Tuesday, October 8, 2013

Guarding Your Clients and Firm Against Cyber Crime

As technology continues to evolve at alarming speed, the ability of attorneys and law firms to manage transactions and business information has improved dramatically. More and more functions have become streamlined - with greater ability to monitor and analyze heavy loads of corporate data. However, even as we appreciate each new advance, it is important to recognize the sobering reality that the cyber-criminal community also continues to grow in size, sophistication and channels to ply their trade. Today, more than ever, critical and sensitive information of our clients and firms are exposed – and firm management must plan ahead to limit that exposure. 

Here are a few steps to take to proactively reduce your clients’ and firms’ exposure to the growing cyber-criminal threat. 

Safeguard Your Systems.

  • Have technology professionals run the most current versions of antivirus software on all firm computers and install firewalls and encryption software as necessary.
  • Take the time to sit with your banking team and learn about all the processes your bank already has in place to protect your firm and your clients. Make sure your firm is currently benefitting from each security measure available. For instance, some banks offer ‘reverse positive pay’ which shields against bank fraud by sending email notifications for approval each time a check is presented for payment.
  • Get a network key fob, a small device that provides two-factor account authentication. It automatically refreshes your online security passcode every 30-60 seconds which greatly reduces (but does not eliminate) your chances of being victimized.
  • Protect your myriad passwords for personal, business, and other accounts. Change them periodically, differentiate them across accounts, store them securely, and provide very limited access to them, only as needed.

Track Firm Accounts Daily.

Transactions (and fraud) happen so quickly today that it’s imperative for real estate attorneys to take on the responsibility to monitor all firm accounts daily (both trust and operating) to review for any questionable account activity. It is not enough to delegate this responsibility to a firm controller or CFO who is not directly involved in the daily transaction flow. Although the firm’s controller or CFO must reconcile and close all firm accounts on a monthly basis, only the attorneys at a firm have a real-time understanding of all the various closings, bulk sale escrows, contract signings and their associated large deposits, and retainers. Checking your accounts every day will reveal any discrepancies sooner and give you time to call your bank or firm’s controller to understand any reasons for such discrepancies and to take immediate action if necessary.

Continually Educate Yourself and Your Team.

Being aware of how cyber thieves operate and common ways they gain access to secure data can prevent many inadvertent security lapses. For example, every employee at your firm should understand common fraud practices, such as “phishing.” By now we have all been “phished”-- receiving an email that appears to come from a known or legitimate entity but that is fraudulent. This bait lures an unsuspecting user into clicking on a link to the hook, a web page that looks like a trusted source page. If the phishing expedition is successful, the victim will believe they are on a familiar trusted site and enter sensitive data that will be stolen by cyber thieves. Learn to recognize the sure signs of fraudulent emails. Poorly written sentences or odd spelling, strange email addresses for the sender and unusual requests are sure signs of phishing. It’s worthwhile to visit the FBI’s website to learn more about cyber security and fraud at http://www.fbi.gov/scams-safety/be_crime_smart/.

Implement a Plan.

Developing an incident response plan is crucial. Team members must know in advance what specific steps to take and who to contact when they suspect fraud has occurred. Since fraud can occur so quickly, time is of the essence to limit your firm’s and clients’ exposure and advance planning reduces response time. To ensure successful implementation of such a plan, practice with your staff and hold a “fire drill” to make sure the steps are easy for everyone to follow.  Key steps to include are: notifying your bank’s fraud department, your firm management, and the client - working with your bank to shut down an online session, quickly attempting to reverse a payment order, and invalidating your online credentials that have become compromised.

Aaron Y. Strauss is the founder and a partner at A.Y. Strauss (www.aystrauss.com), a leading commercial real estate law firm, with offices in Roseland, NJ, and New York City. David DePietto is CEO of NexFirm (www.nexfirm.com), a provider of back office outsourcing solutions to smalaw firms, based in New York City.

Forming a Law Partnership – The Partnership Agreement

A law partnership can be very much like a marriage.  My law firm partner and I bought a place together (our office in San Jose, California), furnished it and acquired dependents (a.k.a. employees).  We also share a bank account and plan for retirement together (through 401(k) and profit sharing accounts).  And, we often spend more time talking to each other than we do with our spouses.  When you get married young, there is often little need for a pre-nuptial agreement.  This was the case for our law firm partnership – we both brought very little, except our books of business, to the partnership, and therefore a very simple limited liability partnership (“LLP”) agreement sufficed.  However, almost ten years later we have built up significant assets and goodwill in our law firm, the dollars we split up at year-end got much more substantial, we had more attorneys involved, and we felt the need for a more detailed LLP agreement.  Similarly, experienced lawyers leaving established firms to start new law firm partnerships often have a lot to risk, and have strong ideas as to how the partnership should be managed and the money divided.  A well thought-out partnership agreement is a must.

In my experience representing law firms in drafting and negotiating their partnership agreements, if you are considering forming a firm with other attorneys, there are a few major items the partners should agree to before starting to draft an agreement:

  •    The Name.  Will you use the names of the partners (and in what order?), or will you use a name different from the names of the partners?  I have seen firms go through significant expense to change their website, letterhead, branding, etc. when a partner leaves or a new partner joins.  
  •    The Money.  This is probably the biggest area of contention amongst partners, and the terms you agree on in your partnership agreement can often have unintended consequences as to how the partners interact going forward.  For instance, be careful about creating a purely formula-driven system that could result in partners fighting over origination credit for each new matter brought into the firm.  On the other hand, it is very rare for a partnership to survive more than a couple of years with an agreement that says the partners share everything equally. Also, make sure the partners are all in agreement up front about what the partnership will do if it needs additional capital.  Will each partner have to put in funds to cover low periods?  Are you willing to borrow money to fund a contingency case?  Are you willing to borrow money to fund partner draws?  What happens if a partner is not pulling her weight with revenue?  Discussing these concerns in advance and drafting for them can result in better clarity and less disagreement when such situations arise.  In larger firms, a compensation committee is often created to address some of these issues as they arise.
  •   Management.  The management terms vary greatly depending on the size of the partnership.  Smaller partnerships can give all partners a voice in management, while larger partnerships must have clear rules for choosing the manager(s) and their levels of authority.  Think carefully about what the management committee in your partnership can and cannot do without the vote of the partners.  For instance, does the management committee have the authority to approve or disapprove new clients/matters?  Create policies/procedures?  Amend the partnership agreement?  Add new partners?  Expel a partner?  Does the management committee need to create and stick to a budget?

Once you and your potential partners can come to an agreement on these three items, you can move on to the more detailed specifics of the partnership operation.  If you cannot come to an agreement on these preliminary matters… think carefully about whether you might be better off with solo practices and an expense sharing arrangement.  It could save you an expensive and time-consuming business ‘divorce’ later. Of course, if partnership law is not in your areas of practice, it may be helpful for you and your potential partners to engage a partnership attorney to help form the law firm and provide suggested terms for the partnership agreement.

The information appearing in this article does not constitute legal advice or opinion. Such advice and opinion are provided by the firm only upon engagement with respect to specific factual situations. Specific questions relating to this article should be addressed directly to the author.

Tamara B. Pow is a founding partner of Structure Law Group, LLP in San Jose, California. (408) 441-7500, www.structurelaw.com