4-Step Computer Security Upgrade
Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.
As a legal software customer, you have a right to demand a few things from the companies with which you do business. Information, for one thing. Like the price, and like security measures.
You have a right to try software before you buy it. And you have a right to get your data out. And you have a right not to get jerked around during onboarding.
Here’s what you should expect from your software vendors.
The price of legal software shall be published.
In order to buy software, first you have to know what it costs. If there is no price posted on the website, it’s a sure sign that the company lacks confidence in its product and relies instead on a hard-sell approach to convince you that it’s worth the price.
The price of software should be posted on the website, and it should be easy to understand. No small firm should have to schedule a demo or speak with a salesperson just to find out how much software costs.
And while we’re on the subject, regressive pricing sucks. Software companies that offer volume discounts probably aren’t going to care much about their smaller customers. Look for software that offers the same rate regardless of the number of users.
There shall be a free trial, which shall be easy to get started.
You cannot know for sure whether software will work for you until you try it. And trying new software should be a pretty simple endeavor. Download and install. Sign up and start using. Or just click to use a dummy account online.
Sure, some companies feel the need to give you a 30-day money-back guarantee or demand your credit card to get your trial started (and they will automatically start billing you if you don’t cancel before your trial expires). These kinds of “trials” are kind of petty, but they’ll do.
However the trial works, you should be able to try software for at least 10 days (although a full billing cycle is ideal) before you buy.
If software requires onboarding, onboarding should not cost extra.
Some software legitimately requires a team of technicians to install and configure. And some software is so complicated (but still, somehow, useful) that it requires training to use it effectively. If that’s true for your software, the onboarding cost should be on the pricing page along with an explanation for why it is necessary.
But there is at least one legal software vendor that requires you to pay for someone to remotely log into your computer to download the install file and double-click it, and then point at all the buttons and menu options and tell you what they do. And there is at least one CRM vendor that requires everyone to pay for training whether or not they already know how to use the software or are comfortable exploring it on their own.
No company should get to charge you for that kind of thing.
Security measures shall be clearly described.
How is client data encrypted, and when? (Before, during, and after transmission? At rest?) Which encryption technologies are employed?
How does the company control access to encryption keys and client data?
Where is client data stored? How often is it backed up, and can customers access those backups to restore data?
Do any third parties have access to client data? If the company is using a third party for hosting (e.g., Amazon), how does it ensure the third party it cannot access client data? Speaking of Amazon, which many cloud software vendors use to host data, if the answer to any of the above is “Amazon takes care of it,” which of Amazon’s many security options has the company elected to employ?
Is the software HIPAA compliant? Does it conform to any other recognized standards (Like the Legal Cloud Computing Association Security Standards—hint hint)?
Does the company use a third-party security auditor?
Nobody should have to dig through hidden pages on the website or speak to a sales representative (who probably doesn’t even know) for this information.
It must be possible to export data in a useful format.
The client owns the file, which means you must be able to return the file to the client. You may need to take your clients’ files with you when you change firms. Or you may need to give the file to an ethics investigator someday. Or you may just want or need an archive of the file for other reasons.
One way or another, it should be possible to export data in a useful format. It may be complicated or clunky, but it should be an option.
Do you have anything to add to the Legal Software Bill of Rights? Let me know in the comments.