TLOMA Today

It was my distinct pleasure to spend a few hours with some of our membership this past Thursday at TLOMA’s annual holiday lunch at the CN Tower. What stood out the most were the few minutes when I had the opportunity to chat with the wonderful people at the Life Member table. These are inspirational members that were an integral part of the forming of TLOMA and the ongoing success of TLOMA. Their continued involvement, even after retirement, is truly a blessing for our organization.

Renew your membership before the year ends to secure in the same rate you enjoyed in 2024—just $435 + HST. Starting January 1, 2025, the membership fee will increase to $450 + HST. Don't miss this opportunity to save and continue enjoying all your TLOMA benefits! 

On behalf of myself and the members of the Board of Directors, I would like to extend our sincere wishes of health and happiness to each of you and your families during the Holiday Season. Time with family and loved ones is the ultimate precious gift. 

Our sincere thank you to the CN Tower for hosting the event.

Happy Holidays!

I’m thrilled to introduce myself as the Chair of the 2025 Conference Committee! I look forward to introducing you to the rest of the very talented volunteers in the coming weeks. It’s an honor to work alongside them to bring this incredible event to life. With planning well underway, I’m excited to share a few highlights about what we have in store for you.

Our theme this year is Lead the Change, and is all about empowering each of us to drive progress and modernization within our firms and the legal industry. We’re carefully curating a lineup of educational sessions that will deliver fresh perspectives, practical solutions, and plenty of inspiration.

I’m especially excited to share a new feature to our trade show: the 20-Minute Business Spotlight Solution. This dynamic format will showcase cutting-edge products and services in short, impactful presentations, giving you the insights you need without taking up too much of your time. It’s a great way to discover solutions that can make a real difference in your day-to-day operations.

Have you heard? We’re heading back to the beautiful White Oaks Resort & Spa! This venue has always been a favorite for its perfect mix of comfort, elegance, and plentiful opportunities for connection. Whether you’re attending for the first time or you’re a TLOMA veteran, I encourage you to bring a colleague. Sharing this experience is a fantastic way to build synergy within your team and extend the benefits of what you’ll learn throughout your organization.

To keep you in the loop, I will be hosting Monday’s with Michelle in our online general forum. I’ll share updates on our progress, sneak peeks of what’s to come, and answer your questions as we gear up for the big event.

I can’t wait to see you in 2025! Together, let’s make this a conference to remember.

In the previous issue I provided some tips how to improve the strength of your passwords and described other common vulnerabilities I and my team uncover when testing client networks. The vulnerabilities we find are often exploited by Hacker's and facilitate computer network compromise. In this month's article I will provide additional tips to improve your firms overall cybersecurity readiness. I say readiness, because it’s not a matter “if” you get hacked, it’s a matter of “when”, and can you survive the attack? A typical ransomware incident is crippling for organizations of any size, the question you must ask yourself “can we recover quickly, with least disruption and most importantly without having to pay ransom?”. To answer this question, you must honestly investigate a few key areas within your network.

Let's begin with the front door to your network (the firewall). You wouldn't leave your front door unlocked, yet many organizations have firewalls full of holes. So, good luck stopping the malicious stuff from entering your network when the firewall is like Swiss cheese. Very often our tests reveal multiple deficiencies, therefore, to ensure your firewall is the first line of defense, find out if you are indeed using a proper firewall and not a WiFi router device provided by your Internet service provider.

Secondly, 50% of Internet web sites are fully encrypted (look for https://) This means that if your firewall is not capable of decrypting this traffic for threat inspection, you now have a significant blind spot. Nefarious attackers will often use encryption to evade detection. So do yourself a favour and ensure your firewall can peek inside SSL encrypted traffic entering and leaving your network. Also, enforce mandatory filtering of Internet traffic. This can significantly lower your risk, provided you are restrictive. Often, we encounter organizations that lack proper web filtering. Staff can access any site, download anything. Unfortunately, this opens the door to significant risk.

