A KENO KOZIE PUBLICATION2016 | EDITION 1

INSIDE:• Small Firms Need Security Too!

• Information Governance: A Holistic Approach to eDiscovery Cost Cutting

• Project Management is Essential to Project Success

Providing IT Solutions for More Than 25 Years

• • •

To talk with a Keno Kozie expert, please contact info@kenokozie.com

Thank You

Named Best IT Outsourcing Provider by The National Law Journal, Best of LegalTimes

Awarded 1st Place for IT Outsourcing by The National Law Journal

Recognized as Leading IT Outsourcing by The National Law Journal

Awarded 1st Place for IT Outsourcing by The National Law Journal, Best of Chicago

3KenoKozie.com

INSIDE:Email Security Advisory: Office File Macro Threats Delivered by Email

Small Firms Need Security Too!

Disaster Recovery Planning 101

Information Governance: A Holistic Approach to eDiscovery Cost Cutting

How to Best Manage a Successful Matter-Centric Refresh

Project Management Is Essential to Project Success

Creating a Smarter Law Firm

4

71013

16

18

20

Winter is ending and warmer weather is right around the corner! I guess for some this might foreshadow hot, humid days, but here in Chicago, spring is always welcome. That said, things are so busy at Keno Kozie that we sometimes need to force ourselves to look out the window to recognize the changing of the seasons. It’s very interesting: the economy swings up and swings down, but our clients seem to be consistently busy and always pushing forward—implementing new technolo-gies, upgrading environments, and always providing better, faster, and more sophisticated service to their clients. Obviously, we love this activity; our engineers and analysts thrive on learning new technologies, completing interesting projects, and working hand-in-hand with our valued clients. In this issue of IT Insights, we continue to explore perti-nent topics in the law firm IT world. Imraan Bhatti, Keno Kozie’s director of litigation support, continues his series of discussions on managing eDiscovery and its associated costs. Eli Nussbaum and Nic Samodurov review security measures for smaller law firms, and individuals represent-ing our vendor partners, iManage, Acronis, TutorPro, and Mimecast, share valuable information on disaster recovery, client education, document management, and email security. We’re very excited and optimistic about 2016, and we look forward to working with you. As always, please reach out if you have any questions, concerns, or thoughts regarding Keno Kozie services or technology in general!

Thanks! Have a great 2016.

Letter from the President Barry R. Keno

4 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

Mimecast has recently detected a sharp increase in the use of Microsoft® Office™ document VBA Macros as a mechanism to deploy malware to target hosts, reinforcing an upward trend in this tactic during the last 12 months.Cyber criminals and hackers are using the Visual Basic for Applications (VBA) macro functionality built into Micro-soft Office (Word, Excel, PowerPoint, etc.) documents to bypass traditional signature-based anti-malware detection and download malware to an end user’s computer when the user runs the file. Typically, attackers use the Microsoft Office Word “dot doc” (.doc) file format, which, while no longer supported, remains a file type Office applications recognize and open. Cyber criminals and hackers are emailing these weapon-ized attachments to their targets as normal email attachments. Macros are the easiest way to weaponize an attachment but are only one of many types of attachment threat. The attachments, containing a macro, are not malicious in themselves but function as the downloader or dropper for the actual malware, which the macro downloads automati-cally when the end user runs the file or enables the macro. This tactic first surfaced in the late 1990s, used by successful macro viruses such as Melissa (or the

ILOVEYOU virus) and Love Bug. Microsoft effectively hobbled the threat as a result of these viruses, which forced hack-ers to consider other tactics. Today, the threat has returned as hackers turn to weaponized attachments combined with social engineering to aid their success with malware. Malware such as Dridex, Shifu, Bartallex, and Adnel demonstrate this threat well.

VBA macros are disabled by default in most modern Microsoft Office applications, such as Office 2010, 2013, and 365, with “Protected View” (see figure 1). However, older desk-top versions (Office 2000, 2003, and 2007) do not enjoy the same protection. Network administrators may also enable macros across their Office applications for ease of use, lowering the security as a result.

TARGETING SUMMARY How a Macro Works Macros provide an embedded code or program that acts as a legitimate mechanism to automate many of the routine and repetitive tasks in an Office document. Power users of Microsoft Word and Excel, such as finance teams, use

Figure 1: Office 2013 Macro security warning

EMAIL SECURITY ADVISORY:

Office File Macro Threats Delivered by Email

5KenoKozie.com

macros frequently to process large amounts of data or auto-mate tasks within those documents. A macro, when run, can perform many tasks automati-cally within an Office document; it is this functionality that cyber criminals and hackers are using to automate the down-load of their malware from within the Office file itself. These “weaponized attachments” use the macro functionality, often without the end user’s knowledge, to infect the host.

Malicious Macros as Weaponized Attachments Email has become the attack vector of choice, allowing attackers to reach many victims easily and cheaply, propa-gating their weaponized attachments through spam botnets primarily but also using compromised Web pages and drive-by downloads. Attackers have quickly learned the techniques email security vendors use to detect their payloads and change their tactics frequently, as well as obfuscate the code within the macro using special CTRL (control) charac-ter conversion and encryption to avoid detection. Weaponized attachments pass through normal (non-sandboxing) anti-malware gateways because the attach-ment behaves as a normal document and does not present any viral payload, malicious code, or signature-able content. Code obfuscation within the macro enables the attackers to hide the links used to download their real malware and further avoid detection. This is a direct response to the use of malware signatures by security software.

