BRIEF EDITORIAL NOTE:
Today is June 4, 2020, and I write to you during a tumultuous time in American and global history. We are six months into 2020, and we are now dealing with two global crises at once: a worldwide pandemic killing off hundreds of thousands of vulnerable human beings on a scale unprecedented since perhaps the Spanish flu, and a cross-border human cultural/racial/moral movement for a vital community and people of this earth to be seen and heard and treated with the respect they so desperately deserve. It feels wrong to even pen this article as all of my attention and heart is invariably directed toward the pain and anger of our community which has been left behind for so many generations, and continues to be the victim of systemic abuse by the powers that be. But alas, COVID-19 is not going away just because another worldwide event is happening at the same time, and thus I will briefly post the below updates in case anyone is seeking the information.
Table of Contents
The Need for Digital Solutions
Ever since the introduction of COVID-19 into our economy, businesses have been forced to take a hard look at their operational abilities and ask whether they are prepared to operate in a digital environment. It is no secret that COVID-19 is wildly contagious. People are rightfully choosing to avoid human contact, but are still in need of goods and services. This puts some businesses in a difficult position because by nature it is impossible for them to operate without human contact. However, for most other businesses, there exists a “gray area” where it is possible to convince customers they are providing real value through digital-only mediums, but in the end the customers are not getting what they signed up for and the business owners are still getting paid. They keyword businesses are after: “virtualization.” If you can tout your business is “virtualized” and that you need not require physical presence to operate, you immediately have a leg up on the competition. But are all virtualizations the same?
Not All Virtualizations Are the Same
Simply put, no, not all virtualizations are the same. To most people, including business owners (more than you may think), information technology presents a “black box.” They do not understand IT, and thus they do not know what they do not know. To them, having an ability to correspond with customers via email and perhaps even being able to take calls from home equals “virtualization.” Maybe they’ve even figured out a remote-desktop solution to help them connect to their machines from home.
Good, but not good enough.
Semi-Virtualized vs. Fully Virtualized
The first question when measuring a business’s digital operating ability (DOA) (acronym is made-up, but we will go with it from here) is whether it is the sum of a few gimmick features that still ultimately require the physical presence of the client/customer at some point, or whether the business is truly fully virtualized. For example, let us assume you are a law firm and you advertise that you have “gone digital” for COVID for your clients. Let us assume that you interface with your clients via email and phone, and collect information via email attachments and fax. But then, let us assume that for meetings and/or document signatures you still require clients to come into the office as you do not yet have a solution for electronic signatures or virtual conferences. In this case you have not gone digital and you are misleading your clients.
The need for digital infrastructure in COVID-era times is based on goal of safety and can be the difference between life and death. A fully virtualized practice should enable its clients to complete the case steps, start to finish (except those that require physical presence by law (assuming any such laws have not already been temporarily modified for COVID times)), without ever requiring the clients to put themselves in harm’s way. This means the firm should know about and incorporate whatever technologies required to mitigate the need for in-person services.
Virtualization without Attention to Security Hardening Principles
The second question, and depending on the context, the more important question, is whether the business has any understanding at all of industry best practices in securing its infrastructure. This issue worries me more than anything because as a lawyer I can tell you that our profession is self-selecting and most people who choose to pursue legal studies are not technically minded. Therefore, if you were to ask them about basic security concepts such as public-key cryptography (something you use every day without even knowing it every time you access a site over HTTPS), they would give you a puzzled look and likely respond with a stupid joke about how he/she is a lawyer, not a programmer.
But the joke is ill-informed. Indeed, it is more important than ever for attorneys to understand basic computer programming and fundamental IT security. We are tasked with handling our clients’ most sensitive information, often including their protected health information (PHI) and other sensitive details of their life which could be devastating to them if disclosed publicly. When we operate in a physical office with physical paper, it takes no technical understanding for us to know that a single piece of paper locked away in a secured filing cabinet in an office with security is likely secure. But if that piece of paper is a Word document on your laptop, are you so sure it is just as safe? Why, because your Windows machine has a password? Let us assume you are not worried about someone physically accessing your machine, but that you have Microsoft Remote Desktop set up and you use it to access your machine remotely… are you familiar with any of the well-known security vulnerabilities associated with exposing port 3389 to your WAN? Or what about emails? Did you know all emails are sent in plain text unless the contents themselves are encrypted separately (e.g., PGP, etc.)?
