Cyber security Toolkit for Lawyers.

Cyber security Toolkit for Lawyers.

Law firms can be said to be among the juiciest of honeypots for hackers, given the confidential and privileged information and datasets lawyers come in contact with. Clients turn over their most valuable information to their lawyers under the auspices of attorney-client privilege. It is necessary that practitioners educate themselves in cyber security due to the reliance and use of technology in the legal sector. Lawyers now need to understand how cyber-attacks occur and how to protect themselves against them. Failure to take appropriate steps in this regard exposes a lawyer to the risk of breaching professional obligations. In legal practice, the duty of client confidentiality is paramount and must be considered in all activities. Simply put, client confidentiality should be the overreaching consideration that informs any workplace or lawyer’s a decisions/activities.

A successful cyber-attack may have severe consequences for lawyers and law firms alike:

  • Theft of corporate, and financial information
  • Destroying and rendering client data useless by irreversible encryption
  • Ruined reputation of the law firm/lawyer concerned, among other things 

Cyber security toolkits consist of effective tools that organizations, of any size, can use to take action to reduce cyber risks. The NDPR (Nigerian Data Protection Regulation) requires organizations to implement appropriate measures to protect personal data. Otherwise, there’s a risk of substantial fines. 

An essential cyber security toolkit would include, but not limited to the following:

  1. Use strong usernames and passwords
  • Make sure that all users have individual accounts
  • Enforce strong passwords, minimum of 15 characters with a mix of letters, numbers, and symbols
  • Have passwords changed on a regular basis
  1. Install Anti-virus and malware protection 
  • Purchase business grade anti-virus and email filtering. Don’t use free versions (some freemium services could be limiting)
  • Update the software regularly
  • Have it installed and monitored by a professional
  1. Limited access to systems and files
  • Only allow screened persons to view your data
  • Limit access to important files to employees on a need-to-know basis 
  • Monitor access to sensitive client information
  1. Regular back-up of data
  • Regularly back-up all data
  • Use both on-site and off-site back-up facilities
  • Ensure that you can easily access back-up data and restore it to your main system
  1. Encrypt data
  • Encrypt your data where possible. Encryption is another security layer that is extremely secure
  • Encrypt portal devices such as laptops and hard drives. Encrypted data is more difficult to hack
  1. Keep the system software up-to-date
  • Keep system software up-to-date. Older system software such as operating systems may have fundamental security flaws which are remedied through software patches(fixes)
  • Keep all your system software patched. Install updates on a regular basis and upgrade your software regularly to ensure that you are protected from vulnerabilities
  1. Protect all devices 
  • Be sure to protect all devices that access the practice’s system including laptops, mobile phones and tablets. Consider installing software allowing remote erasure of data in the event of theft or loss
  1. Training
  • Ensure all personnel are fully trained in cyber security measures. Many cyber-attack are successful because a staffer was not vigilant
  1. Insurance
  • Make sure you have adequate and appropriate insurance to cover you against cyber-attacks 
  1. Audit your service providers 
  • The firm’s IT service provider and/or cloud service provider should also take the same precaution enunciated above

Still not convinced?

The aim of cyber security tool kits is to ensure that the confidentiality, integrity, and availability of client’s data are preserved. The increased use of technology in organizational processes has exposed people to cyber threats and attacks. With every improvement in technology, the threat of cyber-attacks increases. Having a tool kit will help create some level of cyber resilience for lawyers. It has become necessary for lawyers to be aware of the cyber risks they may face and develop a security plan to address those risks all together, as you can never be too careful with your client’s data.

The Law Firm Pyramid Model

The Law Firm Pyramid Model

Law has been historically grounded in structure and tradition, and this has also been the case with a lawyer’s progression through the internal hierarchy of a firm. Traditionally, most law firms are still organized as a pyramid; many junior associates at the bottom of the pyramid, senior associates as middle management,  and a few partners at the top. However, this pyramid structure does not seem able to cope with the rapid changes happening in the legal sector and the evolving needs of the client. 

A typical lawyer begins his career path as an intern or associate in a law firm, and patiently works his way through routine work tasks, then slowly advances towards the promised land of being an equity partner. As he progress, repetitive tasks like draft creation, document reviews, writing briefs, or performing due diligence on contracts make up the majority of his workload, with partners only intervening for complex and/or strategic advisory work. Value is then based entirely on activity (the busier you are, the more efficient you look). This kind of structure incentivises lawyers to focus on short-term revenue goals rather than the long-term health of the firm or even client satisfaction. In a true pyramid model, a lawyer either moves up or moves out if they do not make it to the next level.

Technology enters the group chat…

With technology automating mundane tasks that would traditionally be the reserve of paralegals, the pyramid model is changing. As a result of the digital revolution, it is expected that the pyramid model will evolve into a more rocket-shaped structure with fewer associates per partner. This does not necessarily imply that the number of jobs in a law firm will decrease, but there will however be a change in the law firm’s composition: a small group of associates and a large group of IT and legal analysts. This can be explained by the fact that many of the tasks performed by junior associates will in the future be performed by legal engineers or legal analysts.

The traditional pyramid model no longer serves most clients, nor does it align well with 21st century legal professional except a handful of generally older partners. There is now a drive in creating client/consumer value as well as the realignment of provider and consumer interests, that is, adopting models that reward speed, efficiency and results.

The way to go…

A law firm model that would thrive in this digital age, as well as be able to cope with the rapidly changing needs of clients and the legal industry, is one that is client-centric, collaborative, data driven, tech-enabled, multidisciplinary, capitalized, and a digitally transformed one. Firms that still live by the traditional pyramid model might just die by it. 

Where would your law firm be in 10 years?

In recent times, there have been a lot of advances in business model innovation, rapid technological disruptions in all industries, and there will continue to be a gradual shift in the delivery of legal services. As opposed to the ‘traditional’ law firms, collaborations between legal engineers, legal technologists, and legal project managers working together to provide legal services to clients will constitute the future of law firms/lawyers. Agile multidisciplinary teams will partner to deliver empathetic user-centric legal solutions. Delivery of legal solutions will be provided by utilizing both labor and capital/technology. Artificial intelligence (AI) will be used to provide solutions within the legal sector. Over the next few years, AI will lead the next stage of transformation within legal service delivery.

So what should your law firm be doing?

In order to survive in the disrupted market, law firms will need to employ people with a range of different set skills. Law firms that do not develop with these technological disruptions will be left behind. Traditional law offices will start to disappear as more people are able to work remotely. Video-conferencing will become the way all court appearances are handled in the future. The law firm of the future will provide its client with the ability, through technological platforms, to continuously monitor progress and receive updates on their matters and working files. Legal bots will become the first port of call for clients, elicit information from clients, help with decisions, and give customized advice and generate documents.

New ways of doing things…

Client transactions will be completed through smart contracts using blockchain technology. Flexible working will also change the legal profession over the next decade. Another area of change will be the way legal research is carried out – a “robot lawyer” which relies on AI to understand search queries put to it in natural language, retrieve the precise passages in precedents that relate to the queries, and rank them based on a scoring of their relevance.

In 10 years…

In the next 10 years, law firms will be in an era of rapid digitization of the legal field and legal services. Routine jobs of junior lawyers will be automated. They will be carried out by computers or outsourced to external providers (this is already in motion by the way). In less sophisticated dispute resolutions, the participation of lawyers will be less and less required. The hierarchical structures of law firms will be flat, and not a pyramid. Law firms/lawyers that do not acquire a number of skills coming from the worlds of management and engineering have a high probability of failing in their role.