ATTACK ANALYSIS Macros Combined with Social Engineering Because of the early threat from macro-related malware during the 1990s, Microsoft took steps to remove the “auto-run” functionality from macros and required end users to enable or run the macros themselves. This strategy effectively removed the malware problem in macros for the next 15 years. More recently, as cyber criminals and hackers have discovered the effectiveness of social engineering, they have also learned to combine this with a new breed of macro-enabled malware. The result, to the end user or victim, is an innocent-looking but convincing email and attachment urging the user to open and run the macros. Tactics include encouraging the end user to enable macros within the Office document. The image to the right (figure 2) is a well-publicized example of the typical social engineering attackers use. Other examples noted by Mimecast include less obvious attachments claiming to be shipping documentation, Apple Store receipts (figure 3) resumes, sales invoices, fax notifications, payment requests, denied wire transfers—all fake, of course.

The resulting infection caused by the downloaded malware can serve a variety of purposes. Shifu, as an example, borrows techniques from other Trojans, such as Shiz, Zeus, Conficker, Vawtrak, and Dyre, as well as a destructive capa-bility that can render the host inoperable. Techniques include: • Collecting data such as passwords, auth tokens, any

cleartext credentials (e.g., FTP), certificates, files, and bitcoin wallets

• Capturing keyboard inputs through keyloggers and captur-ing screenshots and webcam images

• Harvesting data from point of sale (POS) systems and banking platforms or websites

• Creating local copies of itself and acting as P2P or C&C control nodes for a wider botnet or malware network

• Destroying files and the resident OS, as well as avoiding AV and other malware

Figure 3: Example of Apple Store Receipt

Figure 2: Example of social engineering within an attachment

Continued on page 14 ...

6 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

7www.KenoKozie.com

As a small or midsize law firm, you might think you are less vulnerable to security breaches, but taking the proper steps to secure data is just as important for the smallest firm as it is for the largest. Here are some low-cost (and no-cost) ways to bolster your security.

PASSWORDSA critical first step in protecting the security of your firm’s assets, and one that few firms actually implement, is to force regular password changes and require complex passwords. Many small firms provide new users with a simple password (something as basic as “password1”) and assume the user will change it, but often the change does not happen. Password changes can frustrate users, but requiring this inconvenience provides great value to the safety of a firm’s information and reputation. Firms can administer this process easily by automating required password changes every 90 days, for example, at little to no cost. Despite some individuals’ resistance to change, it is better to explain a password policy internally than to explain the lack of one after exposing a client’s data externally. In addition to frequent changes, making passwords complex ensures these network “keys” are difficult to guess or crack using brute force attacks. One way to identify complex, secure passwords is to use a pass-phrase, such as, “I was talking to Jim this morning,” with proper punc-tuation and capitalization. A pass-phrase can be easier to

Small Firms Need Security Too!

Reprinted with permission from Peer to Peer Magazine

8 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

remember while being extremely complicated in its struc-ture and more difficult to crack. Users should also have unique passwords for every website they visit. For those averse to employing unique passwords, encouraging the use of different passwords for various functions (company accounts, bank accounts, social media accounts, etc.) is a step in the right direction. In a recent example of how problems arise from sharing passwords, Mozilla, maker of the popular Firefox Web browser, was hacked due to a super-user using the same password on multiple websites. After his account information was exposed on one site, hackers used the same user-name and password to get into Mozilla’s internal network. The attackers stole information related to 53 critical security vulnerabilities within the browser. Then they used at least one of those flaws to target users of the Firefox browser.

TWO-FACTOR IDENTIFICATIONThough passwords offer obstacles to undesired access, they confirm only that a user knows the access code, not that a user is who he/she claims to be. Two-factor authenti-cation provides greater user validation and limits the ability of users to share their passwords (another major no-no). This security methodology, which is in ever-greater use within the financial industry, requires two pieces of informa-tion for access to sensitive material:

1. Something you have, such as your phone or a dongle to receive a temporary passcode

2. Something you know, such as your password

Requiring two-factor authentication mitigates the risk that a lost or compromised password exposes in your environ-ment, further guarding against an imposter gaining network access. RSA’s SecurID is one of the oldest and best-known products that support this functionality, while solutions like Duo Security and Google Authenticator can be more economical. Microsoft uses Google Authenticator to secure its data when users connect to the Microsoft Cloud.

INFORMATION ACCESSThe next step is to create an environment that offers users access only to the information they need. It is important to weigh simplicity against restricting access only to those who require it for their job responsibilities. Many small firms have their file and folder structures wide open, allowing different departments to view each other’s data. Accounting, para-legal, administrative, attorney, and records management personnel have entirely different data requirements and do not require regular access to each other’s data. By having the firm’s information open to everyone, you expose your data to greater risk. If, for example, a single user is infected

with malware or ransomware, it can affect everyone’s data across all departments. By limiting users’ access at the file and network levels, your firm can diminish the reach of any user or malware that might compromise it, either maliciously or accidentally. Many firms have experienced CryptoWall or CryptoLocker infections within the last few years. These ransomware variants exploit a user’s rights and mapped network drives to identify and then encrypt files to elicit a ransom. While a good backup routine allows firms to recover data from the most recent backup, reducing user access mitigates ransomware’s ability to affect the data. More firms are limiting the number of mapped drives to further reduce the attack vector of this risk; however, there is no guarantee the next variant of this product will not seek data the user has permission to access using other methods. By limiting each user’s data access, firms can minimize the impact of an infection, reduce recovery time, and increase the firm’s ability to provide quality services to clients.

TIME-SYNCHINGAdditional contributions to a firm’s security include having centralized logging and synchronizing the time on all network devices. If there is a breach, your security staff can review the logs to see everything that has happened or is happening in one place and in sequential order. Your fire-walls, switches, servers, and Wi-Fi access should all have time-synching and logging capabilities—you just need to configure them.

