brands like Toyota and Apple compete for vital components, they’ll have to pay much higher prices. Add to that increases in shipping costs and higher wages for labor, along with inflations, and you have costs continuing to climb. Those expenses will be passed along to consumers like you.

While prices may be high now, they’re only bound to increase over the next year. As the shortage continues and demand continues to climb, prices will increase in kind. That’s why you need to start placing orders now for the hardware you’ll need next year and the year after that. The longer you wait, the more it will cost you.

Don’t Try To Wait It Out — Start Planning Now

It’s important to think ahead in order to properly address an issue like this. It can be easy to assume that just because your organization has all the hardware it needs right now, you don’t have to worry about a shortage at the moment.

However, you will require new hardware sooner or later, so it would be wise to “get in line” now as experts advise to expect supply issues to extend well into 2022. Therefore, whoever is in charge of managing your hardware lifecycles should be able to tell you when a replacement is due, and if it’s within the next 12-18 months, the smart move would be to get that order in now, rather than worry about the delay when it becomes truly necessary.

This also likely means not only price increases, but a trend of higher pricing due to the growing demand and potential surge in that demand from those that have failed to properly plan in the past and/or don’t make effective adjustments to their existing plan to adapt to the current state of the market.

This will most likely mean some adjustments to your lifecycle plan, as well as some flexibility, so be sure to take that into account, especially when it comes to budget planning, as well as Board and staff expectations.

Long Term Remote Work Considerations

Have you given any thought to the way your business will operate in a post-pandemic world?

According to 317 CFOs recently surveyed by Gartner, the business world may not change back when the pandemic is over—74% of CFOs say they expect to move previously on-site employees remote post-COVID-19.

Three Scenarios For Your Law Firm’s Working Environment

1. Your entire staff returns to work in the office, requiring you to implement practices to maintain social distance and keep high-traffic and high-contact areas disinfected
2. Some of your staff returns to work in the office and some continue working remotely, requiring you to manage a hybrid IT environment
3. All of your staff continue to work remotely, requiring you to assess and improve the remote IT environment you’ve been using so far

The bottom line is that however you’ve managed remote work so far, if it’s to be a part of your long-term vision for your organization, then you need to make sure it’s optimized and secure.

The rush to pivot to remote work at the start of the pandemic prioritized access to data with basic security measures. Now that the rush is over, it’s time to implement more advanced and robust cybersecurity defenses.

The Pros And Cons Of Remote Work 

The remote work model offers a number of benefits that you’ve likely taken notice of over the course of the pandemic.

• 77% of remote employees say they’re more productive when working from home
• 76% of employees prefer to avoid their office completely when they need to concentrate on a project
• 98% of remote workers want to continue to work remotely (at least some of the time) for the rest of their careers

However, for all the ways remote work is beneficial to both the organization and end-users, it’s not without its challenges.

Ongoing Cybersecurity Considerations For Remote Work

When the COVID-19 crisis hit, it hit fast. Despite what, in retrospect, may have seemed like a gradual build-up, it was virtually over the course of a single weekend in March that businesses across the US had to pivot to a remote work model.

Obviously, the first priority was maintaining business continuity. You needed to make sure your newly remote workers had the technology and the remote access necessary to do their work.

But the process doesn’t end there—security is a complicated undertaking for remote work models. In fact, 36% of organizations have dealt with a security incident due to an unsecured remote worker.

Continuing with a remote work model, whether entirely or in part, will require:

• Enhancing security measures
• Providing the right hardware for users working permanently from home
• Implementing more permanent file-sharing and collaboration tools

Recommended Remote Security Solutions For Hybrid Models & Long Term Remote Work

Even before the pandemic, it was becoming increasingly common for businesses to hire remote workers—that is, staff members that work from home, outside of the business’ city of operation, and even much further away. It’s important to recognize that when businesses start prioritizing remote access to data over the security of that data, they make an easy target for hackers.

Think of it this way—at the office, everything is protected by the same set of cybersecurity solutions—firewalls, antivirus software, etc. These are defenses that you’ve invested in and can trust.

Is the same true of your employees’ home networks and personal devices? Probably not.

With so many employees operating remotely, working from a laptop or smartphone, how can you be sure that your data is completely secure? Are you taking the necessary steps to maintain security while your staff works from home?

Many owners and managers assume that a VPN is enough to protect their business while managing a remote work environment. That’s not necessarily true—one wrong step and a remote worker can put your network at risk.