Next, investigate if you’re using legacy software, legacy operating systems and ask about your software maintenance regime. Using outdated software may be easy on the pocketbook because its something you paid for way back when. However, neglecting your software can be risky. New software vulnerabilities are discovered daily. You newer know when your outdated favourite software has a bug that can be exploited by Hackers. Microsoft, Google, Apple and other mainstream software vendors do a pretty good job in maintaining their software. It’s usually the smaller software vendors that you must watch out for. My team has used software exploits to gain the upper hand, and successfully penetrated networks. The path isn’t always easy, but occasionally you get some nice exploits that give you full control of devices with just a few clicks. And in the worst cases, you don’t even need credentials. Just select your target, click and done.

A great example of easy operating system exploits is MS08-067, and MS17-010. These are Microsoft designations for a couple of nasty exploits from the past. When used on a vulnerable Windows device, these exploits would give the attacker full control over the operating system. Do yourself a favour and ensure you’re budgeting for software upgrades and ensure your IT department or IT services provider continuously keeps things up to date.

Speaking of operating systems, please do not use no longer supported versions of Windows. This means Windows 7, Windows 8 and even some Windows 10 versions are no longer supported by Microsoft. To remain in support, I would suggest a 3-year hardware upgrade-cycle. That will ensure you’re always using the newest Windows and in-warranty/in-support hardware.

Let’s discuss wireless. I’ll bet most of you have wireless networks. They are convenient and help staff be mobile while working in the office, attending meetings or working from the roof top patio in the summer months. However, our testing always reveals wireless networks with improperly configured settings and most importantly using weak access-control mechanisms when authenticating wireless client devices. First and foremost, guests should be relegated to a “guest only” wireless network, that is separate from your (staff-only) business wireless network.

Secondly, the shared password used to authenticate guest devices, should be replaced with a captive portal. That means every guest device must register through a web browser. Using a registration portal keeps you in the know, as you’ll always know who is using your guest wireless network and for how long. Simply using a shared password and never changing that password does nothing to improve guest device access control.

Next, your business wireless network for staff (not guests) should never use simple shared password authentication. This type of authentication is meant for home use and can be exploited using a “de-authentication attack”. Without getting into the technical weeds, let’s just say that an unauthenticated attacker can force an already authenticated client device to forcibly disconnect and capture the password hash while the authorized device is re-authenticating with the wireless network. My team and I have done such things many times, and sometime from the comfort of our vehicle while in the client’s parking lot. Remember wireless signals pass through walls, so we don’t even have to step into your office. So, help yourself by implementing enterprise authentication for wireless networks that do not rely on shared passwords. Ask your IT department or IT services provider about Radius authentication with certificates.

I would love to share other tips and tricks, but these are beyond the scope of this article and would turn this into a novel. So, I will close with this suggestion: know your weaknesses, know your vulnerabilities, and have the comfort that you will survive an attack, with little impact and zero ransom paid. How do you do this? Perform an internal network readiness assessment. Have a qualified independent 3^rd party perform a controlled attack simulation and discover the holes and low hanging fruit attackers will exploit. Please don’t confuse an external penetration test with an internal network readiness assessment. They are not the same. Only by testing your internal network, you’ll find your weaknesses before the bad guys do.        

Running a law firm involves more than just providing excellent legal services; it also requires a grasp of some bookkeeping and accounting. A fundamental understanding of financial concepts is critical for maintaining compliance, making informed decisions, and steering your firm toward profitability. These five terms can serve as a helpful starting point in building your knowledge in this area.

1. Retained Earnings

What it is: Retained earnings represent the portion of a company’s profits that are not distributed as dividends but are reinvested back into the business or reserved for future use.

Why it’s important: Retained earnings can be used to invest in growth opportunities, repay debts, or build a financial cushion for unexpected expenses. Monitoring retained earnings helps assess the firm’s profitability over time and supports strategic planning.

2. Chart of Accounts

What it is: The chart of accounts is a structured list of all the accounts used by a business to record its financial transactions. Examples include categories like "Office Supplies" or "Client Trust Liabilities."