WI-FI ACCESSDo not forget about your Wi-Fi! People often forget Wi-Fi is not as secure as physical wiring. Unlike most systems within your network, Wi-Fi allows people not physically inside your environment to access your system. If your firm has inter-nal Wi-Fi, you should secure it and set up access logging. Internal Wi-Fi should require authorization, and every user should have a unique login. In an optimum scenario, you would not have an internal wireless network. Consider instead a limited public Wi-Fi option situated outside the

Every firm has unique functions, equipment, and systems to consider when shaping its approach to security. IT security is an active process that requires regular attention and consideration.

9KenoKozie.com

firm’s firewall on the public Internet. This Wi-Fi, available to guests, clients, and internal users, is similar to Wi-Fi access at Starbucks. Authorized users can use virtual private network (VPN), certificate-secured Web mail, or remote desktop solutions to access secure internal systems without increasing the risk footprint of the firm’s Wi-Fi network.

ANTIVIRUS AND FIREWALLSFirms often overlook the need to verify their antivirus programs are up to date and looking for more than viruses. “Virus” is now a common term for many types of malware and attack vectors—virus, ransomware, malware, directed attacks—and you must protect your firm from all these threats. Directed attacks include spear-phishing, which is on the rise and comprises targeted email messages and/or phone calls that intend to elicit a social response by appearing to come from someone the user knows. Recent examples include:

• Finance directors received email messages from their managing directors requesting they share information with a third party.

• A CFO received a request from the president of the firm to wire money to a specific account.

These spear-phishing requests often include the name, phone number, and email address of the person with whom the user is to communicate, and sometimes a phone call follows the email. The attacks are targeted and rely upon the users’ instincts to react to their superiors’ directives. Only a critical eye will keep your users and firm from falling prey to these attacks. Firewalls have also evolved to become more aware. They are capable of extensive scanning, detection, and classification of traffic to better determine what should be exiting and entering your network. These next-generation firewalls allow for rapid protection of your network from new and emerging threats. Instead of simply allowing or not allowing traffic, newer firewall technology allows for real-time inspection of traffic and identifies malicious traffic that previously would have passed through.

PHYSICAL SYSTEMSSecurity is necessary not just for your online activity and data but also for your physical systems. Can someone walk up to your server and pull out the hard drive? You might want to implement biometric locks on your server room. These locks have reduced significantly in price and enable access logging and quick access changes. Another option is adding locks to server rooms and changing them regularly. One alternative would be to move the firm’s servers and storage outside the office into a co-location facility that has:

• Fully managed security and access control• Redundant heating and cooling• Protected electrical systems that include backups and

generators with extended runtimes

EDUCATION AND WORKING TOGETHERThere are tools to minimize risk, but firms must educate users on proper browsing habits. For example, users should not click on a link if they do not know who sent it, and they should not click on an “efax” if their firm has no internal email-enabled fax system. Firms must help their employ-ees be safer and less risk-prone. Consistent and recurring user training is the best way to remind everyone how to help protect the firm. Security is not an isolated function within the modern firm; end users, IT, operations, and human resources must work together to keep the firm secure. Users must be dili-gent and understand they have an obligation to protect themselves and the firm’s network. The firm must know the location of important data on the network and the method of protection. A commitment to this level of knowledge is about more than technology; it is good business practice.

GET STARTEDEvery firm has unique functions, equipment, and systems to consider when shaping its approach to security. IT secu-rity is an active process that requires regular attention and consideration. Recurring evaluation of your firm’s security and technology will ensure these efforts stay aligned with the requirements of supporting your business. If all this seems overwhelming, remember this is not an overnight change. You do not have to do it all at once! Get started, find some traction, and keep re-examining your security tools and processes to find ways to improve over time. Start by changing your password when you finish reading this article! n

Eli Nussbaum is a Managing Director at Keno Kozie Associates. He joined the firm in 1998 as part of its Y2K audit team. He then shifted to full-time engineer and has held every position within the department. During Eli’s tenure with Keno Kozie, he has focused on physical, virtual, and Cloud infrastructure design and implementation for both client and desktop environments.

Nic Samodurov is a Senior Consultant at Keno Kozie Associates and has been involved in designing, building, and managing IT infrastructures for more than 16 years. His IT management and implementation experience includes working with many local, national, and international legal firms. His security emphasis includes information security governance, systems auditing, and forensic analysis. Nic has completed certification exams for the CISSP, CISA, and CISM.

ILTA first published this article under the title “Security, Up High and Down Low” in the Winter 2015 issue of its publication Peer to Peer. IT Insights reprints it here with permission. For more information, visit iltanet.org.

10 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

INTRODUCTIONBusinesses rely heavily on technology, and technology disruption for a few days or even a few hours can result in significant financial loss. According to an ITIC survey, more than 95 percent of large enterprises with more than 1,000 employees say that a single hour of downtime costs their company more than $100,000 per year on average. According to another study, by Emerson Network Power and Ponemon Institute, the average cost of data center downtime was $7,908 a minute in 2013—or $690,204 per outage. In addition, 91 percent of data centers experienced an unplanned outage during a 24-month period. If your company is small to mid-size and does not have a sizeable data center, your organization might be at an even greater risk. According to the Institute for Business and Home Safety, an estimated 25 percent of businesses do not reopen following a major disaster.

place to ensure that mission-critical functions can continue during and after a disaster. A business continuity plan not only comes into play during times of disaster, but also when other unforeseen events occur, such as a major security breach, illness or death of a company executive, pandemic, civil unrest, etc. A disaster recovery plan is a sub-component of your business continuity plan. It outlines the process, policies, and procedures to prepare for recovery and continuation of the business and infrastructure operations in the event of a power outage, equipment failure, fire, flood, or other disrup-tive incident. An IT disaster recovery plan is a major sub-component of your business continuity plan and disaster recovery plan. It is an outline that defines the steps to continue IT operations and resume IT systems, including the network, servers, desktops, databases, applications, and any other component of the IT infrastructure. Your disaster recovery plan should include the following steps:

• Establish a planning group• Perform a risk assessment and prepare an

inventory of IT assets

DisasterRecovery Planning

If you do not have a disaster recovery plan in place, your company could be a statistic.

