Transforming Risk Into Opportunity for Legal Professionals
“Hackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading…. The firms… represent Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations.” From The Wall Street Journal, March 29, 2016
“Don’t assume a crack is too small to be noticed, or too small to be exploited,” he said. “If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter. Those are the ones nation-state attackers will seize.” From US Hacker-in-Chief of National Security Agency (NSA), January 2016
Australian Legal Landscape at Risk
The legal landscape today is underpinned by powerful information and ‘big data’. The specific content and scale associated with law practice holdings, is pushing the legal landscape into extreme risk conditions. These holdings are beacons for hackers and cyber attacks which deny access, cripple data, hold one to ransom and/or sell it on with huge ramifications. Law firms must build strong security barriers urgently and minimise risks.
The 2006 research report, “Preparing Australasian Law for a Digital, Divergent, Differentiated Future” prepared by Australasian Legal Practice Management Association (ALPMA) and LexisNexis, has discovered that Australian law firms, according to practitioners, are still “struggling to keep up with technology”. Rather disquietly the research points to legal practices characterised by insufficient and vulnerable “in-house IT capability” and most still reliant on outmoded and “non-integrated management systems”.
How are you tackling the pressing dangers and legal revolution in information technology, compliance and governance? Is it a burden weighing you down? Or can you see it as a genuine opportunity for collaboration, adding value for your client, your firm and your future? Michele Gossmeyer, Director, Information Governance & Compliance at Dentons (USA), outlined some ideas for turning risk into opportunity in her presentation at Legal Innovation & Tech Fest 2016. Here’s a brief summary of her ideas.Triumvirate of Stakeholders for Risk Mitigation
Current law practice hegemony points us to a triumvirate of key stakeholders. All three hold key information and play major roles in legal risk investigation, assessment, mitigation and governance.
1. The Media Brings Headlines and Alerts
The media today can hold great sway. It notifies us of dire events and dangers as well as interesting developments in the busines of law. The media drew great attention to the cyber attacks reported in The Wall Street Journal as referred to at the start of this post and recent ransom-ware attacks on Australian law firms. Problematically, the media can also be overwhelming and sensational, leaving us scratching our heads about how to tackle the issues they report.
There are also occasions when they do tackle issues head on. With regard to valuable risk mitigation resources came this year’s YouTube video from the NSA Chief Hacker (quoted previously) which details methods to prevent major hacking within legal information stock piles. It speaks loudly to legal IT administrators and law professionals in general. It is a free resource holding a wealth of information towards the protection of sensitive legal and client information and well worth the watch.
2. The Client Brings Great Prospects for Collaboration
Within the various legal entities of today, clients must have a pivotal, defining influence on best practice. Practitioners are devoting far more time to clients’ goals and outcomes and collaborating to keep each other informed about a range of issues. Discussion around risk assessment and risk mitigation policy and process should be packaged into legal services for all clients. Commitment to such collaborations should also be demonstrated through deeper knowledge about client activities and risks. Media should be routinely targeted to gather client information and market issues that may evolve into risk. Information chains should be built within client teams and all material shared.
The ACC Value Challenge is a key resource when planning for a client centred legal practice. (Its publication the ACC Value-Based Fee Primer details processes for establishing client outcomes and it unequivocally states that today we need to go “beyond vague notions of success like ‘effectively resolving the litigation ‘or ‘closing the deal’.” Rather, that defining success in today’s legal landscape means “drilling more deeply to establish a measurable benchmark of performance, either for the matter as a whole or for discrete pieces of it.” Examples of outcome statements are proposed including complaint dismissed, patent issued, litigation settled for less than $xx or a positive decision from a regulatory or government agency.
3. Utilise Your Network of Colleagues – Near and Far
Two domains can be explored and engaged for collegial collaboration. Firstly, with the colleagues working alongside you. Operating in today’s technological and global legal landscape it’s easy for colleagues to become isolated in dedicated departments for instance administration, IT or in-house counsel. This immediately creates barriers to discovering a wealth of experience and information.
Informal collegial sharing is often rewarding but formalised collaboration across departments highlights new and insightful information. It aims to capture data securely in a defined, efficient process. It creates genuine opportunities for analysing previously unidentified or ignored risks and untapped resources available to mitigate. Leaders in successful firms know to entrench such processes in policy. Collaborative processes must also be soundly endorsed by top level stakeholders.
There is a key role for formal auditing with colleagues and clients and interestingly during Michele’s presentation at Legal & Innovation Tech Fest 2016 a show of hands from participants indicated that auditing pressure was a key reason for attending this event and skilling up.
Secondly, think about colleagues in the global context. There are excellent models of collaboration in the US. For example, affiliation between the IT legal profession learning from their financial industry with its record of superior intelligence management. There is also a big US push for cooperation with government bodies. Indeed, a legal services information sharing and analysis organisation is now active across the US, UK and Canada and has garnered 100+ firms co-operating for an improved legal landscape. Australia would do well to look to such flagship models.
How Can Australian Law Professionals Transform Risk into Opportunity?
As seen in the aforementioned APPAA findings on IT in Australia, we come up short by comparison.
The exponential growth of risk has been hovering over legal landscape in Australia for some time. The high stakes, particularly associated with mismanagement of information held in trust, should be setting off alarm bells. This should be especially so for those wanting to practice long term in the profession. Information technology, compliance and governance should be the prime focus when tackling risks for the first time.
The Australian population has been a very early adopter of information technology so our legal industry might take faith in the knowledge that there are plenty of savvy lawyers looking to the opportunities surrounding risk management.
Overhauling an industry or even just one practice can be threatening and hard work. Embarking on change introduces barriers such as disruption, trepidation and expenditure. The message may be deemed highly commendable but the who, what, when and how are far from simple. It’s wise to note that change can appear disempowering to individual staff members for whom collaboration about IT risks may be very confronting, especially with clients. Like the media it can be overwhelming.
Jumping barriers to change requires assuredness, commitment and finesse. Successful change for risk management demand clear expectations and dedication from leadership, teams charged to specifically drive the process, concise logistics, appropriate and succinct audit/questionnaire testing and development, data processing and interpretation, realistic deadliness and expectations. Both the dialogue and research surrounding best practice contain valuable resources which are readily available for those who choose to be part of the revolution.
This article is based on Michele Gossmeyer’s insightful session at Legal Innovation & Tech Fest 2016 “Risk Management & Information Governance: Opportunities to Build Invaluable Client-Service Relationships”.
Image courtsey of http://www.freedigitalphotos.net/ and podpad