Digital Crisis

Is your law firm's "workaround culture" quietly draining your billable hours? ⏳💼

Every attorney has been there: a document takes two minutes to load, an email search returns nothing, or the VPN drops mid-meeting. Over time, staff stop reporting these glitches and just work around them.

But that daily tech friction isn't just annoying—it’s a massive financial leak. An attorney billing $350/hour who loses just 30 minutes a day to sluggish systems gives up nearly $44,000 in annual billable capacity!

If your firm is experiencing these 5 warning signs, your IT model needs a structural shift:

- Sluggish Systems: Aging endpoints or unpatched software causing compatibility drag.
- Purely Reactive Support: You only ever hear from IT after a critical system breaks.
- Access Chaos: Staff either have too little access (workflow delays) or too much access (security risk).
- Mystery Backups: No one can confidently tell you the last time a full data restoration was successfully tested.
- Phishing Leaks: Malicious emails routinely bypass your filters and land straight in employee inboxes.

Stop firefighting your technology and get back to practicing law.

👉 Read our full guide to diagnosing and fixing "Bad IT" symptoms 👉 Ready for a professional IT assessment? Let's talk at (713) 965-7200.

https://digitalcrisis.com/bad-it-symptoms-and-quick-fixes/

There’s a security story doing the rounds right now that’s needs your attention… especially if your phone holds anything important 📱

Researchers have demonstrated a way to pull sensitive data from certain Android phones in under a minute.

And it’s not as far-fetched as it might sound.

They focused on devices using chips from MediaTek, which are found in a surprisingly large number of Android phones.

The technique they used doesn’t involve tricking someone into clicking a link or installing anything. Instead, it works at a deeper level of the device.

They connected to the phone via USB while it was powered down and accessed a part of the system that’s supposed to keep sensitive data safe.

This area, often described as a “secure zone”, is where things like encryption keys and PIN protection are handled.

From there, they were able to extract those keys, unlock the phone’s storage outside of Android, and work out the PIN.

Once that’s done, the contents of the device become accessible. Messages, photos, files, and even things like crypto wallet data 😱

Now, rest assured, this isn’t something that can be done remotely. Someone would need physical access to the phone and the right tools.

But that doesn’t make it a niche risk.

Phones get lost, stolen, or left unattended all the time, and that’s where this kind of weakness becomes relevant.

What this really highlights is how much trust we place in our phones without thinking about what’s underneath.

They feel secur

If your business website runs on WordPress, here’s a quick check for you 🔎

There’s a popular plugin called Quiz and Survey Master (QSM).

It’s used by more than 40,000 websites to create quizzes, surveys and forms without needing any coding.

Unfortunately, versions 10.3.1 and older were recently found to have a serious security flaw.

The issue is what’s known as an SQL injection vulnerability.

SQL is the language used to talk to a website’s database, the part that stores things like user accounts, submissions, and other important data.

An SQL injection flaw means someone can sneak malicious commands into that database.

In this case, any logged-in user, even someone with a basic subscriber account, could potentially inject commands into the system.

That could allow actions like:

🚫 Accessing sensitive data
🚫 Extracting information from the database
🚫 Manipulating content

The vulnerability is tracked as CVE-2025-67987, and it was fixed in version 10.3.2.

The latest version available is 10.3.5, which is the safest bet.

Based on WordPress.org data, just over half of websites using QSM are on version 10.3. That means a large number are likely still vulnerable.

That’s potentially tens of thousands of sites.

Right now, there’s no confirmed evidence of this flaw being actively exploited. But once a vulnerability is public, attackers often start scanning the internet looking for unpatched sites.

👉 If your site uses this plugin, the solution is straightforward:

If you’ve ever tried to get an AI tool to understand a whole project instead of just one document, you’ll appreciate this…

Microsoft has introduced something called Copilot Agents in OneDrive.

And this is where AI starts to feel a bit more useful for real-world business work 🤖

Here’s the problem it’s trying to solve.

Normally, if you ask Copilot to summarize or analyze something, you’re doing it one file at a time. One Word document. One spreadsheet. One PowerPoint.

But projects don’t live in one file.

They live across proposals, meeting notes, budgets, timelines, research documents, and email summaries.

With OneDrive Agents, you can now select up to 20 related files and bundle them together into what’s saved as a .agent file.

Instead of asking: “Summarize this file…”

You can ask: “What deadlines are coming up across this whole project?”

“Where are the risks?”

“What did we agree in the last three meetings?”

And it has the context of all the selected files, not just one.

The agent behaves like other AI tools. It can summarize, answer questions, surface key points. But it’s operating with a broader understanding.

Even better, these agents are saved as files inside OneDrive.

That means you can share the .agent file with colleagues. They don’t need to recreate the setup themselves. You’re all working from the same AI “view” of the project.

As projects evolve, you can add or remove documents from the agent or refine the instructions it uses.

It stays aligned w

Is your firm’s IT setup meeting your professional ethics obligations? ⚖️🛡️

Texas Disciplinary Rule 1.05 and ABA Model Rule 1.6 aren't just suggestions—they are mandates to use "reasonable efforts" to protect client data. In 2026, a standard password and a prayer aren't enough to meet that bar.

If you haven’t mapped your technical controls to your ethics requirements, you’re carrying a liability you might not see until a breach occurs. Discover what "reasonable efforts" actually looks like in a modern digital environment.



https://digitalcrisis.com/what-aba-model-rule-1-6-means/