Your ability to develop a comprehensive plan to prepare for potential disasters will minimize disruptions and help you maintain normal business operations. In this article we will discuss:

• Why you need a disaster recovery (DR) plan• What a disaster recovery plan is and how it is different

from a business continuity plan• What you need to include in an effective

disaster recovery plan• How to avoid five common disaster recovery mistakes

IT DISASTER RECOVERY VS. BUSINESS CONTINUITYA business continuity plan is a roadmap that “describes the processes and procedures an organization must put in

11KenoKozie.com

12 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

• Establish priorities• Develop recovery strategies• Develop documentation, verification criteria,

and procedures• Test the plan• Implement the plan• Maintain the IT infrastructureYour plan should address all aspects of your infrastructure and provide a step-by-step response process.

EVERY ORGANIZATION NEEDS AN IT DR PLANDisasters come unannounced, which is why it is important to get an IT DR plan in place as soon as possible. A fully functioning plan will help minimize risk exposure, reduce disruption, and ensure economic stability, as well as reduce insurance premiums and potential liability. Most important, a well-executed plan can save your organization thou-sands—even hundreds of thousands—of dollars in the event of a disaster. To determine how much a disaster can cost your orga-nization, consider the cost of system downtime—the impact on employee productivity, loss of billable hours, missed sales from a down ecommerce website, and penalties for failure to meet regulatory compliance obligations. Data is a valuable asset—customer data; financial, human resource, and R&D documents; and emails are all irreplaceable. Each document represents minutes or hours of work, and retriev-ing it is essential. In a worst-case scenario, your disaster recovery plan may save your company.

AVOID THESE COMMON DISASTER RECOVERY MISTAKESRecovering from a disaster is never easy, but with the right plan, you can restore your systems—and peace of mind—with as few missteps as possible. Avoiding these five common mistakes will help make your disaster recovery solution a success.

1. Focusing on single IT technology, like SAN to SAN Replication. Single technology will rarely address all types of disaster recovery needs. An effective solution will provide your organization with flexible options for disaster recovery. Be sure to take the following consider-ations into account as well:

a. Virtualization environments b. Application-specific agents c. Snapshot storage requirements d. Server activation and documentation e. Backup and recovery

2. Remote Co-location/Location Choice. Choosing a disaster recovery location is critical to the success of any DR project. When choosing a location, make sure it is not too close to your production site and is capable of remote activation in the event of an emergency. Not all facilities are the same, so check to make sure that your facility is in line with all governance, risk, and compliance stan-dards. For example, facilities should be SSAE 16 SOC Type II certified in the United States and ISO/IEC 24762 certified in the United Kingdom.

3. Hardware/Software Drift. Your disaster recovery site represents a working replica of your production envi-ronment, and, as such, you need to maintain it on an ongoing basis. Be sure to keep software licenses, patch levels, and upgrades in sync. If you decide to use old hardware, be sure to calculate the extra maintenance costs necessary to keep the DR hardware up to date and in parallel with your production site.

4. Failed Testing. Designing a disaster recovery testing scenario can be a project in itself. If your test fails, you need extra time to analyze the failure and design a solu-tion, so be sure to take that into account. Evaluate these costs when deciding whether to create your DR solution in-house or outsource it to a disaster recovery provider.

5. Underestimating Resources. Even if you have a talent-ed IT staff and enough resources to execute a disaster recovery plan, will these resources be available when you need them? Careful planning and frequent meet-ings help ensure access to your resources in the event of a disaster.

CONCLUSIONA disaster recovery plan can make the difference between bankruptcy and the survival of your organization. Consider the myriad reasons it is important to have a DR plan in place: minimizing lost sales, lost revenue, and disruptions to operations; limiting legal liability; lowering insurance premi-ums; and protecting your organization’s assets. Creating a disaster recovery plan is the first step toward protecting your company from natural and man-made disasters. n

Acronis sets the standard for new generation data protection through its backup, disaster recovery, and secure access solutions. Powered by the AnyData Engine and set apart by its image technology, Acronis delivers easy, complete, and safe backups of all files, applications, and OS across any environment—virtual, physical, Cloud, and mobile. Founded in 2003, Acronis protects the data of more than 5 million consumers and 300,000 businesses in more than 130 countries. With its more than 100 patents, Acronis’ products were named best product of the year by Network Computing, TechTarget, and IT Professional and cover a range of features, including migration, cloning, and replication.

13KenoKozie.com

taking a holistic approach to eDiscovery can lead to signifi-cant cost savings upstream by implementing systems and processes in the information governance phase of the EDRM (Figure 1).

Talk with any eDiscovery vendor these days and you will often hear about the various ways they can help cut costs related to the eDiscovery lifecycle. Most frequently, you’ll realize these cost savings during the processing and review portion of the litigation lifecycle (which, by the way, is also the most expensive portion of the lifecycle). They will steer you toward the latest and greatest, urging you to employ some version of Computer Assisted Review (CAR) or Tech-nology Assisted Review (TAR) to cull massive amounts of data without potentially having to hire hundreds of contract reviewers. Meanwhile, other vendors are coming up with ways to attract clients to their businesses and services by providing data processing functionality and storage at little or no cost. While these options may handle the problem of ever-growing data, you should not underestimate the impor-tance of information governance. Assisting your clients by

Figure 1

INFORMATION GOVERNANCE:

A Holistic Approach to eDiscovery Cost Cutting

What is Information Governance? Information governance involves using policies, proce-dures, processes, and controls to manage information, privacy, and regulatory compliance while mitigating risks at an enterprise level. In short, the goal of information gover-nance is to allow access to information in a secure and trusted fashion while minimizing risks and expenses to an organization or company.