Why it’s important: A well-organized chart of accounts simplifies tracking financial activities, ensures accurate reporting, and facilitates compliance with regulatory requirements. For law firms, it’s especially critical to maintain a clear separation between trust and general/operating accounts.

3. Balance Sheet

What it is: The balance sheet is a financial statement that provides a snapshot of a company's financial position at a specific point in time, following the formula: Assets = Liabilities + Owner’s Equity.

Why it’s important: By reviewing the balance sheet, law firm executives can evaluate the firm’s financial health. It’s also essential for preparing for audits and external reporting.

4. Income Statement

What it is: Also known as a Profit and Loss Statement (P&L), the income statement summarizes a firm's revenues and expenses over a specific period.

Why it’s important: The income statement shows whether the firm is operating at a profit or a loss. It provides valuable insights into financial performance and helps identify areas for cost-cutting or revenue growth.

5. Bank Reconciliations

What it is: Reconciling is the process of comparing two sets of records to ensure that they are accurate, consistent, and in agreement. A bank reconciliation includes comparing the firm's financial records to its bank statements to ensure accuracy.

Why it’s important: Regular bank reconciliations help detect discrepancies, prevent fraud, and ensure compliance with legal and ethical requirements. For law firms, reconciling trust accounts is particularly critical to meet Law Society or Bar Association standards.

Conclusion

The terms covered are just a few of the fundamentals that are essential for safeguarding your firm’s financial health, ensuring compliance, and positioning your business for growth. Expanding your knowledge beyond these basics and staying actively engaged in financial management are vital for any business—but especially critical for law firms entrusted with managing public funds. Whether you handle bookkeeping in-house or partner with experts, understanding and participating in your firm’s finances is crucial for the success of your firm.

Cybersecurity services are essential for organizations aiming to protect their systems from potential attacks. While internal security measures may appear robust, it’s equally important to test them against external threats. This is where penetration testing (or pen testing) comes into play. By identifying vulnerabilities and addressing them before malicious actors can exploit them, pen testing strengthens your security posture.

What is Penetration Testing?

Penetration testing involves ethical hackers simulating real-world attacks to identify and exploit vulnerabilities in a system, network, or application. The goal is to uncover security gaps that might otherwise go unnoticed and provide insights into potential security threats. This process not only highlights weaknesses but also tests the effectiveness of existing defences under real-world conditions.

It's important to distinguish penetration testing from vulnerability scanning. While vulnerability scanning detects potential security weaknesses, penetration testing goes a step further by actively exploiting these vulnerabilities, providing a deeper understanding of security risks.

Types of Penetration Testing

Penetration testing can be applied across various systems beyond the typical business environment:

• Network Penetration Testing: Focuses on identifying vulnerabilities within an organization's network infrastructure, including firewalls, routers, and switches.
• Web Application Penetration Testing: Examines the security of web-based applications, identifying issues like SQL injection, cross-site scripting (XSS), and other standard web vulnerabilities.
• Social Engineering Penetration Testing: Assesses the susceptibility of employees to social engineering attacks, such as phishing, which can be a significant security threat.
• Wireless Penetration Testing: Evaluates the security of wireless networks, including the strength of Wi-Fi protocols and encryption methods.

The Penetration Testing Process

Penetration testing is best performed by a professional and qualified Managed Service Provider (MSP). While the exact process may vary between providers, a typical pen test follows a structured five-step approach:

1.  Planning and Reconnaissance: Define the test's scope and objectives and gather information about the target system to identify potential vulnerabilities.

2.  Scanning: Automated tools, such as Nmap or Nessus, are used to analyze the target system's response to different probing techniques. This helps map out potential entry points.

3.  Gaining Access: Attempt to exploit identified vulnerabilities to gain control over the target system, demonstrating the potential impact of an actual attack.

4.  Maintaining Access: Evaluate whether the exploited vulnerability allows the tester to remain undetected in the system, which simulates a persistent threat scenario.

