Intelligent search in legal Knowledge Management

CaptureSearch is vital in the modern law firm. The ability to find information quickly and efficiently contributes not only to business success but also to work satisfaction. We’ve all been frustrated at some point when we’re looking for a case, or a research point but no good leads show up. On close of business, it’s much more satisfying to look back on a productive day where you actually finished a project instead of contemplating a day where you found yourself constantly impeded by the lack of necessary information and your productivity diminished by fruitless searching.

Pre-internet, pre-web, pre-mobile…..pre-everything!

In our youth, the only recourse was a set of encyclopedias our parents had been cajoled into buying. We would drag out the large, heavy books just to clarify that Rome is the cap­ital of Italy.

Today, of course, there’s no need to pull a volume of an encyclopedia off a shelf or even leave the room to find answers. In much more subtle fashion, you can simply look down at your phone to search for answers to factual questions. Google and Wikipedia have certainly redefined what it means to search. However, we tend to search because it is easy to do so. A primary reason for Google’s phenomenal success is its vaunted ease of use. Typing relevant keywords is enough to quickly get meaningful results – why bother with hard texts when you can get answers online? Why do physicians not use medical literature, rather than relying on the drug company salesman for information about a new drug? By no means do I imply that fast and easy is best. But only that fast and easy is often “good enough”.

Search has gone mainstream. People search sports and entertainment or to locate a retail store or book a hotel. The reality is that the simplistic notion of search does not carry over particularly well to finding information essential to doing your job.

Who cares?

Recently a colleague reached out to me looking for reading material in a certain area of law. The topic was from a 1942 case. Her issue was that she didn’t just want the 1942 case; she wanted 5 recent cases that reported on the topic, as well as articles. Her initial searches did not yield anything relevant, not even the 1942 case; and she’s not alone. Many lawyers find themselves frustrated when they can’t find the desired information in an immediate way because of how current search applications are designed. They involve typing keywords into a search engine via a browser, at least with respect to online resources outside the firm. Further, internal search applications are complicated by the need to search both structured and unstructured material and the fact that an internal search platform is either non-existent or relatively user unfriendly as compared to the internet.

Certainly the integration of search into the daily lives of most people supports the argument that while search is important to what we do, it certainly does not lead, without more, to anything like a competitive advantage, either personally or for your employer. Why? Because everyone is doing it (perhaps not skillfully) – moreover as more millennials enter the workforce, many have been doing it for quite some time.

But as a Knowledge Management strategy, search is not a “one off” tactical activity whose goal is to find pieces of information and call it a day, but rather a more strategic activity whose objective is to add search results to an evolving and organic narrative around an area of law. It is the ability to plug search results into a narrative, one that provides a holistic context.

Despite the enabling technologies now available, implementing a KM strategy that is viable and market differentiating remains a challenge because of the 3 Ps; people – which requires changing employee thought patterns and behaviours, process – the creation, maintenance and usage of a knowledge base (that is how the initiative is actualized) and the platform – the set of technologies that is leveraged in the actualization and its inherent characteristics such as accessibility, availability and reliability.

Your device, your privacy: the who, what and the how of mobile privacy

Lest we forget, digital secrecy does not exist. We may not realize it but we are kept on a close electronic leash and tracked, followed, observed and monitored on a very large scale and we are actively participating in this through our use of mobile phones.

Before you write me out as some paranoid cyber security lawyer, be aware that your personal data, behaviour, tastes and relationships form the basis of the economic models adopted by the free app providers making your information even more lucrative. With an attention span shorter than a Goldfish, we don’t bother going through the End User License Agreements, it’s just a pain.

So you go about your normal day sending business and personal e-mails, downloading apps, or updating your social media status, a little pop-up appears that has nothing to do with what you’re actually doing. Then it dawns on you. You may have seen this product page before. A simple search you did in the past has come searching back for you.

Accessing user information both for legitimate and malicious purposes is no longer uncommon in the digital age, where you do just about everything using a mobile device. But can breaching one’s privacy be stopped? What should you do to protect your privacy from mobile threats like this?

  • Who

The right to mobile privacy

We all have the right to privacy. But this easily gets violated whenever someone tries to access our personal information on any platform, without our consent or any given lawful reason. Breaching could be as simple as a friend spying on your social media account to marketing agencies deliberately studying the types of websites you visit and barraging your inbox with unsolicited alerts or offers.

With everything going mobile these days, it’s not surprising that some, if not most of us, often disregard the value of privacy. Sometimes, we ourselves, enable ‘data leaks’ failing to log out of sites leaving cybercriminals more than happy to take advantage of our oversight.

