10 Security Practices Every Law Firm Should Follow

Originally published December 1, 2020, by Steve Sobka, Director of Technology and Infrastructure, and Bill Sorenson, VP of Product, at www.elite.com.

Cybersecurity has long been an area of concern for law firms; New York has even proposed cybersecurity CLE requirements. The changes of 2020 require every firm to reevaluate their current security posture and determine if changes are needed.

Certainly, the focus on cybersecurity pre-dates COVID-19, especially as law firms continue to be actively targeted by cyber threat actors in well-publicized breaches. However, the issue becomes even more urgent today. Leaders need to consider how the drastic changes in working environment brought on by the pandemic have impacted their security controls.

In this article, we’ll outline 10 best practices that every law firm should consider adopting or reviewing and why.

1. Re-evaluate Your Security

As firms this year have grappled with the challenges of supporting remote work and adapting in-office processes, technology, and client interaction to accommodate, security may have taken a back seat to productivity and “keeping the lights on.” It’s time to take a look at how those necessary changes have impacted security.

For example, where before you may have concerned yourself primarily with the security of your physical offices, you need to now also consider home security and how to adjust your policies and technical controls to accommodate.

And all this isn’t just limited to the current remote work situation. For many firms, big and small, 2020 has shown that remote workers can remain highly productive. Regardless of how long remote work is necessary, for some firms, some level of remote work will remain an option post-pandemic.

From reviewing your Bring Your Own Device and remote work policies to a full-scale review of your technical controls, taking a step back and considering how recent changes impact security will help ensure your client data remains secure no matter how it’s being accessed.

2. Least Access Approach

One of the most common techniques cybercriminals use is to target junior staff members as a means into an organization. Once they secure such credentials, they can then either a) access everything that employee has access to, or b) use that account as a “Patient Zero” account to infect others, even up to managing partners.

With a least access approach, firms can control their exposure by being vigilant about what any given person can access. Instead of determining what data and which systems should be blocked from a given user, think critically about what they need to access. Doing so helps ensure that even if a cybercriminal gains credentials or if ransomware is deployed at the firm, that your exposure is limited.

3. Security-first Mindset

A defensive mindset is critical to maintaining a secure environment—not just digitally, but physically as well. In an office setting, that might mean validating the copy repairman or the person who waters the plants. Online, it could include confirming that an email requesting data is actually real.

The crux of the security-first mindset is that it’s not limited to IT. Every person at your firm needs to take a “Question everything” mindset. You can’t afford for it to be “just IT’s problem.”

4. Ongoing (Not Annual) Training

This one seems obvious, but it’s critical that firms consider training as an ongoing activity rather than an annual one. Required annual cybersecurity training typically isn’t sufficient to keeping staff vigilant. Instead, consider lighter, more frequent training, and use responsive training tools to help educate your team on phishing attacks. Ultimately, your employees are your last line of defense. Make sure they’re prepared.

5. Email Security Is Not Just About Tools

While email security tools are an important component of catching phishing emails, they are far from infallible. The rising sophistication of phishing attacks means that no email security tool alone can defeat phishing attacks.

In addition to the training highlighted above, law firms should ensure they have policies and procedures in place to mitigate risk. This includes proactive measures such as a policy that requires financial transactions to be confirmed in person / by voice, not just email or reactive, outlining a clear incident response plan so everyone knows what to do if they’ve been phished.

6. Multi-factor Authentication and Password Managers

It’s time to get serious about these two. Any firms that haven’t yet implemented these (and it could be as many as 50%) need to make this a priority.

Cybercriminals exploit the very human desire to keep things simple and convenient. The result? Gaining access to one account can often be easily translated to several of that person’s accounts. With multi-factor authentication, criminals would need access to multiple components to access a target’s data. One nuance here; text-based two-factor authentication is better than nothing. But given the choice, firms should require authenticator apps which are far harder to hack.

Meanwhile, password managers make it easier to maintain different, long, and complex passwords for every account. With a corporate account, firms have the added benefit of quickly shutting down access to all those passwords in the event of a termination.

7. Encryption Everywhere

The simple message here: encrypt everything, everywhere. Ensure your data is encrypted at rest (if you’re operating in a cloud environment, this will be automatically built-in), as well as in transit.