Basic Examples of Information GovernanceOne example of information governance is the use of a corporate email system and the rules that govern the access and retention of emails. As basic as that sounds, the majority of eDiscovery costs involve reviewing emails and their attachments. Often, organizations do not have any sort of retention policy or mailbox size limits for their email systems, allowing mailbox sizes to grow indiscriminately. When the time comes to collect and review this data for relevance in an eDiscovery engagement, there is a greater amount of data to consider. Usually only 10 percent of the data is responsive to the issues of the dispute. Having a mailbox size limit forces email system users to focus on organizing the data better while limiting non-essential information. Additionally, a documented retention policy will enable the regular deletion of data not required by regulations while avoiding potential spoliation issues. The result is having less but more specific and organized data, allowing for more targeted and cost-efficient collection in that phase of the lifecycle, which, in turn, reduces costs in the processing and review stages, providing significant savings to your clients. Another way clients use systems to help integrate infor-mation governance into their organizations is by deploying

14 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

document management systems, such as FileSite or NetDocuments or even Google Docs, to better organize and secure access to important information and work product. A document management system provides a secure, uniform method of storing, sharing, and collaborating on everyday information within an organization. Many organi-zations still employ basic network-based shared folders for practice groups or departments that are open and available for all to access (unsecure) and often without any real best practices for saving locations, naming, and protocols. This non-structured data storage requires a broader collection, leading to much higher costs as you move through the liti-gation lifecycle. One last example of information governance is creat-ing, employing, and documenting a robust data retention policy for your entire information system and implementing the policy using documented processes and procedures. Certain types of data and information may have regula-tory requirements or preservation status, i.e., “legal hold,” that prohibit the deletion of such data for a predetermined timeframe. But you can delete or purge most other data on a regular basis without worrying about spoliation issues or sanctions from the court system. Having a documented data retention policy also helps mitigate risks associated with keeping data that could potentially be discoverable and adverse to the organization in the future. Finally, you can significantly reduce the IT (information technology) costs associated with storing, maintaining, and providing access to the data. In conclusion, implementing an information governance plan can help provide greater efficiencies, lower costs, and better mitigate risks. Keno Kozie Associates has the exper-tise and experience to assist with reviewing your client’s and your informational governance program and create, implement, and document a plan that suits your needs. n

Imraan A. Bhatti is the Director of Litigation Support Services at Keno Kozie Associates. With more than a decade of experience in the legal tech-nology industry, he has assisted a wide variety of law firms, ranging in size and scope from AMLAW200 firms to solo practitioner/boutique firms, with their litigation support systems, workflow strategies, and training initiatives. Imraan holds a master’s degree in computer science/M.B.A. from DePaul University and a bachelor’s degree in computer information systems from Kent State University. He also is a CEDS (Certified EDiscovery Specialist) and a certified trainer on multiple review technology platforms, i.e., Summa-tion and Concordance. During the past six years, he has provided hundreds of hours of training services to legal teams. Imraan has also been involved in speaking engagements within the legal community and has been a published author in Chicago Lawyer magazine and on FindLaw.com.

... Continued from page 5

EMAIL SECURITY ADVISORY:

Office File Macro Threats Delivered by Email

• Downloading additional modules, which are often task-oriented and specific to certain processes or services, for further data exfiltration

PREVENTION AND MIMECAST RECOMMENDATIONS Mimecast makes the following recommendations regarding weaponized attachments and macro-enabled malware: • Ensure all email attachments are sandboxed by an appro-

priately advanced email security gateway. Remember, non-sandboxing gateways are not able to recognize or signature macros, as the code is not a viral payload.

• Consider a secure email gateway that offers the capability to neutralize weaponized attachments or strip active code from all inbound Office documents by transcribing them into safe file formats.

• Ensure you do not enable macros by default across your Microsoft Office application estate and enable “Protected View” at all times.

• Consider disabling macros and VBA code in all but essen-tial applications.

• Train and educate end users to the changing nature of threats in email. Ensure they understand the risks to their inboxes and how to handle unexpected email and attach-ments. Confirm they understand the hacker’s tactics and how to recognize simple social engineering attacks.

• Consider automatically marking emails that have origi-nated outside the corporate network or contain an attach-ment from an external source.

• Always use the latest versions of Microsoft Office applications. Old versions, pre-2010, offer no protection against weaponized attachments. Ensure all installations are fully patched and up to date. n

Orlando Scott-Cowley is a Mimecast Technologist and Evangelist. Prior to joining Mimecast in 2006, he worked in the IT Security industry for his entire career, working with governments, businesses, vendors, and resellers, as well as in consultancy. Orlando’s evangelism for Mimecast includes writing and speaking for influential publications and events on a variety of topics including compliance, archiving, security, and continuity—in particu-lar, the emergence of Cloud and SaaS technologies.

15KenoKozie.com

Continued ...

16 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

As law firms’ IT organizations grapple with the emergence of the “new professional”—always connected, mobile, impatient, and with the knowledge and understanding of how to use technology—they encounter increasing user frustration and dissatisfaction with current systems. Users complain these systems are slow, look outdated, take too long to process some simple tasks, make it difficult to find documents, do not provide a great experience on the road, and so on. When facing this kind of pressure, organizations may sometimes think their best option is to look for an alterna-tive system. But often, those systems bring their own chal-lenges and limitations. Instead, IT professionals should ask themselves a few key questions:• Have I kept my system up-to-date with the latest

versions produced by my vendor? Has my vendor responded to many of these issues in newer versions of its products?

• Why are my users so dissatisfied? Is it the software? Or have I neglected to adapt or reconfigure and adapt the software to accommodate the changes in the work prac-tices of today’s professionals?

• What are the costs and risks of moving to a new system? Am I prepared to take on the expense of the new system implementation, especially if I don’t have confi-dence that another system will fundamentally address these issues?