In social media alone over-sharing has become a springboard for more severe types of cybercrime like identity theft with the creation of a number of malicious apps engineered to steal sensitive user data.

  • What

Your device settings

Your default device settings serve as suggestions you can use to increase protection. By familiarizing and modifying these settings to suit your mobile needs, you can be assured that no one has easy access to your mobile device. Getting familiar with these settings could gain you more security.

Visiting malicious sites and drive-by downloads

Symantec security defines a malicious website as a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device. Malicious websites often look like legitimate websites and sometimes ask you to install software that your device appears to need.

Drive-by downloads are malware that can be installed on your device simply by looking at an email, browsing a website or clicking on a pop-up window with text designed to mislead you, such as a false error message.

So don’t open that email or click on that pop up message if you think it is malicious; guys, there’s no swimsuit model in Russia who thinks you’re hot – trust me.

Your mobile behaviour 

Owning a mobile device gives you the freedom to access the online world more frequently. But does it change your behaviour when it comes to security? This freedom often makes mobile users more vulnerable to threats through mobile activities like social networking, shopping and banking.

Cybercriminals are stepping up the production of threats that affect social networking sites, online stores, and even banks—and they won’t just stop at creating apps that could easily be mistaken for legitimate ones.

Why – money is the driving force

Mobile devices have impressively centralized one’s online activities. But at the same time, it has opened doors to vulnerabilities exploited by cybercriminals driven by one agenda: money.

Kenya Cybercrime firm Serianu estimates that Kenya lost more than KES 17 billion to hackers in 2016. Not only did the number grow, the sophistication and capabilities associated with these threats grew as well. Cybercriminals are always on the lookout to steal information stored in smart phones and tablets that can be used for profit.

How

apps.jpg

They’re called free apps for a reason

It is so easy to get lost in the number of free apps you can download these days. One click and you can enjoy the game everyone is talking about or that app that filters your photos to the stone age. But remember that there’s always a trade-off. If they don’t charge you for using their app, chances are they could be earning by reselling your personal information. How about that!

Device loss or theft

No matter how careful you are with what you store in your mobile device, once it gets lost or stolen, you have little to no control over what happens with the sensitive files or data you have in them.

End-User License Agreements (EULAs)

EULA.png

You know that little checkbox you click that says you’ve read the terms of the agreement? That’s what the online service developers use to look out for themselves, they’re called EULA’s. You see it on the terms they ask you to agree with that they can change at any time, with or without notice. Before saying yes to these EULAs, you should read up and familiarize yourself with what’s stipulated. You may end up allowing them to sell your photos, track your online activities or hand over information to authorities without your knowledge.

Bring Your Own Device (BYOD)

Employers are now turning the tide with regards to personal devices for work related activities. Companies are now investing in their own devices and top of the range anti-virus software to curb the menace associated with BYOD. But if your organization allows you to BYOD, be wary since even a company’s IT policy could mean giving your IT department access to your personal files and information.

Anyone could fall victim to cybercriminals trying to breach your privacy. But there are still stops you can pull to prevent this.

General Checklist:

  • Configure your device’ privacy and browser settings to control the amount of information it shares.
  • Activate screen locks and passwords to minimize chances of hacking and change passwords every three months for security.
  • Refrain from storing compromising files (photos and videos) you’re not comfortable with on your device
  • Clear your mobile browser cache regularly to avoid data leakage and information-stealing malware. Constantly monitor your app and account settings to make sure sharing and connectivity are secure. For the less tech savvy, I would recommend theClean Master App. A few clicks and you’re safe.

Get rid of apps you don’t use

  • Download only from trusted sources like the developer’s website or from Google Play. Remove apps not in use.
  • Always check the app’s permissions to ensure that it doesn’t perform functions outside of its intended use.
  • Use your mobile browsers’ private browsing settings, especially for sensitive transactions like online banking.

Device Loss or Theft Readiness

  • Take note of your account credentials or make use of a convenient password manager when the need to reset them arises.
  • Backup files with irreplaceable information in the cloud.
  • Prepare to contact the authorities, your service provider, and concerned organization to avoid the malicious use of your identity and to block bill charges.
  • Sign up for a reliable remote service that allows you to find, lock or wipe your device when you need to.

Check your BYOD Agreements

  • Are you required to produce personal devices for forensic analysis?
  • Does this apply to devices shared with other family members?
  • Who can access personal information stored in your device?
  • Can your company track your location? Is this a requirement? Do they have notifications if the need for this arises? Under what circumstances?
  • Are your personal online activities monitored? Are these systems active outside regular work hours?
  • Is this information retained when you leave the company?