Remote Cybersecurity Recommendations

• Two-Factor Authentication: Two-factor authentication is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. However, this isn’t just for websites and common user accounts—2FA should also be enabled for VPN and Remote Desktops.
• Conditional Access: Conditional Access software gives you the ability to enforce controls on the access to apps in your environment, all based on specific conditions and managed from a central location. It’s an extra layer of security that makes sure only the right people, under the right conditions, have access to business data.
• Data Loss Prevention (DLP): A DLP policy tracks sensitive data and where it’s stored, determines who has the authorization to access it, and prevents the accidental sharing of sensitive information.
• Hard Drive Encryption: Encryption technology is a great way to protect important data. By making data unreadable to anyone who isn’t supposed to have access to it, you can secure files stored on your systems, servers, and mobile devices, as well as files sent via email or through file-sharing services. This is especially important for remote devices, and employee-owned devices. Laptops and home-based hardware need to be properly encrypted.

Legal, Compliance & HR Considerations

Please note that Parkway Tech is not qualified to offer professional legal advice. However, we can recommend that you carefully consider data security and compliance when it comes to managing a partial or entirely remote workforce:

• Make Sure You’re Compliant: This may sound obvious, but that’s not necessarily the case. Compliance means figuring out which legislation applies to you, what security vulnerabilities you may have been dealing with, and how to integrate compliance into your business processes.
  • Determine which data compliance regulations you’re subject to, and which ones may be in the works.
  • Do what it takes to become familiar with the particulars of these systems—assign a small team to learn more about compliance.
  • Develop a specific risk assessment checklist for compliance.
• Build A Data Strategy: A well-developed strategy will dictate when, where and how your data is processed, managed and stored. This means laying out how you respond to a data breach, listing who has access to data, tracking where data is stored and accessed, etc.
  • Building on the compliance requirements determined in the previous step, develop a strategy that will prioritize management and security for personal data.
  • Track the access to and storage of the sensitive data you store.
  • Dictate strict back-up and recovery protocols.
• Make Sure You’re Secure: Security and compliance are inseparable. Both are centered around protecting the integrity of your data. If you’re not secure, then you’re not compliant.
  • Audit your IT to identify vulnerabilities that need to be addressed.
  • Keep your hardware supported and your software patched.
  • Confirm that your data “supply chain” and cloud partners (anyone else who stores or accesses the data for which you’re responsible) are also secure.
• Make Sure Your Staff Is Well Managed: The fact is that remote work doesn’t come naturally to everyone. This new era of remote working has led to the types of issues that managers would have addressed directly in the workplace. It’s not so easy now that you’re cut off from your team members.  A study found that newly remote workers across the country are encountering a series of challenges in their daily work life:
  • 19% experience loneliness
  • 17% have difficulty communicating and collaborating
  • 8% have trouble staying motivated

How To Manage A Healthy Remote Workforce

• Promote Accountability: Try having your team share to-do lists with one another to promote accountability in their work. Have staff members pair up and meet on a regular basis to talk through what they’ve achieved, and how they can improve.
• Set Firm Working Hours: Your team may be working from home, but that doesn’t mean they’re on call 24/7 now. Make sure to set and follow working hours. Emails and items that come up in the evenings or early morning can and should be left until the start of the working day.
• Make Sure They’re Working In The Right Space: Make sure that wherever your staff is going to work is comfortable, distraction-free, and as in line with their normal work as possible. They may need to invest in an office chair, or even, depending on their work, a second monitor.
• Promote Balance In Their Workday: Make sure that your staff is striking the right balance at home. Just as they shouldn’t be slacking off because they’re not being supervised, they also shouldn’t overwork themselves. Make sure everyone is taking breaks to decompress, stretch, stay hydrated, and relax.
• Help Them Socialize: Switching from a full office to their quiet house can be difficult for workers—don’t forget to schedule time for business and casual communication. Your employees should still communicate on a regular basis with one another and with you.

Parkway Tech Will Help You Achieve Success In 2022

IT planning doesn’t have to be a frustrating process.

Our team will develop a strategic plan specifically for your company to make sure you’re investing in the right solutions to truly help you meet your overall objectives and exceed your goals, in order to reach new heights within your business.

Keep in mind, IT strategy isn’t a one-time thing. We can work alongside your team to provide ongoing guidance, support, and services.

Get in touch with our team to get started on your 2022 technology plan for the year.