Guest post by Justin L. Kelsey.
New technologies present opportunities for saving time and streamlining processes - and they also present risks.
I recently responded to an attorney's question about whether his firm should be concerned about the security risks of making online deposits to his firm's bank account. He was concerned about the risk of “hackers” gaining access to his banking information and also wondered if the practice would actually save time since the bank still required that IOLTA checks be deposited in person.
The good news is that he was asking the right questions. It shouldn’t be assumed that new technologies will save you time, and any management decisions in your firm should include an evaluation of any security risks. However, I think many lawyers overly focus on the risks of new technologies while ignoring the risks of the “old way of doing things.”
Will Mobile Deposits Save Time?
Whether there is a time savings will be unique to each firm and their current frequency of deposits. If you or your employee is headed to the bank almost daily for IOLTA deposits anyway, then adding a second form of depositing probably doesn't make sense. For my firm, being able to mobile deposit operating checks immediately is a time saver, but we are not going to the bank on a daily basis because most of our business is now done via credit card.
Also keep in mind that any time savings for solo or small firm practitioners usually means additional opportunity for billable time.
What About Security?
Regarding the security concerns, I think there is a natural (and healthy) tendency to be suspicious of change.
However, it is always important to not just evaluate the risks of the new option, but compare it to your old option.
Massachusetts professionals are required to keep a Written Information Security Program (PDF link) and it is reasonable to ensure that your WISP address any password management and other points of vulnerability in your local computer and device use. You're probably already storing other sensitive client information, so this is a necessity regardless of whether you use online banking.
If you look simply at the difference between taking a check to the bank and depositing online, though, there a lot more variables in play.
Any security expert will tell you that most vulnerabilities come from people that have physical access to your system (i.e., the password hidden under the keyboard), more often than an outside "hacker." Your traditional model of handing checks to an employee who then deposits them at the bank has a few physical steps of vulnerability. For example:
- Where does the employee store the check before they go to the bank? Is it on their desk or in a secure location?
- How long is the check in the employee's hand before it's in a secure location?
- Does the employee stop anywhere on the way to the bank? How secure is their car?
All of the time in between when the client hands you the check and it is deposited with the bank is an opportunity for the check to be misplaced, accidentally destroyed, copied, or stolen. And let's be honest here, misplacing something by accident in the everyday operation of a business is a much more likely security risk than malicious activity.
Now compare that to the immediate deposit of a check that is handed to you via mobile deposit. You've eliminated all of the physical opportunities caused by the delay between handing an employee a check and when they deposit it at the bank. Those are the security risks that you should be comparing to the risks of electronic transmission. Investigating vendors and asking your bank questions about the security of their online or mobile systems is an important step in deciding whether one option is better than the other.
But don't assume the old way is better just because it's what you're used to.
Justin L. Kelsey is owner of Skylark Law & Mediation, PC in Framingham, Massachusetts. He concentrates his practice on mediation and collaborative divorce.