5.  Analysis and Reporting: Compile a comprehensive report detailing the findings, including discovered vulnerabilities, exploitation methods, and recommendations for remediation to improve security.

Penetration Testing Tools

Several categories of penetration testing tools are typically used during this process, each serving a unique purpose:

• Network Scanners identify hosts and services.
• Vulnerability Scanners detect known vulnerabilities within a system.
• Exploitation Frameworks execute exploit code to test system defences.
• Password Crackers test the strength of password policies and identify weak credentials.
• Traffic Analysis Tools capture and analyze network traffic, detecting any unencrypted or vulnerable data flows.

By leveraging a combination of these tools, penetration testers gain a holistic view of potential weaknesses within the target environment, ensuring a thorough assessment and robust security recommendations.

Benefits of Penetration Testing

Proactively addressing cybersecurity risks can prevent incidents before they occur and provide valuable insights into your organization's security landscape:

• Identifying Security Gaps: Pen testing helps organizations discover and fix vulnerabilities that could be exploited by attackers.
• Regulatory Compliance: Many industries have compliance requirements, such as PCI DSS. Penetration testing can help meet these standards by providing documented evidence of proactive security measures.
• Improving Security Posture: Pen testing offers actionable insights that empower organizations to strengthen their defences and stay ahead of potential threats.
• Preventing Financial Losses: Cyberattacks can result in significant financial and reputational damage. Effective pen testing helps mitigate these risks by addressing vulnerabilities before they can be exploited.

Who Needs Penetration Testing?

Organizations of all sizes can benefit from penetration testing, especially those that handle sensitive data or are subject to regulatory standards. Financial institutions, healthcare providers, and eCommerce platforms are just a few examples of entities that can gain significant value from these assessments. Demonstrating a commitment to cybersecurity through ethical hacking helps maintain customer trust and protects your brand reputation.

However, penetration testing should not be the sole focus of your cybersecurity strategy. A comprehensive security approach should include multiple layers of defense, with pen testing serving as a critical component.

At Canon Canada, we are dedicated to helping our clients safeguard their businesses from cyber threats through specialized penetration testing services. Our expert insights and capabilities ensure that your organization remains secure and compliant, giving you peace of mind.

Your firm’s brand and its identity are incredibly important not only to how clients perceive you but also to the decisions you make, how you interact with the industry, and to the talent you can recruit. Over the course of an organization’s lifetime, a firm will need to consider a rebrand to ensure it is staying ahead of the competition, that the brand reflects its current and future goals and priorities, and that it remains at the forefront of its industry.

It sounds simple, but many professional service firms often grapple with the question, “to rebrand or not to rebrand?” In an effort to help you answer that question, we have put together a mini-guide to help you determine if it is time for your firm to rebrand.

What is rebranding?

In order to know if it’s time to rebrand, you first have to understand what a rebrand even is. By definition, a rebrand is changing the name, logo, or visual identity of an existing brand. A full rebranding would include the change of all brand elements, whereas a brand refresh can include a change to just the firm’s visuals or content instead of the whole brand identity.

What is the importance of rebranding?

Choosing to rebrand is a difficult decision, as it can be either beneficial or risky for a company. It offers an opportunity for corporate brands to expand their customer base or business, re-engage with their clients, and capitalize on opportunities to grow, modernize, or innovate.

Rebranding is also used in instances where a brand is being forced to change, such as mergers and acquisitions, negative press, legal issues, or moving into a niche area of focus.

Do I need to rebrand?

Rebranding needs to be a serious and strategic decision. For example, if you already have a lot of brand equity in the market or have invested a significant amount of money in brand collateral and assets, you may want to explore options to refresh your brand (such as a new advertising campaign or new content) as opposed to a full rebrand. In addition, a rebrand will not significantly solve issues related to brand awareness or low lead generation, so exploring other marketing opportunities in these situations may make more sense.

