By Zach Warren, From Legaltech News

Those who have helped law firms go paperless say that structure of the project life cycle is crucial to closing security gaps.

Yes, the idea of going paperless—or at least paper-lite—is starting to take hold at law firms of many sizes. However, the drivers to complete this transition for many law firms are different. For most, it’s a matter of internal efficiency, looking to get all of the firm’s information in one easily-accessible place. For others, it’s a matter of ease of use, and looking to be on the same software and document submission platforms as clients.
But for some, there is an entirely different reason to pick up a “paperless” software solution that may not jump out at many firms immediately: security.
“Security is absolutely driving entities looking at cloud-based solutions and going paperless,” says David Hansen, director of compliance at NetDocuments. “By default, law firms are becoming more knowledgeable … and are driven by the audits that they’re having to respond to from their customers. Their customers are requiring some sort of manifestation that their data is secure.”
Indeed, going paperless means integrating a new process into the firm’s pre-existing secure workflow. Especially with an increasing focus in keeping client data secure in the wake of numerous cyber attacks against firms, any move to institute paper-lite software should be taken with security foremost in the firm manager’s mind.
From his work with small firms, New Orleans-based attorney Ernest Svenson says that firms are no longer afraid of paperless or paper-lite processes that utilize the cloud. “They’re not afraid of this idea of putting this information in a place where it can be accessed through the cloud. They just need to know, ‘How am I going to maintain security and privacy, and what do I need to worry about?'”
So how can firms institute proper security into a paperless or paper-lite workflow? Security begins, notes Svenson, with proper processes.
“Chaos is introduced into the system when you’re trusting that each person at their computer will put the folder in the right network drive, give it the right name, [and] not accidentally delete it,” he explains. “You need to impose a rigorous structure on that.”
Hansen adds this sort of structure allows firms to know exactly what data needs to be protected. “Law firms are under an increasing obligation to be able to demonstrate that they are keeping information secure. And in order to do that, they first have to know what they have, and when you have years and years of paper documents, it becomes increasingly difficult to make any sense at all where you have personal information.”
Instituting new processes, adds Joe Wagle, worldwide director of solutions consulting at HP Inc., should also include all parts of the process that previously centered on paper. He notes that many of the clients HP works with to set up printing and scanning solutions often think about how computers can be hacked, but not the printers and scanners that hold data themselves.
“Whether we’re talking about digitization or going fully digital, there’s still a printer there, and it all needs to be secure. It’s not enough to have software or settings protect you. You have to have governance in place,” to know where data is on all parts, he says. “If you don’t have that in place … it’s sitting there, wide open again.”
John Gilbert, senior vice president with nQueue, also notes that this new security paradigm should focus on old paper documents as part of a new, secure workflow as well.
“Firms today are inundated with their clients coming and auditing them. What policies do you audit regarding paper? When’s the last time you went to your off-site storage facility and asked, do you have enough fire suppression? … And most people have never even thought about that,” he says.
If all of this sounds familiar, it should—experts say that paperless processes should mirror those of other technologies, instituting people, process and technology to encompass a secure solution. And, in this way, a secure paperless process should mirror other secure processes that the firm already has in place.
“You don’t have to buy a server,” Svenson explains. “You don’t have to put in a huge up-front cost and hope that you have enough users to justify it. … Those days are gone. It’s all about pay for the extra user, get them a cloud account, and move on.”

For more on this story go to: http://www.legaltechnews.com/id=1202764164637/When-Going-Paperless-the-Key-to-Law-Firm-Security-is-Definite-Processes?cn=20160803&pt=Newswire&src=EMC-Email&et=editorial&bu=Law.com&slreturn=20160703110830