Law firms are increasingly casting off their archaic image in favour of technological solutions to make workflow more efficient, to store data and to enable lawyers to work from anywhere.
With advantages come challenges. A ‘click of a button’ approach to case management can lead to a failure to grasp clients’ requirements and to meet their expectations. Outsourcing and mobile working arrangements can cause confidentiality and data handling issues. Solicitors also need to be alert to the possibility of IT security threats, including viruses, spyware, hackers and phishing.
A significant breach can easily cause a firm to fall foul of the regulatory framework and can even give rise to negligence claims. On a more general level, a failure to demonstrate a commitment to IT security may be an indicator of an overly lax attitude to risk management; something which could cause serious problems when it comes to renewal of solicitors professional indemnity insurance.
Here are some of the key issues solicitors (and their clients) need to be aware of.
Case management systems: a tool, not a substitute for a client-centric approach
Case management software can be extremely valuable in ensuring deadlines are met and cases are progressed in the right way. They can also be useful in the context of file review and supervision – making it easier for supervisors to check that everything is on track.
One of the key features of these systems is their ability to pre-empt the next step in a legal matter; to automatically assemble documents (e.g. letters or court papers) that a solicitor can complete simply by populating fields. Boilerplate templates and standard letters can be tweaked to include personalised content relevant to the individual client. Solicitors need to be constantly aware of the temptation of relying too much on standard responses and automatic actions. A CMS may suggest the next step. The solicitor may be tempted to follow the suggestion without proper consideration of whether such a step is appropriate for that client at that particular point in time. What’s more, if a client’s experience of communication from a firm consists almost entirely of pro forma emails and letters, he or she is less likely to come away with the feeling of having been provided with a ‘personal’ service.
Remote working: are all lawyers aware of their data-protection responsibilities?
A solicitor may think nothing of downloading files onto a portable file from time to time to work on the train. In terms of client confidentiality, there’s a lot more to worry about here than thinking about who might be looking over your shoulder. A firm may be vigilant when it comes to its own hardware, but is there anything being done about transfer of data to unsecured devices?
Cloud-based solutions: is your system fit for purpose from a compliance standpoint?
The Solicitors’ Regulation Authority (SRA) has recently drawn up guidance for use of cloud-based solutions. This type of provision involves data and software being held on remote servers operated by separate providers. As well as being a generally cheaper than maintaining local servers, it also allows for safe mobile working. As long as solicitors and support staff are given a log-in, they can access relevant data and software from anywhere.
Firms need to give careful consideration to their choice of cloud provider. Does the provider take all steps necessary to ensure data remains confidential? If the provider is outside the UK, do local laws pose a risk to confidentiality? Firms are advised to inform their clients if they use cloud computing. For high profile or unusually sensitive matters, it would be highly advisable to obtain positive consent.
Cyber attacks on law firms: no longer the stuff of science fiction
By their very nature, solicitors firms hold lots of sensitive client information, of potential value to hackers. Effective risk management means putting into place safeguards appropriate for the threat in question. Whereas a decade or so ago, this may have meant setting up and maintaining a pretty basic firewall around a firm’s network, the game has now changed. Research from PwC and the UK Government’s Department for Business, Innovation and Skills suggests a typical cyber attack costs small organisations with 50 or fewer employees between £65,000 and £115,000 per breach. The high cost is due in part to an ongoing lack of security understanding within most businesses.
The complexity and increased number of routes available to attackers – along with the potential rewards available to hackers, means cyber security is a complex business. It’s not something law firms can afford to ignore – as the long-term reputational damage of an attack could be more expensive than the initial ‘clean-up’ costs.
Tech-based solutions can help drive solicitors’ firms forward – so long as lawyers recognise and deal with the potential risks involved.
Bluefin Professions is one of the UK’s leading independent insurance brokers, providing specialist insurance and risk management services to individuals and businesses. It provides market leading insurance solutions delivered locally through a network of 42 offices and over 1400 staff.
As a top ten independent UK insurance broker, Bluefin provides specialist advice across all classes of business including property, employers liability, public and products liability, professional indemnity, contractors all risks, motor and engineering. Bluefin also underwrites on a wholesale basis for a wide range of products and schemes. Bluefin is proud to have been awarded Chartered Insurance Brokers status by the Chartered Insurance Institute in 2012.