However, there are also many situations where a rebrand makes sense; here are a few of the common reasons we see at Cubicle Fugitive:

1.  Your business undergoes a significant change in strategic direction.

If your business is undergoing a shift in strategic direction, such as expanding into a new target market, changing its area of focus, or undergoing a major change in leadership, a rebrand can help you identify what will resonate and communicate your new direction clearly.

2.  Your brand identity no longer resonates with your target audience.

As a business evolves, so does its target audience. For example, ten years ago, a business law firm may have had an entirely different target audience; however, given the changing dynamic in who is pursuing entrepreneurship and how they are doing so, the firm may need to change its brand to be more inclusive of the business owners of today.

3.  Your business is struggling to gain a competitive advantage over competitors.

Although a rebrand is not always the answer when seeking a competitive advantage, in some instances, it is the perfect opportunity to differentiate yourself. For example, law firms tend to look and sound the same – many use red or blue logos (depending on their area of practice), rely on words such as “experienced,” “trusted,” and “knowledgeable,” and tend to share the same information over and over again.

In examples like these, a rebrand can help your firm or company cut through the noise and hone in on exactly what makes your services and offerings different. It can also ensure you establish a visual brand and tone of voice that enhances that message to the market.

4.  Your firm is merging or acquiring companies.

In the case your firm or company is merging with or acquiring new companies, a rebrand may be a necessary step to ensure cohesion. This is especially true if the M&A leads to the firm expanding into a new market, appealing to new clients, or changing the way it operates and the leadership at the helm.

However, depending on how the M&A will be executed, a rebrand is not always required. Discussing the situation with a brand strategist can help you understand if and when a rebrand may be required in this situation.

5.  Your business is lacking consistency in visual identity.

If your brand lacks visual consistency, a rebrand may be necessary to ensure that the elements of your brand are cohesive and backed by a strategy that everyone on your team can understand and implement into their day-to-day operations. Ensuring consistency of brand colours, logo usage, and other visual elements across internal materials such as PowerPoints, proposal templates, and letterhead aligns with external materials such as advertising materials, your website, and social media can ensure a client is able to recognize and engage with your brand.

In addition, ensuring the firm’s content is consistent and contains the same value proposition (and that staff are delivering on this value proposition) is essential to brand success. In these cases, a rebrand can help you establish the parameters and guidelines you need to help your firm actually ‘live’ the brand and feel passionate about your mission and vision.

How do I rebrand?

At Cubicle Fugitive, we typically take three main steps when working towards a rebrand. These steps ensure that the choices we make reflect the firm's history and changes in the market and advance its business goals.

Step one: Conduct a brand audit and analysis.

At Cubicle Fugitive, we typically undergo a thorough discovery process that examines the firm or company, its competitors, previous marketing and brand strategy work, and the industry to determine where the firm is and where it needs to go. This process is typically supplemented with both internal and external stakeholder interviews to ensure the positioning aligns with the firm's people and work.

Step Two: Positioning and Strategy.

Armed with our extensive research, Cubicle Fugitive then establishes a differentiated client value proposition and brand strategy. We provide key messaging, brand pillars, recommendations, and insights based on the research we conducted and the results.

Step Three: Take your new brand to market.

Once you have established your new brand identity, taking it to market is crucial for its success. Although the tactics you use will vary based on your audience and needs, we typically recommend you begin by designing and rolling out essential marketing collateral, such as a website, business cards, social media, etc., and then transition into wider marketing initiatives, such as Google Ads or social media campaigns, newsletters and client communications, brand awareness ads, etc.

Remember, a new brand will help you differentiate yourself in the market, but what you do with the brand marketing-wise will be what truly helps you gain the brand recognition and leads you desire.

Cubicle Fugitive can help with your rebranding efforts.

Although our three steps to rebranding may sound easy, the truth is that rebranding is often a long and contentious process. Firms must gain buy-in from their leadership team but also need to create a brand that reflects their entire staff, clients, and industry. This is not an easy process. At Cubicle Fugitive, our brand strategists bring years of experience helping professional service firms undergo rebranding processes. Whether you are looking for new content, a new visual identity, or a full rebrand, our strategists will be able to work with you and your firm to determine a market position and value proposition that reflects the exceptional work you do now while also helping to guide your firm in the future.