If a law firm is going to advertise itself as offering digital services, it is absolutely imperative that their systems are secure, backed up, and that the attorneys themselves understand the technology that underlies their infrastructure. Law firms are frequently the targets of ransomware attacks, and are easy targets because of the valuable data they hold, the prevalence of haphazardly constructed software infrastructures (often the combination of disparate softwares interacting with each other with root access using simple passwords), and the non-technically minded attorneys who make up such firms. With all of these things combined, such an attack could not only capsize a law firm, but could also result in serious financial and/or reputation harm to its clients.
A Practice Built for the Digital Era
If you cannot tell already, the point of this article is to stress how our firm, MANGAL, PLLC, is different. I am our founder, and I am the author of this article. (I also built this website.) Our practice has been designed for the digital era from the ground up, because these topics have been important to me since before I was an attorney, and thus, well before COVID-19.
- 100% Virtualized — If a Client wishes, he/she can conduct their entire personal injury case with our firm without ever having to step foot through our door. Every step ordinarily performed in-person has a digital analogue that lets you accomplish the same task from the comfort of your own home. All documents can be filled out digitally, all signatures can be signed with your finger on your smartphone, notarizations take place via webcam, and conferences with me and our team can happen via phone, SMS, email, or webcam.
- Secure Communication — To the extent possible, we do our best to keep our emails secure. Plaintext emails are unavoidable because encryption technologies such as PGP, while ancient, are still not widely used even today, especially in the legal profession. But, to whatever extent we can, we do try to protect our clients’ information from the main players such as Google and Microsoft by hosting our email on ProtonMail. For the most part, however, when possible we keep all sensitive communication off of email anyway.
- Paperless Practice — Faxes and mail are unavoidable in the personal injury space, but we are better at protecting digital data than managing voluminous paper records which require physical security. Thus, unless an original document is required to be kept for legal reasons, we have a firm-wide policy of scanning into our systems any and all physical paperwork that comes through our office and then immediately shredding what is not needed. This ensures that clients’ information is protected at all times, whether we are in the office or not (especially because of COVID).
- Self-Hosted Client Data — We do not utilize third party services to host our company data such as Dropbox, Google Drive, etc. Instead, we self-host our data in our own private cloud (based on Nextcloud) which we backup on our own drives, all operating in separate physical locations all of which are owned and controlled by us. In other words, we are in control of our clients’ data, NO ONE ELSE. We believe in digital security and privacy and are familiar with the controversies surrounding indexing of corporate data on mainstream clouds. Therefore even if we lose out on some gimmicky features offered by Dropbox or Google Drive, we prefer the safer route.
- Proprietary Case Management Software — Almost all modern firms rely on case management softwares to organize, track, and process their cases. Most, however, do not build the software themselves. We at MANGAL, PLLC use a platform that we custom designed ourselves to handle our cases. Our unique expertise in this area allows us to mold our platform to our most unique needs thereby allowing us to deliver better service to our clients. We process personal injury cases with better efficacy and are experts at tracking and calculating all sources of damages; and our PIP practice is faster than any of our competitors because we process medical claims with pinpoint accuracy at speeds only possible through the use of sophisticated document automation.
Based on Debian GNU/Linux
We are proud to say that we are a completely Linux-based law practice. All of our servers and workstation machines, whether attorney or paralegal, use Debian GNU/Linux, and any time we are required to connect to our machines remotely we use SSH with key based authentication. Though we have not managed to completely switch to FOSS (free and open-source software), we are always keeping an eye out for production-ready open-source alternatives to our proprietary software packages. (If you ever hear of any good ones to replace Adobe Acrobat Pro, please let us know!)
MANGAL, PLLC Is Open and Ready to Serve You
COVID or not, our office is open and ready to help you with anything you need. Call or text us at (352) 995-9945, or email us at Team@LawByYourSide.com. Whether you were involved in an auto accident or a slip and fall or any other kind of injury to your person, contact us right away so we can help you get the compensation you deserve. If you are able and willing, you can even conduct your entire case with us remotely from the comfort of your own home. And if you prefer an in-person experience, well that is fine too, come to our office whenever you would like and speak with me directly! I am looking forward to meeting you and thank you for reading this article.