Every year, the ABA Legal Technology Resource Center (LTRC) publishes TECHREPORT—a collection of easy-to-read breakouts of the annual ABA Legal Technology Survey Report, one of the leading surveys on how attorneys use technology. Practitioners, firms, and legal tech companies alike can use TECHREPORT to get a better grasp on legal technology trends and predictions.
Today’s excerpt is from the “Security” report by David Ries. Click here to download the full report.
Authentication and access controls are the first lines of defense. They are the “keys to the kingdom,” controlling access to networks, computers, and mobile devices. The 2017 Survey covers access controls for laptops and smartphones. It would be interesting to see how attorneys fare on networks, desktops, servers, and other systems.
For laptops, a strong majority of responding attorneys (nearly all) report that they use access controls. Overall, 98% report using passwords, with firms of 10-49 attorneys, 50-100, and 500+ at 100%. Firms of 2-9 and 100-499 report just below 100%. For solos, the figure is 92%. In addition, 15% overall report using other authentication, which would include fingerprint readers and other alternatives. While this might suggest that all attorneys use some form of access control (98% + 15%), that is not the case. About 2% report that they use none of the listed laptop security measures. The response of none includes solos and firms with fewer than 49 attorneys. As noted above, 100% (or just below) of larger firms report the use of passwords.
Use of authentication controls on smartphones is similar to those on laptops. Reported use of passwords is 94% overall, increasing with firm size from 88% for solos to 100% for firms of 50-99, 100-499, and 500+. Use of other authentication is 38% overall, while another 5% use none of the listed measures.
For both laptops and smartphones (as well as other mobile and portable devices), all attorneys should be using passwords or other authentication.
Most, if not all, attorneys need multiple passwords for a number of devices, networks, services, and websites—for both work and personal use. It is recommended that users have a different, strong password for each device, network, service, and website. While password standards are evolving—stressing length over complexity—it is still very difficult, or impossible, to remember numerous passwords. Password management tools allow a user to remember a single, strong password or passphrase for the tool or locker, with automatic access to the others. Respondents report that 22% overall use password management tools while 17% report that they don’t know. It is unlikely that these respondents are using these tools because a user would have to know that they are using a single password to access others. There is not much of a difference in use by size of firm, ranging from 12% for solos to 30% for firms of 500+ attorneys.