Category Archives: Risk Management

Risk of Cyber Breaches so high now that Insurance could become Mandatory for lawyers? Time to explore options.

Shocked young girl in front of computer monitor in a law firmInteresting comments from legal practitioners and the insurance sector at the Doctors Chambers Modern Law Conference 2016 at Old Trafford; reported recently in Modern Law.

According to David Hallam, Commercial Director at NCC Group –  the majority of data breaches arise from “phishing attacks”.  He explained that their expert hackers can gain access to systems “within 20 seconds” and once the hackers are in “40% manage to launch malware”, and of that 40%, “30% manage to obtain or compromise sensitive data”.  Responding to questions posed by the session chair, he concluded that cyber insurance “is moving towards becoming mandatory” for lawyers.


According to Verizon’s Data Breach Investigations Report, May 2015:

  1. 23% of people open phishing emails
  2. 11% open the attachments in those emails
  3. In 60% of cases, attackers can compromise your data within minutes
  4. It typically costs between £33 and £35 to fix each record breached

Michelle Garlick, Risk and Compliance expert at Weightmans said – “Firms can’t just sit and hope that attacks won’t happen … [they are] taking insurance more seriously” and looking more at “AAA rated insurance companies”;  also suggesting that when it comes to cyber risk, conveyancing is more risky than personal injury and that it is “too early” for cyber insurance to be mandatory.

On the other hand, Lesley Graves, MD of Citadel Law said that cyber crime could easily affect the personal injury market because firms often deal with “large amounts of money and sensitive information”. She recommended that delegates undertake a “business assessment” and look at how to build the long term cost into the business strategy”.

Ian Muldowney, Head of Professional Indemnity & Financial Risks (Reich Insurance Brokers) has seen a steep increase in calls surrounding cyber risks, particularly over the last 12 months, “with a huge increase in cyber crime activity both in the UK and globally, our clients are discovering that criminals are looking to target large organisations and SMEs alike.”

With the National Crime Agency noting that losses from such crimes exceed £16bn in the UK annually, clients are right to be concerned and to have cover in place which offers both preventative advice and a security blanket should anything go wrong. This is particularly were an expert broker can prove their worth.”

To address these critical risks:

1) Assess the risks and take steps to prevent breaches. The priority should be to take the 10 steps highlighted in this article to make your practice more cyber-resilient.

2) Insure against the breaches you can’t prevent.  You can be sure that no law firm can eradicate the risks completely – so backup insurance is essential with the risks clearly increasing here.  To give you a feel for the kind of cover available from reputable and reliable insurers, speak with a broker who has taken the time to understand Cyber insurance – such as Reich Insurance – who can review your needs and advise you on the best solutions available.

Reich Insurance, Cyber risksA policy can be sourced to provide:

  1. 24 hour incident number available 24/7.  Essential as it is critical to act quickly.
  2. A specialist IT forensics expert within 1 hour.
  3. Diagnosis of the issue, fixing it and getting the business back on track.
  4. Covering the costs of a) notification, b) data restoration, c) cyber business disruption and d) cyber extortion, all of which are real and potentially substantial costs in this situation.
  5. Help with public relations and specialist legal advice.

For more information about this and other relevant insurance policies, contact Reich on 0161 830 5491.

To discuss what steps you should be taking now to reduce the risks of cyber breaches and build cyber resilience into your practice, contact NIgel Stott at Inpractice UK on 0161 929 8355 or fmanning@inpractice.co.uk

Business Analytics and Reporting to help you run a better law firm – Bi24

C24, Wright Hassall

Improve the performance of your legal practice – fill gaps in the capability of your practice management system.

CASE STUDY:  Wright Hassall, solicitors implemented Bi24, which is C24’s business analytics and reporting solution for law firms, connected to Wright Hassall’s key data feeds across management reporting, practice management systems and marketing applications.

The Outcomes:  Easy access to data and insights has changed the way teams work at Wright Hassall, providing users across the entire organisation from Managing Partners to support staff with the ability to perform ondemand, self-service reporting whenever they need to. Data can now be pooled between different applications to drive greater insights across work in progress cases and ensure better returns on investment for marketing activities.