8. Remote Workspace Adoption

Virtual desktops provide a significant security upgrade. While the experience for the user is nearly identical to keeping everything on the local machine, the desktops are actually hosted in a public cloud environment where everything—from the data sitting on the desktop to the connection to critical applications such as Firm Central and ProLaw®—are running in cloud-based servers and are both encrypted and backed up. Cloud desktop represents a much more secure environment than a typical virtual private network and can also eliminate the performance impact that VPNs introduce.

With a virtual desktop, you can isolate your damage, particularly in an era where employees are accessing their applications and data from insecure home WiFi networks. If a computer is stolen or a laptop is damaged, no data is exposed or lost. You can just procure a new computer and get access to your cloud desktop as if nothing ever happened.

9. Physical Security

With many offices only lightly staffed, if at all, there are often minimal controls to ensure that only authorized personnel can access the office. If your infrastructure is still on-premises, you may not have insight into who can access your hardware.

The simple solution? Stop owning physical infrastructure. The truth is that there’s nothing you can do that will be more secure than Amazon® or Microsoft®. By upgrading your infrastructure to the cloud, you transfer your risk to the cloud providers and save yourself the expense and headache of keeping that physical infrastructure secure.

10. Cloud Security

The move to the cloud can be a huge security upgrade for law firms. But how do you ensure that your cloud security is secure as well? The first is to confirm what you mean by “the cloud.” Public cloud providers such as Amazon and Microsoft spend hundreds of millions—even over a billion—dollars on security, far more than you or even a private cloud provider can spend.

You’ll also want to consider how your cloud provider is treating your environment. In many private cloud environments, for example, you can consider the infrastructure to be similar to an apartment building. While your locked door helps to keep your environment secure, you’re still subject to communal impact. If another tenant has a fire, that fire could easily spread to you.

In contrast, a single-tenant environment is like owning your own house, with lots of land around. The actions of your neighbors won’t impact you as heavily, if at all.


Security is a hefty responsibility. Undoubtedly, you’ve already implemented at least some of these 10 best practices. But there are likely at least a few that bear further consideration or upgrading from your current set up.

It can be daunting to consider implementing all of them. But the good news is, that by turning to the cloud, and a trusted cloud services partner to help you, 8 out of 10 of these best practices can be either offloaded or significantly supported by a partner. (If you guessed 2 and 3 as the outliers, you’re right).

Security practices should be reviewed regularly and at any time a major change happens to the business. So as 2020 comes to a close, take the time to review, re-evaluate, and emerge with a stronger security posture and confidence that you’ve done everything you can to keep your client and firm data secure.

Tips and Tricks – Microsoft Word Table of Authorities

Afinety University Tips & Tricks Webinar Series is perfect for those working in the legal field looking to develop their skills in Microsoft Word and other common law firm software programs. This series is instructed by Diana Baker, Afinety’s Macro Developer and Trainer. Diana has over 20 years of experience working in the legal field. Her webinars demonstrate tools for attorneys, paralegals, and legal assistants to increase efficiency in Microsoft Word and save valuable time creating documents. The most recent webinar focused on Microsoft Word’s Table of Authorities feature. We’ve put together some of the key tips and features below, but you can watch the full webinar here.

Marking a Citation

Before getting started with the Table of Authorities feature, there are a few things to keep in mind. First, make sure the document is in its final draft before marking for a Table of Authorities. Second, turn on the “show / hide” option. This allows users to see the Table of Authorities field codes that will be inserted. Once these steps are complete, begin scanning for citations and highlighting.

There are two options for marking citations, users can go through the References tab, Table of Authorities group, and then select “marked citation”. The alternative option is to use shortcut key, ALT + SHIFT + I. From here, go through the document and mark the remaining citations. Another option is to use the “next citation” feature, but scanning line by line is recommended, as this feature can sometimes accidentally skip over citations.

Mark Citation Dialog Box

Let’s break down the mark citation dialog box. First, is the selected text. Edit this text how it should appear in the final generated Table of Authorities. For example, some lawyers may have a preference on abbreviations and other specific formatting. Next, select the category of the citation. A common mistake here is forgetting to select the correct category. Below category is short citation. A short citation should consist of a common factor that is contained in the long cites and in the short cites that are referenced throughout the document. Short citations are marked with a “short cite” field code. To finish using the mark citation dialog box, select “Mark All” and close. If an error is made, revisions can be made and then updated on the Table of Authorities. This will be reviewed later on.

