Category Archives: compliance

Risk of Cyber Breaches so high now that Insurance could become Mandatory for lawyers? Time to explore options.

Shocked young girl in front of computer monitor in a law firmInteresting comments from legal practitioners and the insurance sector at the Doctors Chambers Modern Law Conference 2016 at Old Trafford; reported recently in Modern Law.

According to David Hallam, Commercial Director at NCC Group –  the majority of data breaches arise from “phishing attacks”.  He explained that their expert hackers can gain access to systems “within 20 seconds” and once the hackers are in “40% manage to launch malware”, and of that 40%, “30% manage to obtain or compromise sensitive data”.  Responding to questions posed by the session chair, he concluded that cyber insurance “is moving towards becoming mandatory” for lawyers.


According to Verizon’s Data Breach Investigations Report, May 2015:

  1. 23% of people open phishing emails
  2. 11% open the attachments in those emails
  3. In 60% of cases, attackers can compromise your data within minutes
  4. It typically costs between £33 and £35 to fix each record breached

Michelle Garlick, Risk and Compliance expert at Weightmans said – “Firms can’t just sit and hope that attacks won’t happen … [they are] taking insurance more seriously” and looking more at “AAA rated insurance companies”;  also suggesting that when it comes to cyber risk, conveyancing is more risky than personal injury and that it is “too early” for cyber insurance to be mandatory.

On the other hand, Lesley Graves, MD of Citadel Law said that cyber crime could easily affect the personal injury market because firms often deal with “large amounts of money and sensitive information”. She recommended that delegates undertake a “business assessment” and look at how to build the long term cost into the business strategy”.

Ian Muldowney, Head of Professional Indemnity & Financial Risks (Reich Insurance Brokers) has seen a steep increase in calls surrounding cyber risks, particularly over the last 12 months, “with a huge increase in cyber crime activity both in the UK and globally, our clients are discovering that criminals are looking to target large organisations and SMEs alike.”

With the National Crime Agency noting that losses from such crimes exceed £16bn in the UK annually, clients are right to be concerned and to have cover in place which offers both preventative advice and a security blanket should anything go wrong. This is particularly were an expert broker can prove their worth.”

To address these critical risks:

1) Assess the risks and take steps to prevent breaches. The priority should be to take the 10 steps highlighted in this article to make your practice more cyber-resilient.

2) Insure against the breaches you can’t prevent.  You can be sure that no law firm can eradicate the risks completely – so backup insurance is essential with the risks clearly increasing here.  To give you a feel for the kind of cover available from reputable and reliable insurers, speak with a broker who has taken the time to understand Cyber insurance – such as Reich Insurance – who can review your needs and advise you on the best solutions available.

Reich Insurance, Cyber risksA policy can be sourced to provide:

  1. 24 hour incident number available 24/7.  Essential as it is critical to act quickly.
  2. A specialist IT forensics expert within 1 hour.
  3. Diagnosis of the issue, fixing it and getting the business back on track.
  4. Covering the costs of a) notification, b) data restoration, c) cyber business disruption and d) cyber extortion, all of which are real and potentially substantial costs in this situation.
  5. Help with public relations and specialist legal advice.

For more information about this and other relevant insurance policies, contact Reich on 0161 830 5491.

To discuss what steps you should be taking now to reduce the risks of cyber breaches and build cyber resilience into your practice, contact NIgel Stott at Inpractice UK on 0161 929 8355 or fmanning@inpractice.co.uk

Business Analytics and Reporting to help you run a better law firm – Bi24

C24, Wright Hassall

Improve the performance of your legal practice – fill gaps in the capability of your practice management system.

CASE STUDY:  Wright Hassall, solicitors implemented Bi24, which is C24’s business analytics and reporting solution for law firms, connected to Wright Hassall’s key data feeds across management reporting, practice management systems and marketing applications.

The Outcomes:  Easy access to data and insights has changed the way teams work at Wright Hassall, providing users across the entire organisation from Managing Partners to support staff with the ability to perform ondemand, self-service reporting whenever they need to. Data can now be pooled between different applications to drive greater insights across work in progress cases and ensure better returns on investment for marketing activities.

One of the most important developments is the ability for the firm to create dynamic client facing dashboards that assimilate information into one place; showing the client’s current billing position, work in progress, outstanding payments due, hours worked and activities undertaken. This enables Wright Hassall to keep their clients up to date and provide them with regular reporting so that they are aware of payments due, which is increasingly important in a post-recession era where maintaining healthy cash flow is a business reality.

