Columns

Enhancing cybersecurity with legal accounting software

 

by JoAnn Hathaway   |   Michigan Bar Journal

The legal profession, like many others, grapples with internet threats and the heightened need for security protections. Recent statistics from the American Bar Association detail the number of lawyers victimized by security breaches. Specifically, the 2023 ABA Cybersecurity TechReport found that 29% of the lawyers it surveyed experienced a security breach, while 19% reported that they were unsure if their organizations had suffered a breach.

Attorneys must remain informed about potential threats to security and commit to safeguarding sensitive information. Legal accounting software can play an important role in helping law firms in this area by not only enhancing efficiency and ensuring compliance, but also by protecting sensitive information with its strong security features.

As we dig into the specifics of these features, it’s important to recognize that legal accounting software can be deployed in various ways.

Some firms choose an all-in-one solution by utilizing practice management software with integrated accounting functionality to streamlines workflows, letting attorneys and staff manage financial transactions, client billing, and compliance on a unified platform. Accounting software can also be linked separately to practice management systems, or it can operate as a standalone application.

Let’s explore the critical security features legal accounting software offers. Note that the availability of these safeguards may vary across different platforms.

AUDIT TRAILS

From user logins to data modifications and financial transactions, audit trails provide a detailed record of every action. Suspicious activities can be traced back to the source, allowing for necessary actions to be taken promptly, thereby ensuring accountability and maintaining the integrity of financial processes.

AUTOMATED RECONCILIATION

Automated reconciliation is a powerful tool that compares transactions recorded in the system with those in the bank statement. Any discrepancies — whether due to errors or potential fraud — are flagged for review. By identifying inconsistencies, the likelihood of fraudulent activities going unnoticed or unreported is reduced significantly.

DUAL AUTHORIZATION

Dual authorization requires multiple authorized users to approve a transaction before it is processed. This additional layer of security makes sure no single individual can unilaterally make transactions. Whether transferring funds or approving payments, this collective oversight reduces the risk of unauthorized or fraudulent actions.

TRANSACTION LIMITS

Designated administrators can set transaction limits within the software to prevent unauthorized transfers or withdrawals above certain thresholds. It’s an effective way to limit the amount of money that can be accessed at once. Whether it’s daily withdrawal limits or maximum transaction amounts, these software settings act as a deterrent to large-scale fraudulent activities.

MULTI-FACTOR AUTHENTICATION

Multi-factor authentication (MFA) is a robust security feature that requires users to provide multiple credentials from different categories to verify their identities during login or other critical transactions. Typically, this involves a combination such as passwords, security questions, or biometric verification. MFA significantly enhances system security, making it more resilient against unauthorized access.

ADVANCED USER AND TEAM PERMISSIONS

This feature allows administrators to customize access levels within the software based on specific roles and responsibilities. Limiting data access to only those who need it helps maintain confidentiality and reduces the risk of inadvertent data exposure.

IP, TIME, AND LOCATION LOCKS

These locks act as additional barriers against unauthorized access by restricting user logins to specific IP addresses, approved times of the day, or designated geographic locations. When set properly, users can only access the system from pre-approved locations during authorized time windows, significantly reducing the risk of malicious actors gaining entry from unexpected sources.

ONE-CLICK USER LOCKOUT

In the event of a security breach or suspicious activity, administrators can take swift action by revoking a user’s access rights with just one click. Immediate lockout prevents any potential misuse of the system due to compromised credentials or other security concerns.

ENCRYPTION

Legal accounting software employs strong encryption protocols to safeguard financial transactions and client information by converting sensitive information into a code that is unreadable without the proper decryption key. Encrypted data — user credentials, financial records, or confidential client information — remains indecipherable even if it falls into the wrong hands.

REMOTE AND THIRD-PARTY ACCESS CONTROLS

Controlling external access to the system is crucial. Remote and third-party access controls allow for regulation of external parties’ interactions with the network. Whether it’s employees working remotely, independent contractors, or partners, these controls restrict access to only trusted entities.

CLIENT PORTALS

Client portals play a pivotal role in securing communication. When coupled with practice management software, these online platforms allow for safe and efficient information and document sharing with clients. Portals have several advantages:

  • Enhanced security: Portals create a secure environment for exchanging sensitive information. Unlike regular email, which can be intercepted or hacked, portals use encryption to protect messages and attachments. Whether sharing legal documents, contracts, or confidential case details, client portals ensure privacy.
  • Attorney-client privilege: By using portals, lawyers are assured that communications remain confidential and are protected by attorney-client privilege. Clients can trust that their information is secure within this dedicated space.
  • Recordkeeping: Portals create communications logs, making it easy to track interactions between lawyers and clients since records can be stored securely within the system.
  • Ease of use: Clients can access portals conveniently to view messages and upload documents, simplifying communications while maintaining standards for privacy and data security.

CONCLUSION

Adopting secure portals ensures that law firms can communicate effectively with clients while focusing on confidentiality and compliance. But remember that not all legal accounting software platforms offer the same level of security. It’s important to evaluate your firm’s specific needs, consider integration options, and choose a solution that aligns with your priorities. By understanding these features and tailoring your accounting software choice to your firm’s unique needs, you can bolster security and protect both your clients and your practice.


Law Practice Solutions is a regular column from the State Bar of Michigan Practice Management Resource Center (PMRC) featuring articles on practice, technology, and risk management for lawyers and staff. For more resources, visit the PMRC website at www.michbar.org/pmrc/content or call our Helpline at (800) 341-9715 to speak with a practice management advisor.


ENDNOTE

1. American Bar Association, 2023 Cybersecurity TechReport https://www.americanbar. org/groups/law_practice/resources/tech-report/2023/2023-cybersecurity-techreport/ (posted December 18, 2023) (website accessed May 6, 2024).