The rapid rate at which IT evolves brings with it opportunity for Chambers. But, getting IT right means focusing on the right areas and creating a straightforward plan around each. We talk about why security, flexibility and stability are our top three recommendations when it comes to Chambers’ IT focuses, and share some of our chambers experience to help kick-start the process.
It’s easy to understand why the legal industry might be high up in the target list when it comes to cybercrime. Barristers are entrusted with sensitive personal data on a daily basis: specific personal data such as dates of birth and addresses, medical reports, bank statements, criminal records, employment records and the list goes on. The combination of this extensive client data and intellectual property, plus sometimes a lagging awareness of the risks themselves poses a very real threat to the industry. And, the threat is not isolated to the sector’s giants, given the compromised budgets and technical expertise often associated with smaller sized organisations.
With agreement now having been reached on the General Data Protection Regulation (GDPR), data protection practices will need reviewing anyway over the next couple of years if the heftier fines of 2-4% of turnover are to be avoided. Change won’t happen overnight though, so this is another reason why taking steps in the right direction now makes good sense, including reducing the likelihood of a breach in the first place, as well as considering deploying systems to alert of potential vulnerabilities, where it is feasible to do so (the GDPR specifies that data controllers – normally the customer – will have to notify breaches to the supervisory authority ‘without undue delay’ and, where feasible, within 72 hours).
There’s no denying that technology should be high on the agenda when it comes to reducing cyber risk. There is no ‘one size fits all’ but equally it needn’t be complex and it needn’t be big money. A regular Chambers’ audit of IT systems in place plus IT processes, plays an important role, and highlights any improvements required in the configuration of systems, access controls/privilege management, firewall policy and device security for example.
Ensuring barristers and staff also have a common base level of situational awareness, are fully aware of the available systems/policy and have an opportunity to ask security questions pertinent to their day to day working without embarrassment or fear, is equally vital. Risks associated with responding to phishing attempts, downloading malware, using unsecured wifi and device/data management are all in the barrister’s hands at the end of the day. Yet, it is also Chambers’ reputation at risk. Organising regular security sessions already form part of the plan to strengthen the collective defence where the more progressive Chambers are concerned, and this will hopefully have a ripple effect right across the industry.
In all, with the cost of the worst breaches more than doubling year on year* and the likelihood of a breach on the increase, a tailored response, spanning process, systems and people, ranks in our top three priorities for Chambers’ IT agenda.
We are ‘always on’ in our personal lives and, as the boundaries of work and personal lives continue to blur, the shift in expectations extends into the barrister/client world as well.
Technology that enables barristers to be effective and efficient in the delivery of services to their clients is no longer a ‘nice to have’, it is imperative. Cloud offerings, in various guises, go a long way to enabling extended hour working and removing location restraints that may have once been associated with delivering legal services to clients. When assessing your cloud choices, our advice is always to keep things flexible and make sure there is no tie-in for the longer term (contractual or hidden!).
There is no getting away from the fact that, even with industry-leading secure IT systems in place to provide the working flexibility you need, you may experience small hiccups with your day to day IT from time to time. The same is true even for employees within the largest of enterprises with the biggest of IT budgets. An issue may not be a widespread IT infrastructure problem but, if it affects one barrister, it may hold up time-critical work on a case, impacting that barrister’s reputation and subsequently the reputation of Chambers. Where IT is not provided as an in-house function, making sure an expert is contactable, somebody who can help outside of 9am-5pm when case work is ongoing, can give barristers and clients additional peace of mind.
Such is our reliance on IT systems these days, the quality and availability of IT services being provided can have a direct impact on the service barristers are able to deliver to clients. Asking questions of your IT partner such as a/ how they track, measure and ensure client satisfaction and, b/ if service guarantees have been agreed, whether these are automatically tracked and any service rebates paid as a matter of course, or whether the client has to apply for such rebates, are typically good base indicators of whether a partner shares your emphasis on service excellence
The performance of core IT infrastructure has improved across the board to the extent that it is often easy to take this for granted and perhaps await an operational outage, such as a power or hardware failure, to bring the need for IT Disaster Recovery to the forefront of IT discussions. However, such failures might have significant repercussions if recovery plans have not been given due advance consideration.
The implications of putting DR on the backburner could of course be worse still. Sadly, the not too distant memory of the Holborn fire and threats of terrorist activity are very real reminders of this. In the case of the Holborn fire, some businesses were without power and their primary Internet connection for days, even given the credible response by the various services. We certainly hope that this type of incident is not to be repeated but the more comprehensive DR plans consider even the less likely events.
By identifying core services and systems – typically email, diary, files and phones as a minimum in the case of Chambers – we can start to think about the impact of the various possible event levels, from the most likely incident type such as extended power outages or hardware failures, to a primary Internet connection outage, to the extreme scenario of not being able to access Chambers or primary IT servers. With some careful consideration, a plan can be drawn up and recommendations can be prioritised in accordance with the probability of the event.
Back-ups are undoubtedly a very important part of the DR planning process but, even with offsite back-ups in place, crucial questions still need to be asked about guarantees around the recovery time of back-ups and how such back-ups would practically be accessed in case of an event.
As with other aspects discussed, technological developments mean that DR solutions can now be crafted in such a way that financial outlay for Chambers needn’t be prohibitive in order to guarantee service delivery requirements, so even if you have looked at this before, the message is to revisit DR. It is absolutely possible to remove the ‘what if’ IT worry and the headache of managing client expectations and financial implications that would go hand in hand with any period of significant downtime.
When it comes to legal IT, there could be a long list of recommendations and a Chamber’s structure might be seen as an obstacle to implementing change.
In our experience, the IT priority list can be reduced to a vital three: security, flexibility and stability, giving Chambers a firm foundation to survive and thrive as the legal landscape continues to evolve.
- 2015 Information Security Breaches Survey, conducted by PwC
Author: Louise Wynn, Business Manager, Instant On IT
About Instant On IT
Instant On IT provides tailor-made IT guidance, management and support to SMEs in the legal sector and other professional services sectors. Instant On IT are cloud specialists, with proven experience in this field for over 9 years. The company has developed an outstanding reputation for knowledge and quality of service over the course of the last 12 years. Their approach is founded on the principles of integrity, quality, dedication and flexibility.