Additionally, Wright Hassall are now able to extend their reporting capabilities out to customers of their clients, for scenarios where updates on legal matters are required to be reported to a client’s wider customer base. For instance, Wright Hassall can provide reporting via portals to the tenants of their property management clients with updates on tenancy agreements, disputes and queries. This enables Wright Hassall to differentiate itself by becoming a data services provider to its own clients, in a way that suits the business models and growth objectives of its key client base.

IT Director, Martyn Wells, highlighted the change in the business through the introduction of better reporting practices. “Data is now driving behaviours within the firm. When partners are creating their forecasts and business strategies for the year, they are now proactively seeking out data insights from the Bi24 tool to inform their strategies”, commented Wells. “We are also seeing how better reporting through Bi24 can allow us to stay competitive in an age of fixed price fees, enabling us to continually assess costs and margin positions for better business decision making. Data is now supporting us in achieving our ambitious growth targets.”

DOWNLOAD a copy of the full CASE STUDY REPORT here >>

For more information about other proven technology solutions that can improve the operation of your business, contact Allan Carton at Inpractice UK.

Unique online delivery system for ILM & CMI approved management training

Blended LearningeAlliance Education Centre

Our L&D business partner, eAlliance has just launched an innovative learning and education platform that enables law firms to deliver fully accredited ILM and CMI approved training  qualifications to staff using a partial or fully online service to support delivery of programmes that cover essential personal skills needed in any legal practice:

  • Team Leading (Level 2)
  • Leadership & Management (Levels 3 & 5)
  • Coaching & Management (Levels 3, 5 & 7)

Why is the Education Centre different to a normal Learning Management System (LMS)?

The Education Centre delivers a “qualification in a box”.  It has all the standard features you would expect from a modern LMS, but is uniquely configured to intuitively support the learner’s journey through a qualification programme. It contains online curriculum, learning resources and support materials that have been mapped to qualification units in key business subject areas from team leading to senior executive level.  It equips your trainers and L&D team to:

  • Plan and manage every aspect of a qualification delivery process
  • Give access to quality learning and resource materials, pre-mapped to each unit
  • Provide tutor support materials and tools
  • Host virtual classrooms, online tutorials and social media forums
  • Manage assessments, communication and reporting
  • Support blended or fully virtual delivery models

Supporting Tutors, Training Providers and Businesses

The Education Centre is fully customisable, enabling you to create your own qualification programmes from a range of key subject areas. With a virtual classroom, easy-to-manage assessments and simple communication and reporting features, this system has everything you need to deliver professionally recognised development programmes that will make a real impact on both your people and organisational performance.

Which qualifications do Education Centre Support?

Team Leading:

Leadership & Management

Coaching & Management

To contact eAlliance to request more information or to book a demo – go here.

Meeting EU requirements for Online Dispute Resolution is the best approach for clients … and law firms.

EU ORD Directive ComplianceThe European Union has stipulated that consumers who buy a product or service online should be able to submit complaints to the supplier via an EU Online Dispute Resolution (ODR) platform, so – from 15 February 2016 – all e-commerce businesses must carry a link to this platform on their website.  The complaint, once submitted, will be transmitted to a recognised alternative dispute resolution entity to try to facilitate a solution.

It appears that law firms are probably caught by these regulations as providers of legal services,  so the safest approach is … to comply and then make the most of this approach to improve client satisfaction.

The link to the EU ODR platform is accessed here.

Weightmans Solicitors, which advises on regulatory issues in respect of law firms, has advised members of Manchester Law Society to update their websites to include the ODR EU Platform link due to a new EU requirement that came into effect on 15th February 2016 – and they practice what they preach here where you will find their wording for this on their own site.

Why Lawyers Should Take Steps Now to Comply

The Department for Business, Innovation and Skills (BIS) considers that the regulations will affect law firms who send or receive contracts and client-care information by email as this constitutes “offering goods or services on a website or by other electronic means”.

An advert for legal services on a website is not an offer; merely an invitation to treat, but emailing  a contract or an engagement letter might be construed as an offer “by other electronic means.”

To comply with the regulations, businesses MUST provide:

1. A link to the ODR platform

2. The firm’s email address

The Legal Ombudsman (LeO) will continue as one option to resolve any complaints, but there is also an obligation to nominate a certified ADR entity such as ProMediate (with particular experience of legal services) to mediate complaints and claims.