Generating a Table of Authorities

Once ready to generate a Table of Authorities, turn off “show / hide” option. Next, place the cursor in the exact spot to insert the Table of Authorities and go to the References tab, click “Insert Table of Authorities”.  By default, “use passim” is checked. This means that if a citation is referenced on more than 5 or 6 pages of a document, “use passim” will be listed in place of all the page numbers. For formatting, keep original and the category “All” can be selected. Once complete, users should select “OK” to generate their Table of Authorities.

Fixing Errors in Table of Authorities

One common mistake when fixing errors in the Table of Authorities is editing the information directly within the generated Table of Authorities. This is the wrong approach because any manual edits made to the Table of Authorities will be lost once it is updated or regenerated. Instead, users should properly fix errors by revisiting the Table of Authorities field code and making edits there. To then make revisions complete, regenerate or update the Table of Authorities.

For additional tips and tricks on the software programs you use most, register for an upcoming webinar.

Take Your Firm Farther With iManage Work 10 and IT provided by Afinety

To practice law is to manage. Clients, cases, correspondence, documents, memoranda — the assignments and responsibilities of the job are relentless and require ongoing management to keep everything straight.

You need a software solution that will help you actively manage your workload so you can keep tasks in order. iManage Work 10 helps you and your practice work smarter, not necessarily harder. Coupling iManage’s cloud-based platform with managed cloud services by Afinety, a fully licensed and certified iManage partner, you’ll get everything you need to run your law practice smoothly.

What is iManage Work 10?

Used by more than 1 million legal professionals around the world, iManage Work 10 is an email and document management software platform that is designed specifically for law firms like yours and the day-to-day duties that transpire, whether they play out in the office, on the road, in the courtroom or at home. With iManage and Afinety Cloud Platform, you get a fully managed IT environment that enables you to access data instantaneously and experience fast performance with your critical applications, increasing your productivity and output without compromising your firm’s or your client’s security.

No matter what type of law you practice, nothing is more important than performance and coming through for your client and their needs. iManage Work 10 puts you in the best possible position to achieve success with seamless and secure document sharing so communication to your clients, co-workers, colleagues and opposing counsel are maintainable and available. In short, iManage Work 10 is designed for the modern law firm where maximum output and efficiency on all devices is crucial to victory.

What makes Afinety and iManage Work 10 better together?

These days, there is no excuse for not delivering maximum effort for your clients. Thanks to broadband internet access and mobile computing, you can log on to your desktop wherever you are at all hours of the day, whether from your desktop, laptop, tablet or smartphone device.

iManage Work 10 runs seamlessly on all of these platforms so you can take your assignments and documents with you in a profession that is increasingly on the go. Based on input from hundreds of users around the globe, iManage Work 10 was redesigned to be a cloud-first solution so your ability to submit reports, store documents or share them is not dependent on your location. Anywhere, anytime access to your data means just that — you can obtain them from wherever you are, so long as you have a reliable internet connection.

As a certified iManage partner, Afinety has the expertise to help you seamlessly transition from an on-premises or hosted iManage solution to iManage’s modern software-as-a-service platform. In addition, Afinety Cloud Platform helps to streamline all of your applications by handling the maintenance, system upgrades and integration. In essence, we help you manage your entire IT environment – eliminating the need to own and maintain expensive hardware, offloading application upgrades and maintenance, and ensuring higher levels of information security than you could ever achieve on your own. Our turnkey solutions leverage Amazon Web Services to enhance security and your firm’s flexibility should you need to upsize or downsize. If your firm is merging with another, migrating the data isn’t a problem. Everything is fully scalable.

Since we take care of the hardware, the servers, the storage and more, you get to focus on what you do best; while we handle the IT stuff. From mission-critical applications like accounting software to document management, eDiscovery to court docketing, Afinety hosts all of your applications and maintains them so they’re never more than a cloud away.

Why you can trust Afinety

Unlike other cloud providers, Afinety is a certified iManage partner. Together for over 20 years, the Afinety Cloud Platform and iManage pairing provides comprehensive support for your document management and overall work environment. Through consultation and design as well as ongoing maintenance and training, our network engineers make all of this possible. Our dedicated services team will not only ensure your migration to iManage’s cloud platform runs smoothly, we’ll also help ensure your staff’s learning curve is as short as possible by providing them with the skills, tools and knowledge they need to explore iManage Work 10 smoothly and efficiently.

In addition to getting your iManage Work 10 environment up and running, Afinety ensures the rest of your environment is highly secure, backed by AWS and encryption technology. Amazon Web Services is the largest, most reliable cloud platform in the world. Additionally, the IT security professionals at Afinety specialize in data protection to further buttress and fortify the defense of client-privilege material.