One of the most important developments is the ability for the firm to create dynamic client facing dashboards that assimilate information into one place; showing the client’s current billing position, work in progress, outstanding payments due, hours worked and activities undertaken. This enables Wright Hassall to keep their clients up to date and provide them with regular reporting so that they are aware of payments due, which is increasingly important in a post-recession era where maintaining healthy cash flow is a business reality.

Additionally, Wright Hassall are now able to extend their reporting capabilities out to customers of their clients, for scenarios where updates on legal matters are required to be reported to a client’s wider customer base. For instance, Wright Hassall can provide reporting via portals to the tenants of their property management clients with updates on tenancy agreements, disputes and queries. This enables Wright Hassall to differentiate itself by becoming a data services provider to its own clients, in a way that suits the business models and growth objectives of its key client base.

IT Director, Martyn Wells, highlighted the change in the business through the introduction of better reporting practices. “Data is now driving behaviours within the firm. When partners are creating their forecasts and business strategies for the year, they are now proactively seeking out data insights from the Bi24 tool to inform their strategies”, commented Wells. “We are also seeing how better reporting through Bi24 can allow us to stay competitive in an age of fixed price fees, enabling us to continually assess costs and margin positions for better business decision making. Data is now supporting us in achieving our ambitious growth targets.”

DOWNLOAD a copy of the full CASE STUDY REPORT here >>

For more information about other proven technology solutions that can improve the operation of your business, contact Allan Carton at Inpractice UK.

Meeting EU requirements for Online Dispute Resolution is the best approach for clients … and law firms.

EU ORD Directive ComplianceThe European Union has stipulated that consumers who buy a product or service online should be able to submit complaints to the supplier via an EU Online Dispute Resolution (ODR) platform, so – from 15 February 2016 – all e-commerce businesses must carry a link to this platform on their website.  The complaint, once submitted, will be transmitted to a recognised alternative dispute resolution entity to try to facilitate a solution.

It appears that law firms are probably caught by these regulations as providers of legal services,  so the safest approach is … to comply and then make the most of this approach to improve client satisfaction.

The link to the EU ODR platform is accessed here.

Weightmans Solicitors, which advises on regulatory issues in respect of law firms, has advised members of Manchester Law Society to update their websites to include the ODR EU Platform link due to a new EU requirement that came into effect on 15th February 2016 – and they practice what they preach here where you will find their wording for this on their own site.

Why Lawyers Should Take Steps Now to Comply

The Department for Business, Innovation and Skills (BIS) considers that the regulations will affect law firms who send or receive contracts and client-care information by email as this constitutes “offering goods or services on a website or by other electronic means”.

An advert for legal services on a website is not an offer; merely an invitation to treat, but emailing  a contract or an engagement letter might be construed as an offer “by other electronic means.”

To comply with the regulations, businesses MUST provide:

1. A link to the ODR platform

2. The firm’s email address

The Legal Ombudsman (LeO) will continue as one option to resolve any complaints, but there is also an obligation to nominate a certified ADR entity such as ProMediate (with particular experience of legal services) to mediate complaints and claims.

  • LeO is not a certified ADR provider, so complaints coming though the EU’s ODR system cannot be referred to them.
  • ProMediate offer faster turnaround times than the LeO, which both law firms and their clients generally want, which increases satisfaction with the complaints process.
  • Many clients will prefer engagement in the dispute resolution approach in contrast to a complaints process.

Even if the LeO become an approved ADR provider in the future – which is unlikely as they decided NOT to do this in early December 2015 – there would still be a requirement (in addition to any existing regulatory requirements under relevant Codes of Conduct) for law firms to provide information regarding the ODR platform to clients by email and in Terms and Conditions.