The answers often demonstrate that the issue is not just the software. In our experience, it is not unusual to see a lag of one to three years between the vendor introduction of new product innovations and their appearance on the users’ desktops. While that may have been acceptable years ago, it is an eternity for today’s user and indicates many best practices and fixes that address key user dissatisfaction are simply sitting unused.

IT’S TIME FOR A MATTER-CENTRIC REFRESH. A matter-centric refresh is a comprehensive set of software and architectural updates and updated best practices that leading IT organizations are undertaking to better configure and deploy iManage to meet the needs and demands of today’s new professionals.

How to Best Manage a Successful Matter-Centric Refresh

The list below shows many ways to improve perfor-mance, user experience, and risk management by refreshing your iManage implementation. If you are not matter-centric, your first step is to implement a matter-centric working environment: a matter-centric working environment helps create a unified electronic matter file.

Once you decide to go matter-centric, the steps below can serve as a good guide to configuring your environment the first time, based on lessons from hundreds of organizations that have done so before you. The matter-centric refresh addresses three major areas of user frustration, which are highlighted below.

ADDRESSING USER FRUSTRATIONS IN THE WAY THE PRODUCT OPERATES. Users want search capability that works like they do—with faster performance of background tasks, easy file sharing, and a true mobile experience, among other things. Consider the following actions:1. Upgrade to iManage Work 9: Version 9 provides new

enhancements and addresses many challenges facing customers.

2. Simplify your matter/engagement folder structures: If you are operating in a matter-centric mode, odds are

17KenoKozie.com

that your folder templates are too rigid and detailed for today’s work practices.

3. Implement iManage Share: How can sharing files and collaborating with clients, colleagues, and external consultants be any easier than Box or Dropbox, yet still meet a firm’s requirements for governance and over-sight? iManage Share is the answer.

6. Enable an intuitive mobile experience: Making mobile professionals use a desktop emulation solution (like Citrix or Terminal Server) on mobile devices is the fast-est way to push them to use alternative, unsanctioned technologies.

7. Standardize on a customary Mobile Device Manage-ment (MDM) platform: Firms need to address security on mobile devices by acquiring an appropriate mobile device management solution. Once they select the MDM, they enable mobility.

8. Take advantage of the new hybrid security model: iManage Work 9 implements a more sophisticated secu-rity model that accounts for the need for professional services firms to drive ethical walls between sensitive matters. This new security management approach makes prohibiting access to sensitive matters for certain individu-als easier without compromising access to existing users.

9. Simplify and refresh your records policies: While requirements for compliance continue to increase, the best practices in information governance call for a simpli-fied record schedule, if it is to remain practical.

10. Encrypt sensitive content within iManage for HIPAA and other compliance: Professional services firms face demands from clients that request detailed infor-mation about their security practices.

IN SUMMARYA matter-centric refresh that includes implementing the latest version of iManage Work Product Management can move your organization from software that is out of touch with how users work to software that empowers your users to do great work and serve clients more comprehensively. Many firms have undertaken these refreshes with great results.

Sandeep Joshi is Vice President Global Channels and Sales Operations at iManage. He has held roles as Vice President of channel sales and alliances at HP and director of product management at Autonomy.

With iManage Share, you see and manage your Cloud sharing folders *(blue) within DeskSite or FileSite folder structures with full audit trails and security.

ADDRESSING COST OF OWNERSHIP AND KEEPING UP-TO-DATE WITH THE LATEST INNOVATIONSOrganizations are grappling with the increasing cost of ownership as upgrade cycles become shorter. As reposi-tories grow due to increasing communication volumes, the infrastructure required to support a high-performance SLA intensifies. Upgrades are expensive and time-consuming and require specialized skills.

Are you facing these challenges? Consider the following:

4. Move to the Cloud: The iManage Cloud provides a private Cloud instance of any or all iManage products. The iManage hybrid Cloud model enables organizations to maintain any selected amount of work product on premises, while taking advantage of the iManage Cloud for the majority.

ADDRESSING USER SATISFACTION WITH THE LOOK AND FEEL OF THE USER EXPERIENCEThe new professional is using technology in all facets of his/her life. Software that doesn’t look modern is a constant annoyance that contributes to lateral adoption and frustration.

5. Update the desktop with iManage version 9.3: Version 9.3 introduces a dramatically enhanced look and feel for DeskSite and FileSite. This new Windows 10/Office 16 look and feel has been optimized specifically to accom-modate high-resolution mobile devices, such as the Microsoft Surface 3 and 4.

18 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

A business considering changes to any aspect of its opera-tions has to consider a number of basic elements:• the problem or challenge to address• the proposed solution for that problem or challenge• the amount of time necessary to implement the solution• the individuals affected by the change• the budget for enacting the change

If the change involves technology, its level of complex-ity increases. To ensure implementation of your proposed change goes smoothly, it is essential today to have a proj-ect management plan in place. Your first step is to define your goals and each essential step of the implementation process. Further, you must identify how the process impacts everyone involved, whether they are implementing the proj-ect or on the receiving end of the project’s outcome.

PROJECT MANAGEMENT IS ESSENTIAL TO PROJECT SUCCESSTECHNOLOGY HAS ENABLED MANY BUSINESS FUNCTIONS TO BECOME MORE EFFICIENT, WHILE SIMULTANEOUSLY BECOMING MORE COMPLEX.