Groundbreaking new features

Whether you’re in litigation, corporate, family or any other type of legal practice, there’s no getting around the need to put in maximum effort for your clients. It comes with the territory. iManage Work 10 leverages AI, big data analysis and other advanced technologies to track and analyze your work style so the program can help you work smarter and more efficiently.

Some of these machine-learning advancements include:

  • Smart Worklists: Smart Worklists are fully adaptable and provide an overview of data you can instantly call up with a click (on a laptop or desktop) or swipe (on a smartphone or tablet). Smart Worklists are thematically grouped as emails, clients, documents, downloads, large files and shared documents. And since it runs off the cloud, you can track the progress of documents edited by others in real-time and what the previous version looked like. This capability helps you and your team avoid duplication and improves time management, thereby increasing lawyer productivity through integrated electronic matter files and fully reusable project templates.
  • Document Timeline: Document Timeline function provides additional context to see not only who has edited certain documents but at what time. Even if they left the correspondence alone, Document Timeline allows you to see when it was viewed by anyone else, down to the minute they logged on.
  • Personalized Search: The search toolbar enables you to quickly access emails, matters and documents instantaneously, but what makes search for iManage Work 10 unique is its ability to deliver results that are most relevant to your needs and what data you access most. The machine-learning capabilities of iManage Work 10 strategically order the search results from most likely to least likely.
  • Email Management: Just as you likely search for certain subjects more often than others, the same is often true for who you email. iManage Work 10 keeps tabs on your most common recipients to learn your habits and then makes recommendations for who to send letters, documents or attachments to and appropriate filing locations for conversations, matters and subject headings.

Your clients expect you to deliver for them. iManage Work 10 can position you for success. To learn more, request a quote or to schedule an appointment for integration, please contact us at Afinety today.

Tips and Tricks – Microsoft Word Styles, Multilevel Numbering & Tables of Contents

Afinety University Tips & Tricks Webinar Series is designed for attorneys, paralegals, and legal assistants who would like to develop their skills in Microsoft Word and other common law firm software programs. Instructor Diana Baker, Afinety’s Macro Developer and Trainer, has over 20 years of experience working in the legal field and demonstrates easy tools to increase your efficiency in her webinars. This month’s webinar focused on how to format a pleading using Heading Styles and Multilevel Numbering, as well as generate a Table of Contents with a click of a button. We’ve highlighted some of the key takeaways below, but you can access the full webinar here.


Styles are a collection of formatting instructions which greatly enhance document automation and production. To get started with Styles, open the Styles Pane which will list styles contained in the document. Users can apply, modify or create new styles from the Styles Pane.

A user can preview styles by ticking the “Show Preview” box located near the bottom of the Styles Pane.  Additional options for viewing the Styles Pane include the choice to show styles in the current document and sort the list of styles alphabetically or as recommended. Additionally, it is recommended to remove paragraph, font and bullet formatting from displaying in Styles Pane.

When creating new styles, it is best to start from scratch and base styles on “normal” and then build out each style by formatting the font and paragraph settings, and other preferences.  When setting line spacing in a pleading document, one important tip is to set the spacing to Exactly 24 points (for double spacing) or Exactly 12 points (for single spacing) so the line spacing of the text of the pleading matches the line spacing used in the line numbering embedded in the header.  A tip for Heading styles is to select “keep with next paragraph” and “keep lines together” in order to keep headings from appearing as the last line of text on a page.

Style Area

Instead of viewing Styles in a pane, users have the option to view in Style Area. To set up this feature, go to the File tab, Options, Advanced, Display, bringing you to the option “Style area pane width in Draft and Outline views” – insert a measurement like 0.7.”  To see the Style Area in the left margin, you must be in Draft or Outline View.

Creating your own Style

To create a new Style in Microsoft Word, go to Styles Pane and select “A+ New Style”. From there, fill in the details, such as naming the style, select the style type as paragraph, style based on normal, and style for following paragraph. Then format the font, paragraph settings, and more.

Multilevel Numbering

To begin working with multilevel numbering, select the Multilevel List drop down located in the paragraph group in the Home ribbon.  From the List Library, select a list that closely resembles the type of multilevel numbering you want to add to your Heading styles.  Open the Multilevel list drop down again, and choose Define New List Style.  Name the List Style, click Format and choose Numbering.  Format each level of numbering and link to the respective Heading style.  Be sure to watch the video for more details on formatting multilevel list numbering.

