It’s an understatement to say that law firms are risk-averse, but many have not yet built ethical walls or factored their timekeeping systems into their risk management strategies. That will change. Thanks to costly and highly public breaches, firms are looking for ways to improve security and wall off their timekeeping systems to prevent fishing expeditions within them. Now aware of the potential for mischief and worse, firms are implementing ethical wall systems and demand that their timekeeping systems integrate with them.
Law firm technology has made information easy to store, access and utilize, increasing the risk a bad seed in your firm is fishing for confidential data. While firms acknowledge their document management, records and enterprise search systems are vulnerable, enough don’t think about protecting their timekeeping system.
Most software applications intentionally make internal information easily accessible, which is usually a good thing for clients and attorneys, creating efficiency and a sizeable knowledge base. But open access to information has its own set of risks. Highly publicized breaches have appeared in the media, including breaches to data privacy rules like HIPAA/HITECH and insider trading non-compliance. Not good.
Several Ways to Enhance Security
So, what is the best way to wall off your timekeeping system? The simplest way is to make every timekeeper a silo, only able to see his or her own entries. When we implement Smart Time for firms without ethical wall systems, we recommend the silo strategy.
If your firm has an ethical wall system, it’s best to integrate it right into your timekeeping system. We have integrated Smart Time with Intapp Walls, Aderant Expert’s Working Attorney and others. Ethical wall systems allow you to manage your walls in one central location. Once you set up a wall, these systems spawn security into other applications.
There are two types of walls, inclusionary and exclusionary walls. Here is how they work. An inclusionary wall allows access to the client or matter. Only those timekeepers who have been granted access are permitted to interact with client matter data. For time entry that means only timekeepers who have been added to the inclusionary wall are able to add time into Smart Time. On the opposite side, an exclusionary wall prevents specified timekeepers from gaining access to particular client/matters.
Get Timekeeping and Security Working Together
It is important for your timekeeping software to be part of your overall risk management strategy. The take-home message is: If your firm does not have an ethical wall system, set up your system with silos. Or, if you have an ethical wall system, make sure to wire it up to your timekeeping software. I consider this to be a best practice, and really an essential practice. The risk is there, and to ignore it leaves your firm open to potentially embarrassing and damaging security breaches.