A key change in the role of project management is its necessity on smaller-scale projects. Twenty years ago, a small firm might not need a formal project management implementation plan because the project was defined and narrow in scope. For example, if a firm needed to acquire a word processing program, it was simply a matter of purchas-ing the software and training the team to use it. Today, all your systems interact with each other, and the impact extends beyond the product you are changing. The choices inherent in change and the breadth of impact on users is not limited to internal systems. A change in your word processor can create compatibility issues for sharing electronic docu-ments with those outside your firm’s environment. In another example, 20 years ago your firm bought a server for file storage, you connected all workstations to that server, and your work was done. Today, that server can be virtualized or in the Cloud, it interacts with your antivirus solution, your backup solution, your security solu-tions—what may seem like a small task actually has myriad potential conflict points that require due diligence to ensure there are not unintended consequences from your project’s implementation. Even a new phone system is far more complex than it used to be: previously, all you needed was a dial tone; today, phone systems integrate with a firm’s email system, cell phones, and videoconferencing function. So what does a good project management plan entail? To begin, start your project with a “small” fact-finding project that:

19KenoKozie.com

• Defines and clarifies goals• Defines timelines• Defines milestones and updates (or creates)

a project plan• Defines any budget or scope adjustments necessary• Identifies interested parties• Identifies potential pitfalls

As you fill in these blanks, make sure you create a written plan that all involved parties validate—the project manager, those handling the implementation, and those using the product or function when implementation is complete. The project manager must anticipate the possibility of change along the implementation path—components that seemed important at first might not be any longer. Items the team did not consider requirements previously might now have to become part of the project. The project manager must think about contingencies for obtaining additional resources, budget-ing additional funding, and accounting for additional time. Implementing a system change must not happen in a vacuum; you must have buy-in from all those affected by the change. Therefore, an important part of project manage-ment is testing, or piloting. Despite your best efforts, you are unlikely to anticipate every potential problem. If you don’t do your due diligence by testing in advance, your project may go off the rails. When building pilot groups, it’s important they comprise users from various business functions within your firm. If you pilot only with members of the litigation team, your estate team might find problems you weren’t testing or prepared for because they use the system differently. At the same time, when you pilot with diverse user bases, they must be willing to participate and recognize their role: they are pilot users, not production users. They need to understand their purpose, which is to identify potential issues, bring them to the implementation team to address, and, most important, act as cheerleaders for the project. The number of pilot groups depends upon the complexity of the user system and the change you are implementing. Having more than one pilot group can help you weed out a range of issues; however, it can also can drag out the process unnecessarily. Finding the right balance is impor-tant to the success of your project. Let’s take an example: you want to upgrade to Windows 10 and Office 2016. What steps should your project manage-ment plan involve?1. Identify your goals: What functions will these two systems

address in your operations that make this change impor-tant? Maybe it is collaboration functions that empower mobile users; how do you ensure that the function is

available in a new environment and functional for users to take advantage of?

2. Make sure your project fits your available budget. Have you defined a budget for this project, and/or does it pres-ent a direct cost savings that pays for itself? Make sure the result is a net gain, rather than a loss, for users.

3. Identify compatibility issues early. Do other systems in your operations support these new products? Do you have a mission-critical system, such as a document manage-ment system, that won’t support Office 2016? Only the most recent version of iManage supports Windows 10, but not Office 2016. If you are using an older version of iManage, you will have to consider upgrading your DM infrastructure and the possibility of an interim solution, such as Office 2013. This will allow the firm to benefit from features available in Windows 10.

4. Respond to pilot users and address potential pitfalls. As with item 3, the project manager must come up with solu-tions. If there are conflicts, do those validating the project think the change is not significant enough to continue with the project, or do you change other systems to make the project successful? Instead of letting conflicts act as roadblocks to completing the project, perhaps they are the impetus for making another change long in the making. To expand upon the DM example above, maybe your firm has a document automation tool that doesn’t support Office 2016. You’ve had it for 15 years and you’re not happy with it—maybe this is an opportunity to upgrade that tool.

5. Implement, refine, and be nimble. Even after the project is underway, and even with the best pilot group, you will find you missed something before deploying the change en masse. Be prepared to adjust while the project is in process, and do not assume you have thought of every-thing in advance.

All projects and change create stress and uncertainty. By properly planning for the change, you can mitigate these responses—define, refine, and train. Define the needs of the firm, the scope of the project, and the goals to ensure user adoption. Refine these definitions and plan for suffi-cient training to assure user adoption and acceptance. Finally, stay on track! Keep your project on schedule and budget, and you will be well on your way to a successful project! n

Eli Nussbaum is a Managing Director at Keno Kozie Associates. He joined the firm in 1998 as part of its Y2K audit team. He then shifted to full-time engineer and has held every position within the department. During Eli’s tenure with Keno Kozie, he has focused on physical, virtual, and Cloud infrastructure design and implementation for both client and desktop environments.

Disruption or distraction? Technology change is outpacing our ability to update skills quickly enough to keep up. In legal, the skills conversation typically focuses on lawyers and legal workflows. However, no one working today is immune. Every department in your firm is facing deep changes within their areas of expertise. It is time to elevate the conversation and talk about the critical need to place more emphasis on talent development and enhance learning skills for all legal professionals. Some experts suggest the impact of technology is creating a massive restructuring of our economy. To thrive, firms must develop the ability to learn hard things quickly. This will be a challenge when lawyers face the constant distraction of email and instant messages and support staff job descrip-tions include skills like “multitasking” and “ability to manage constant disruptions.” But the challenge is worth it. The latest research from Towards Maturity, a UK-based nonprofit research organiza-tion with a focus on the impact of learning technologies, reports 70 percent of workers think learning has a positive impact on job performance. To face the challenge, firms must embrace learning as a highly valued skill and consciously make time for it beyond today’s continuing legal education programs (CLE). The responsibility to create a learning culture should not rest on the shoulders of HR, professional development, or technol-ogy training departments. It is the responsibility of everyone at every level. Here are several ways to meet the challenge.

GET TO KNOW THE REAL BUSINESSThe first step in building a learning culture is understand-ing the business. The goals and objectives of the business should not stop at the management level. Organizations that support learning share information about the business, and people at all levels understand the current business vision. Of course, organizations that have strong learning cultures include talent development objectives as strategic business goals.