Cubicle Fugitive Inc. is a full-service brand, web design, and digital marketing agency, that specializes in building strategies that effectively convey brand recognition and client loyalty. Since 2003, we have been solely focused on building professional service brands, websites, and strategies for a variety of companies, including, but not limited to, law firms, educational institutions, healthcare companies, accounting firms, government departments and other professional service organizations.

For more information, contact our team today for an initial consultation to determine your needs and how we can support you.

In Toronto's increasingly competitive legal market, law firms are outsourcing IT services to cut costs, streamline operations, and stay ahead in a tech-driven world. This strategy not only reduces expenses but also boosts return on investment (ROI) by allowing firms to focus on core legal work while leveraging specialized IT expertise. 

A recent study shows that outsourcing IT can lead to cost reductions of up to 30%, with these savings directly improving profitability and resource allocation. “We’re seeing a growing trend of law firms embracing managed IT services,” says Damir Grubisa, a legal technology consultant. “The cost benefits are clear, with some firms reporting up to 30% reduction in their IT expenses.”

Key Benefits of Outsourcing IT Services for Law Firms

1. Lower Overhead Costs: By eliminating the need for in-house IT staff and infrastructure, firms can turn fixed IT costs into variable ones. Managed services, typically priced at $120–$200 per user per month, result in significant cost savings.

2. Predictable Budgeting: Outsourcing IT offers fixed monthly fees, making financial planning easier and helping firms avoid surprise expenses. “Predictable costs have made budgeting simpler for us,” says managing partner of a mid-sized Toronto firm. “Since outsourcing our IT, we’ve not only saved money but also improved our technological capabilities. It’s been a game-changer for our practice.”

3. Access to Expertise: Law firms gain access to specialized IT skills without the cost of hiring full-time staff. This is especially important as legal-specific IT needs differ significantly from other industries.

4. Improved Productivity: Lawyers can concentrate on billable work instead of dealing with tech issues. IT professionals handle the technical side, allowing legal teams to stay focused on delivering quality client services. 

5. Enhanced Security: Law firms handle sensitive data daily, making cybersecurity crucial. Managed IT providers offer advanced security measures such as firewalls, antivirus software, and multifactor authentication, ensuring that client data is secure. “Outsourced IT has helped us navigate the complexities of data protection and privacy laws,” adds Rosenbaum.

Tailored Solutions and Local Expertise

One key advantage of outsourcing IT is the ability to tailor solutions to specific legal needs, particularly in data management. Legal cases generate vast amounts of unstructured data, and outsourced IT teams can implement systems that ensure quick and secure access to important information, which is critical for case preparation and compliance.

Grubisa highlights the evolving nature of IT outsourcing: “As the legal industry continues to evolve, IT outsourcing is emerging as a strategic tool for law firms looking to streamline operations, reduce costs, and stay competitive in a technology-driven market.”

Cybersecurity: A Growing Concern

With cyber threats becoming increasingly sophisticated, law firms must adopt a multi-layered security approach. Managed IT providers help law firms stay protected by implementing VPNs, data encryption, and conducting regular employee cybersecurity training to mitigate risks. Proper vetting of providers and clear service level agreements (SLAs) further reduce security concerns while giving firms peace of mind.

Outsourcing IT services offers law firms in Toronto and beyond a competitive advantage through cost savings, operational improvements, and enhanced security. By partnering with specialized providers, law firms can focus on what they do best practicing law while ensuring their technology needs are handled by experts. As Martin Rosenbaum puts it, “Outsourcing our IT has not only saved us money but transformed our practice.” 

In a legal industry that’s becoming increasingly digital, IT outsourcing isn’t just a cost-saving measure it’s a strategic investment that drives growth, enhances efficiency, and maximizes ROI.