Digital transformation is the new reality for all organisations, and the legal sector is no exception. How are law firms in the UK navigating the journey, and what are they doing to ensure that the opportunities digital delivers aren’t compromised by a lackluster IT security stance?
We sat down with Ashley Pierre, Security Solutions Consultant at Nomios to find out.
1. Where do legal firms in the UK sit on the digital transformation spectrum - legacy laggards, transformation champions or somewhere in the middle?
Most legal firms I’ve worked with are somewhere in the middle. The legal sector is well-established and many laws haven’t changed since the middle ages. So it’s fair to say that in comparison to other sectors this isn’t an industry characterised by rapid change!
It’s only now that we’re seeing change being forced. The newest crop of lawyers expect to work in a progressive environment where technology is used as an enabler of productivity, efficiency and customer satisfaction. Mobile working and secure remote access are not nice-to-haves, they’re expected.
Clients expectations are also shifting – they want to be able to share information and receive updates in an efficient and secure way. I personally selected a conveyancing firm because they used a secure portal to track all interactions and provide real-time status of my house purchase.
2. What are the main challenges legal firms are facing from a technology perspective?
With the exception of larger firms, most legal companies have small IT teams – perhaps only two or three people. It’s difficult for them to stay on top of the latest innovations and vendor offerings when their day job is to keep general mass IT systems up and running. Ongoing maintenance is time-consuming and it’s easy to get bogged down. As a result, IT leaders aren’t always able to take a strategic view of how technology could help to make the business more efficient, productive and appealing to clients.
From a security perspective, legal firms make an attractive target for cybercriminals. The type of information they handle – financial, commercial and personal – is highly desirable. Staying ahead of the latest threats and minimising the risk of compromise is both critical and constant.
3. What is keeping senior IT security professionals in the legal sector awake at night?
Ultimately it comes down to upholding the reputation of the business and ensuring client confidentiality. Any leak of sensitive information could be catastrophic.
Add to that the ongoing challenge of ensuring that the existing infrastructure runs smoothly – updates are performed, patches rolled out, new users onboarded – and it’s a wonder that they get much sleep at all!
4. What SHOULD be keeping senior IT security professionals in the legal sector awake at night?
The most effective way of preventing a security breach is to educate users and encourage a cyber awareness culture within the business. This means assessing the risks, identifying the assets which are most likely to be targeted and getting executive buy-in to involve the whole organisation.
IT leaders should also be integral in delivering new digital services to clients. Paper-based, manual processes are being eliminated in all sectors, but are still commonplace in legal firms. There’s a huge opportunity for those who are willing to break the mould and embrace a more digital approach.
5. Can you give us any examples of technology initiatives that have driven a particular business benefit - such as competitiveness, productivity, etc.?
One of our clients recently engaged with Nomios to deliver a managed network service, alleviating much of the day-to-day tasks and maintenance they were previously doing themselves. This particular firm is saving time, money, and is now able to focus on more customer-focused projects.
We’re also working with the same firm to increase productivity by enabling secure, mobile working and implementing an effective endpoint security strategy.
Other companies are actively engaged in implementing DMARC to protect their email domain from unauthorised use. Spoof emails are a common attack vector and any legal firm with government clients – such as the NHS, police service, central and local government – is required at a minimum to implement this protocol. It’s also simply good security practice to ensure email communications are secure and client data is kept safe.
For more information on email security best practices, check out our blog on decoding email security.