GET TO KNOW YOUR USERSRegardless of the role you play, you provide services to others. As a matter of routine, most of us consider roles, practice areas, and geographical regions as we evaluate our users. I’m challenging you to look deeper. Talk to people and ask probing questions to find out how their work might be unique or different. Back in my consulting days, while meeting different teams from a firm’s litigation practice group, I stumbled on a team that had a very specialized practice. The primary client used WordPerfect, and the lawyers were on the road most of the time. The team’s workflows were unique among

20 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

Creating a

Law FirmSMARTER

Learning is how you solve problems, grow professionally, and achieve your goals. —JAY CROSS

21KenoKozie.com

22 I T I N S I G H T S • 2 0 1 6 • E D I T I O N 1

their litigation peers. Had I not considered each of them as an individual versus part of a high-level practice group and asked probing questions, I would not have realized the patterns I had already started to recognize wouldn’t fit this team.

LEARN TO SHARE KNOWLEDGE INSTEAD OF TRAINJosh Bersin, an expert on business-driving learning, describes a learning culture as business-relevant and not at all academic; it enables successful organizations to iden-tify problems and fix them quickly. Changes to technology are not necessarily problems. Although they can create momentary challenges while we adjust and relearn how to use them, we must learn to adapt more quickly. In fact, the Association of Talent Development has conducted research and concluded that there is a connec-tion between knowledge and learning, and both should work together to reduce time to competency. While the classroom and formal learning definitely has a place, learning is more than classroom events. In the course of the workday, our users encounter specific moments when they need specialized knowledge. One could argue that many of our classroom events miss the mark of shar-ing knowledge. Often, we rely on subject experts who have a limited amount of time to convey their knowledge. The instinct is to cram as much as possible into the allotted time, which results in oversharing. But that isn’t how adults learn. Adults want to have some level of control in how and what they learn. They must experience a mixture of knowledge-sharing and teaching approaches, including considerable interactivity: role-play, scenarios, discussions, assessments, and even project work.

UNDERSTAND THE ADULT LEARNING PERSPECTIVELearning has an emotional base. There are a variety of characteristics that make adult learners who they are as individuals. Generally, we share some common themes. Adults learn for the here and now. They want to learn skills that apply to work they are doing today and will be most interested in learning subjects that have immediate relevance to their jobs. Adult learners come with experience and unique skills. Experience is vital because new knowledge builds on previous experiences. Respect their experiences, varied backgrounds, and motivations. Training topics must be relevant to what they do. Adults make connections to memories of things that are familiar to them in the learning process. Strong connections to real situations embed new memories in the brain, making them easier to retrieve when needed.

EMBED LEARNING INTO EVERYDAY WORKAs our users are working, they will encounter times when they need access to knowledge or instructional content to help them perform at their best. The challenge is finding the right mix of knowledge-sharing and teaching approaches we referred to earlier. Learning experts Bob Mosher and Conrad Gottfredson have identified five moments of need. Consider these moments when developing resources that you can embed into everyday work:

1. Learning about something for the first time2. Wanting to learn more about a topic3. Trying to remember and apply knowledge or skills4. Dealing with change5. Encountering something going wrong

BUILD SKILLS AND CONFIRM KNOWLEDGEAssessment has a place in adult learning and plays a critical role in building skills and changing behavior. People need to understand where they are now and where they need to be to see the gaps in their skills and give them goals. A true assessment places learners in a place where they have to use their knowledge to solve problems. It is a transfer of knowledge to action. Because skills build over time, having to remember when you are responding to an assessment makes the memories stronger in the brain. The stronger the memory, the easier it is to recall it when you need it. To meet the challenges of the complex technology changes ahead, firms must adapt and create time for deep learning across all disciplines. A firm’s leadership and its legal professionals must share a commitment to this. Adult learners like to control their learning experiences, and most are curious and want to learn new skills. But they don’t always make time to learn. To break old habits and anxiety around lack of time, firms must allocate specific time and goals for learning. Technology change doesn’t have to be a disruption or even a major distraction. It can be an opportunity to improve the way we learn and create smarter law firms. n

Tami Schiller, Social Media and Research Specialist at TutorPro Ltd, has focused on legal technology training for more than 15 years. She possesses a strong commitment to seeing individuals achieve their potential for technical competency and is always looking for innovative ways to deliver learning opportunities to busy legal professionals. By recognizing emerging trends and willingly sharing with others, Tami supports the legal community as it navigates through rapid changes to business practices and technology innovation. Contact her at tschiller@tutorpro.com.

We Are In Your CornerFor more than 25 years, Keno Kozie has been providing information technology design and services to leading law firms and legal departments across the nation. With years of experience, highly skilled professionals, and a deep understanding of legal technologies, Keno Kozie provides its clients with optimal value and support in the following areas:

n 24 / 7 / 365 Help Desk Supportn IT Security and Risk Management Servicesn Application Trainingn Document Management Systemsn System Design, Integration, and Supportn Advanced Legal Applicationsn Litigation Supportn Managed IT Services

Chicago | Washington, D. C.866-963-3309KenoKozie.com

Named Best IT Outsourcing Provider by The National Law Journal, Best of LegalTimes

Awarded 1st Place for IT Outsourcing by The National Law Journal

Recognized as Leading IT Outsourcing by The National Law Journal

Awarded 1st Place for IT Outsourcing by The National Law Journal, Best of Chicago

Follow: @kenokozie

Connect: Keno Kozie Associates

Like: Keno Kozie Associates

Keno Kozie Associates LTD

CHICAGOOne North Franklin Street, 5th FloorChicago, Illinois 60606

WASHINGTON, DC1701 K Street, NW, Suite 1025Washington, DC 20006