Special focus: Legal technology 2015
Law firms may have the latest technology for preventing cyberattacks and the theft of confidential client information, but this means little if fee-earners are not properly trained
How secure is your law firm? You may think that by simply installing software designed to prevent security breaches that your firm is immune from danger, but this is a common misconception. Training fee-earners and other staff to follow the correct security procedures is crucial if your firm wants to avoid a situation where ‘human error’ compromises its efforts to use technology to keep client data safe.
Technology, like the law, never stands still. In a climate of increasing threats to IT systems, many law firms are now looking towards “digital transformation” to bring their processes into the 21st century, according to Mark Edge, UK country manager at software service provider Brainloop. “Digital transformation is a generic term, which can mean a whole host of things, including moving content online, having a digital strategy or moving towards a paperless office,” he adds.
Edge highlights collaboration and secure file ‘share and sync’ as two of the biggest benefits provided by digital transformation. They enable documents to be worked on and edited collaboratively by employees, clients, partners, regulators and authorities, removing the need to print out and consolidate multiple edited copies. “Moving away from mountains of paperwork can save legal firms time, money and provide increased security for documents within an organisation,” Edge says. Law firms are advised to consider solutions that cater for ‘multiple use cases’ and requirements. For example, a single collaboration platform can solve multiple challenges related to ‘automated versioning’ and rights management technologies, as well as providing efficient workflows for managing, sharing and collaborating on sensitive and matter-related data.
However, keeping up with ever-evolving technology is a major challenge. A recent report by PwC on how UK law firms are investing in digital technology found that, while 80 per cent acknowledged the need to respond to digital age technology, only 23 per cent had implemented the necessary involvements. Indeed, the prospect of a “digital transformation” will likely ring alarm bells within law firms due to the long-held belief that such solutions are expensive, difficult, time consuming to implement, unnecessary, or simply unsafe.
Andra Robinson, director operations at contract management firm Concord, says most of these misconceptions have been debunked. “In particular, cloud solutions have made it possible for firms of all sizes to cost effectively and quickly implement technology solutions,” she says. “Furthermore, the operational efficiencies gained by implementing technology far outweigh the investment at the outset of the implementation. “
Simon Thompson, director at legal technology consultancy Change Harbour, shares Robinson’s sentiments. He says “client centricity” is important for law firms if they want to differentiate themselves from their competitors: “Many [firms] are trying to develop deeper and more systemic client relationships, while building and implementing sector-based business development and marketing plans in which they demonstrate leadership in the industries in which their clients operate – technology used in this space includes CRM systems, social media, intelligent news feeds, extranets and client collaboration spaces.”
Thompson says alternative fee arrangements, as well as effective practice and financial management systems can facilitate effective analytics and business intelligence, project management systems and profitability planning models. “Make sure you are investing in the right place,” Thompson adds. “IT infrastructure, like datacentres, servers, storage, networks and so on, are increasingly becoming a commodity which you can buy on an ‘on demand’ basis, this is not where the modern law firm should be making large scale capital investments – the legal chief information officer’s (CIO’s) responsibility is to pro-actively enable their law firm to exploit technology in order to meet their strategic objectives and drive competitive advantage.”
To this end, technology has somewhat levelled the playing field within the legal profession. All law firms – rather than just the giant law firms – can now look more at automating routine non-essential aspects of the practice as they all have access to high-end technology and solutions.
Fee-earner training is vital
Carlos García-Egocheaga, the Madrid-based managing director of LexSoft Systems, points out that technology is available to everybody so law firms get no competitive advantage simply by having it. “It is the processes that you decide to implement and how you do so that will give you a cutting edge over the competition,” he adds. “So it is not only about the technology you use, but how you make sure that everyone within your organisation understands it, and how you train them in how to go about the process of using the technology the firm makes available.”
This egalitarianism is becoming a threat to law firms. Tech-savvy, virtual law firms are being established and growing in numbers, while a recent Altman Weil survey found that 67 per cent of US law firms stated that they were losing business to in-house legal departments that are in-sourcing legal work. To compound this, the report said the second largest ‘non-traditional’ threat to law firm business is clients’ use of technological tools that reduces the need for lawyers and paralegals.
As such, law firms must be able to adopt the appropriate strategy for investing not only in their technology infrastructure, but also in the personnel to exploit it. The risk is that, failing to adequately do so, may mean more work is lost to more innovative firms or clients. Robinson says it is important that law firms identify their priorities and work out where technology can reduce inefficiencies and improve communication and collaboration between stakeholders. “Once the priorities are defined, focus on investing in the essential technology solutions to address the top line priority,” Robinson says. “Ensure the solution you invest in is one that will be readily adopted by your entire firm – do your homework, and get feedback from key stakeholders in the firm to ensure you are making the right choice.”
An even bigger concern for law firms is the misuse or abuse of technology, such as data protection breaches and fraud. Emily Orton, head of marketing at cybersecurity company Darktrace, says technology has been a major catalyst for change in the legal sector, allowing firms to operate global workforces, service clients worldwide, as well as facilitate remote working and the digitisation of documents. However, she adds that the speed at which this has happened has also created vulnerabilities.
“Law firms are now facing the same technology threats as banks and financial services firms, but law firms can be seen as the soft underbelly,” Orton says. “Law firms are at risk because of the confidential and often highly sensitive data belonging to clients that they have and which could be obtained – they can also be used as a stepping stone to infiltrate another entity.”
Steve Holland, senior vice president of global professional risks solutions at Lockton Companies, says that his organisation has witnessed a large increase in notifications of cybercrimes in the last year: “Criminals are targeting law firms with hacks, scams, false client emails and frauds. It is important to provide staff with basic training in order to avoid a firm falling foul of a cybercrime because it can be a very expensive mistake.”
Orton says the traditional approach to cybersecurity has been to simply try to block threats but that model has been “blown out of the water”. She adds: “The technology has become so sophisticated and the tools so advanced – in addition to internal factors such as the conduct of employees and contractors – that it is imperative to view cybersecurity as an immune system and try to find out breaches as early as possible. Indeed, a cyberattack does not happen overnight, hackers are usually inside the system for months.”
Security breaches inevitable
Experts stress the importance of the human aspect in data protection and cybersecurity diligence. Neil Cameron, from Neil Cameron Consulting Group, says the most common misunderstandings law firms have about increasing their use of technology is that “all they need to do is install the software and they will get the benefits, and therefore thinking they can avoid extensive change management and fee-earner training”. To illustrate the point, the benefits of security procedures such as “two-factor authentication” and content-based email encryption – as well as intrusion prevention and detection tools and policies are limited – if staff do not adhere to them. A recent survey by Brainloop suggested that the legal sector’s most sensitive data is at risk from poor file sharing habits, such as using insecure methods or not following data protection procedures.
Edge explains that employee behaviour poses one of the biggest dangers to IT security in the legal sector today. “The statistics show that the loss of confidential business information and devices is more commonly caused by employee misbehaviour, whether as a result of carelessness, ignorance or malice,” he says. Consequently, Edge suggests that law firms should concentrate on turning employees into ‘security assets’ who are aware of their responsibility for the security for the business.
“Unfortunately, for most organisations, it will be a question of when, not if, they will be subject to a cyber security breach,” Edge says. “Despite the unpredictability of when the next cyber security incident might occur, there are risk factors that IT chiefs can control to protect their organisation to the best of their ability – in a constantly evolving cyber-environment where the risks are increasing daily, law firms are under mounting pressure to ensure their data security regimes are capable of protecting them against both external and internal threats.”