We recommend that law firms should:

  • Include a link to the EU ODR platform on their website; and,
  • Identify and nominate an appropriate certified ADR entity to deal with:
    • At least any complaints that are initiated through that platform; but also,
    • Other disputes that arise with clients if they or you consider mediation is a more attractive approach than making a complaint to an Ombudsman in the circumstances.
  • Nominate ProMediate as your certified ADR entity because they have all the accreditations needed, commit to a short turnaround time, charge a reasonable fee and have experience with legal services.

For more information about how to comply or about nominating ProMediate, contact Peter Causton on 07827 961764 in confidence to explore options; or by email to enquiries@promediate.co.uk options.

ProMediate is a CTSI Certified Alternative Dispute Resolution Provider under the ADR Regulations 2015 and have partnered with Greater Manchester Chamber of Commerce to deliver a dispute resolution service to their c. 4,500 members.

Develop your legal practice using Cloud applications … but get your data security right. You need to anyway!

In the Cloud, walking a tighrope

I recently presented on this topic at the Law Management Section’s Finance & Business Conference, so you can download a copy of the full presentation at the foot of this post.  

The presentation includes screenshots and information on some of the key hosted applications that are helping law firms to implement new initiatives more quickly and effectively than they could do in the past; all of which are worth checking out.

However, there is more to consider to make sure you make the right moves, as discussed below.  If you want to find out more about what solutions and approach might work best for your people and your practice, I’m always happy to have a preliminary discussion about options for free if you call me on 07779 653105 or contact me here.

Lawyers don’t have to wait to “move to the Cloud”; most of you are already there, using online and hosted applications.  There are many good hosted / online tools you can use now to fill gaps in current on-premise systems. Some examples given in here include:

  • Management Information and KPI dashboards
  • Market and Business Intelligence
  • Client Relationship Management (CRM) systems
  • Automated time capture
  • Social media e.g. Linkedin and Twitter
  • Conveyancing searches
  • Microsoft Office 365

We want our clients to use more cloud applications where it makes sense, but there is a quandary …

Using applications “in the Cloud” today means that your people are entering passwords to access data from various locations and more, posing data security risks; often without the IT team really knowing who is using what – and being poorly equipped, funded or supported from the top to implement effective and essential data security systems.  Not a lot of management time has gone into addressing risks here in – I would say – most law firms.

And by the way, the biggest risk to data security, is your own people; not hackers – so you can do something significant about this to reduce the risks.  Using encryption more consistently would be a good start.

When you actually move your IT infrastructure to the Cloud (e.g. moving to a hosted practice management system), it is more likely that data security issues will be considered, but are still not fully addressed in most firms.

However, perhaps we now have the answer?  Because clients are beginning to demand proper data security from their lawyers; and because cybercrime has been recognised as a serious risk for law firms, senior management in law firms are just beginning to invest time and money in data security e.g. to achieve ISO 27001 accreditation.

If that means proper security systems are implemented, then lawyers can get on and use these Cloud applications (which are inherently more secure and reliable than systems running in your office) then get on and use more of these Cloud applications to develop your business … with confidence.

They can help you engage people more quickly and produce results earlier with (almost) “ready to use” systems involving less IT development pain on new initiatives. However, lawyers need to catch up on IT security to do this safely.

DOWNLOAD the presentation here >>

Great plans, but people need to be “engaged” in the business to make them happen?

Businessman holding up an OK signNow, as law firms are trying to change their business radically to meet new and changing demands, there is a critical need to deliver on new business strategies and initiatives. “Employee Engagement” is where most potential lies to improve the short term performance and long term sustainability in most law firms.

The Challenge … and the Opportunity

Top management can have all the best business development plans, new service propositions, process maps, key account management or new technology in the world, but if employees don’t understand and value the part they play, efforts to implement them WILL fail.  They won’t produce the results hoped for; probably missing the mark by a very long way.

We’ve seen it happen many times before, where initiatives lose momentum, detractors snipe at the advocates and everyone gets stressed out.  The job may get done … eventually, but it has been much more painful than it should have been, people get worn down and the results are nowhere close to what was achievable.

Your people should be your most valuable asset.  In many firms they are not.

People work more effectively if they understand their role in the business they work in and are supported effectively on projects allocated to them.  Effective communication, mutual respect, collaboration and understanding what is expected of each other amongst colleagues contribute significantly to motivation.