Table of Contents

If you applied heading styles to all headings throughout your document, you can generate a Table of Contents with a click of a button.  Place your cursor in the exact spot where you want to insert the Table of Contents, from the References ribbon, click the drop down in the Table of Contents button, and choose Custom Table Contents.  Users have the option to change the formatting of table of contents, by selecting and modifying “TOC Styles”.  As a reminder, the “use hyperlinks” setting is turned on by default.  Click OK to generate the Table of Contents.

Moving Forward

You can easily add the styles you create or modify into the template the document is attached to, so you have access to these styles in new documents moving forward.  When modifying or creating the style, tick the “new documents based on this template” box.  Another tip Baker mentioned was, do not select the “automatically update” button for styles because anytime direct formatting is applied to a word or paragraph, that formatting will be added to the style that word or paragraph is in.

For additional tips and tricks on the software programs you use most, register for an upcoming webinar.

Tips and Tricks – Microsoft Word Track Changes and Document Comparison

Recently, the Afinety University Webinar Series looked at “tips and tricks” regarding the track changes and document comparison features in Microsoft Word. Led by Diana Baker, Afinety’s Macro Developer and Trainer, the webinar covered best practices when tracking changes, options for markup and displaying changes, printing with or without markup, and features when comparing or combining documents in MS Word. Diana’s background in the legal field allowed for great insight and practical tips that can be easily applied when working with legal documents.  Here’s an overview of a few of the key features, but you’ll want to watch the webinar for a full walkthrough.

Getting Started with Track Changes

For quick access to turning the track changes feature on or off, there is a shortcut key, “CTRL+ Shift + E”.

One of the most common complaints about track changes is many say they are unable to see changes that have been made, especially when using an upgraded version of Microsoft Word. When opening a document that contains tracked changes, the default Display for Review is set to “simple markup”. Simple markup displays a red line in the left margin, letting the author know something has changed within that paragraph, although it doesn’t show the specific changes. In order to see the specific changes, it’s really as simple as clicking the drop-down in the Display for Review field and selecting the “All Markup” option.

Track Changes with Multiple Authors

If a document has been modified by multiple people, changes will display in a different color based on which author made the changes. Selecting the option, “show revisions in balloons”, displays the name of the author together with the author’s respective changes. Users can easily display the document showing a specific author’s changes using the “Specific People” option in the Show Markup settings.

Advanced Options

The Track Changes Options dialog box contains various options that control what edits show in the document, what shows in Balloons and a choice to have the Reviewing Pane on or off.  The color and format of inserted and deleted text can also be changed in the Advanced Options.

Protecting Track Changes When Collaborating on a Document with Others

In order to make sure Track Changes is kept on when collaborating on a Word document, the document can be locked with a password.  This will prevent others from turning Track Changes off.

Warn Before Printing, Saving or Sending

Since Word allows users to view a document in original or no markup mode, in which case it does not display tracked changes, it is not uncommon for users to be unaware of the fact that they are tracking changes or that changes have not been accepted or rejected.  Alerts can also be set up when starting to save or send a document that contains tracked changes.

Printing with Track Changes On or Off

Users have the option to print with or without tracked changes on their document.  Set the Display for Review to “No Mark” to print the document as if all changes have been accepted.  Set the Display for Review to “All Markup” to print the document with the Tracked Changes.

Differentiating Between Comparing and Combining a Document

The difference between the compare and combine features has to do with the two documents being worked on. For example, the “Compare” feature would be used to compare two files that do not have track changes turned on.  The “Compare” feature will note changes between the two files as “tracked changes.”  The original document is compared to a revised version of the document.

The “Combine” feature would be used to compare two documents that do contain tracked changes.  As an example, let’s say you made some changes to a document and tracked those changes.  Then, the document is sent to another person, and that person makes changes and tracked them.  There are now two versions of the document, each with their own tracked changes.  The “Combine” feature would be used to view a document that combines all tracked changes.

Comparing a Word Doc to a PDF

Comparing a Word Document to a PDF can have some challenges. This is partly due to the styles in a particular document. Word takes the PDF and puts it into an editable Word document. The resulting comparison of the original Word document and PDF that was converted to Word, will show all styles in the original Word document as formatting changes.

For additional tips and tricks on the software programs you use most, register for an upcoming webinar.