Lawyers have never been good at finding time to engage the people around them; nor to develop the skills needed to do that effectively.  Maybe that didn’t matter so much in the past.  I have interviewed a lot of capable and dedicated, but seriously disenfranchised people on projects over the years – not just management and support, but lawyers too.

In the past, this failing has just made a lot of law firms more stressful – but maybe also less challenging – places to work, which was a shame, but not fatal to the business.

Going forwards it will be an obstacle to survival as others establish a new momentum, actively supported by the people working for them.  Law firms stuck in old ways, unable to get people to do things differently will suffer.

Research has shown that “engagement” pays off.

  1. About 37% of an employee’s time in the office is wasted just because they do things that don’t make any difference; and that applies to both lawyers and support staff.  That is about 14 hours per week that could be used much more productively.
  2. You can radically reduce this wasted time by as much as 17% to release about 7.5 hours per week to more relevant work by creating better focus on better aligned organisational goals.  That might be earning fees, developing business, mentoring their team, training others …
  3. Clarity of Success Criteria also reduces stress and promotes focused contribution to the business aligned to corporate and individual development.
  4. Consistent, regular monitoring results in early identification of potential issues in either individual or organisational performance, creating the opportunity for pro-active intervention.

Why does that really matter?

If you move your practice to one where employees are “engaged” you would expect to:

  • Improve the profitability of the business
  • Maximise the engagement and utilisation of all resources.
  • Generate effective collaboration between people, teams and departments
  • Reduce stress and anxiety that derives from uncertainty
  • Develop innovative improvements in internal operations and added value services
  • Visibility of roles and tasks so each person knows what is expected of them and others
  • Deliver projects on time and within budget
  • Improve clarity, ownership and reporting of Organisational Goals.
  • Facilitate Organisational and Cultural change to meet business challenges.
  • Improve the engagement of staff in their own and organisational goals.
  • Improve visibility of skill and resource shortfalls.
  • Facilitate succession planning.
  • Simplify compliance and associated reporting.
  • Provide a platform management of programs and projects.
  • Deliver Staff training and development including compulsory training (e.g. health and safety, diversity, fire, environment) with compliance validation

What does “Engagement” look like?

You will get the message from this thought provoking X-Model of “Engagement” video.

How to build effective engagement into the fabric of your law firm?

Making it happen is the subject of the next post on the topic of “Employee Engagement”. Please come back soon; or register on the site and we will let you know when the next update has arrived.

To find out more in the meantime about how we at Inpractice UK can help you develop and implement an effective approach to engaging your people to improve the performance of your practice, contact Allan Carton on 0161 929 8355 or at solutions@inpractice.co.uk.

Fixed fee commercial litigation – credit to IM for their commitment

Fixed fee commercial Litigation from Irwin Mitchell – sounds attractive to clients but isn’t this what all litigators are/should be doing?   Need engaged people to understand and deliver; but also good process, time records project and risk management to deliver … but why not?

“Upon instruction the firm will analyse the likely legal fees to be incurred by the client and then, in conjunction with expert law costs draftsmen, prepare a proposed fixed fee for each stage of the litigation process, including solicitors’, expert witnesses’, and counsel’s fees.” 

More here >>

Monitoring Internal Threats

The potential for employees to steal data, breach confidentiality and security policies or corrupt your internal systems is increasing and it’s clear from the increasingly stringent demands of clients that this is an increasing concern for them.

Compliance to ISO 270001 is heading up the agenda for commercially focused legal practices as management of these risks becomes a higher priority for clients; much in the same way as “effective” Disaster recovery and business Continuity have become essential rather than just a “good to have”.  Maybe – for a period of time – ISO 270001 could be a meaningful differentiator before it becomes a standard requirement?  It is not easy to implement, but it does instill good practice that should really be developed anyway.

Anyway – Is the type of solution outlined in this video of interest to law firms now?  Is there a gap to be filled and do you think this would contribute effectively to managing internal security in your practice?