  • LeO is not a certified ADR provider, so complaints coming though the EU’s ODR system cannot be referred to them.
  • ProMediate offer faster turnaround times than the LeO, which both law firms and their clients generally want, which increases satisfaction with the complaints process.
  • Many clients will prefer engagement in the dispute resolution approach in contrast to a complaints process.

Even if the LeO become an approved ADR provider in the future – which is unlikely as they decided NOT to do this in early December 2015 – there would still be a requirement (in addition to any existing regulatory requirements under relevant Codes of Conduct) for law firms to provide information regarding the ODR platform to clients by email and in Terms and Conditions.

We recommend that law firms should:

  • Include a link to the EU ODR platform on their website; and,
  • Identify and nominate an appropriate certified ADR entity to deal with:
    • At least any complaints that are initiated through that platform; but also,
    • Other disputes that arise with clients if they or you consider mediation is a more attractive approach than making a complaint to an Ombudsman in the circumstances.
  • Nominate ProMediate as your certified ADR entity because they have all the accreditations needed, commit to a short turnaround time, charge a reasonable fee and have experience with legal services.

For more information about how to comply or about nominating ProMediate, contact Peter Causton on 07827 961764 in confidence to explore options; or by email to enquiries@promediate.co.uk options.

ProMediate is a CTSI Certified Alternative Dispute Resolution Provider under the ADR Regulations 2015 and have partnered with Greater Manchester Chamber of Commerce to deliver a dispute resolution service to their c. 4,500 members.

Is engaging your people high on your agenda for 2016? If it is, now is a good time to explore new options that can help you leapfrog competitors.

Employee EngagementIt should be!  Engaging people in what you want to achieve – when there is a lot of change and re-focusing of priorities needed – is a critical area of management where most law firms should be focusing right now …. but where is the best place to start afresh or re-engage? 

Let us help you explore how you can use some tools to make this happen (to keep the momentum going), with confidence.

Senior management in most law firms struggle to engage and develop people and to implement new business development initiatives on target.  Nobody feels they have enough time, but a lot of precious management time and energy is easily wasted through lack of consistent focus on what everyone is trying to achieve.  

The Challenges and the Opportunities for UK Legal practices – READ MORE HERE >>

It could be so very different, with Simitive to help structure and manage engagement, projects and development of people.

People – from the CEO or Managing partner to the office junior – work more effectively if they are helped to understand what they can do to make the best use of their skills and experience – and fill gaps as they become apparent; not having to wait for the next formal appraisal.

Many senior managers are too busy because they feel only they can do all of the jobs they do; eating up every second of the day. That does not make for a sustainable business. Management need to find a way to develop others around them to share the load, contributing more, with sound support to ensure results now and fill the gaps in skills and experience along the way.

Arrange a FREE Demonstration of Simitive for you and your team.

Simitive – developed and implemented successfully in other professional services sectors – provides a framework to support better and more effective, routine engagement of people in all aspects of the work they do;  fee earning, management, projects, personal and business development, mentoring etc.  Transparency and alignment of objectives and tasks enables managers to constantly review progress and provide input when needed, quickly adapting the plan by agreement as things progress.  Internal communication, collaboration and innovation all benefit too.

The Simitive solution comprises 3 key components to add structure to management of your practice:

  • Simitive ObjectivesSimitive Goals & Projects provide interactive, real-time management and monitoring of organisation, team and individual goals, objectives and projects. The system ensures that all organisational, team and individual goals and projects are clearly defined, agreed, visible and up to date, with a clear line of sight upwards and downwards through the whole organisation. Clients using Simitive Goals & Projects report a 20% saving in administration time, a 20% saving in wasted effort and a significant increase in the level of employee engagement on the desired outcomes of the organisation.Simitive Review
  • Simitive Review creates an on-going ‘living review’ that aligns with an individual’s goals and allows a more sophisticated, ongoing and adaptive way to communicate. Users of Simitive Review typically see completion rates increase to over 90%. At the same time the quality of conversations increases with over 85% or reviewees and reviewers reporting significant improvements in the quality and value of their appraisals.
  • Simitive LearningSimitive Learning Management helps law firms manage the SRA’s new competency requirements (that are replacing CPD), providing a real-time learning management platform that engages every individual directly in identifying, agreeing and completing learning and development activities.  It enables you to work together with your people to define what learning activity is required, when, and by whom.  It also chases your staff pro-actively to advise of training required.  Simitive’s Learning Management System (LMS) supports SRA-style behavioural, competency and skills frameworks, providing the platform for talent management and succession planning.

To arrange a demonstration contact Allan Carton on 0161 929 8355 or at acarton@inpractice.co.uk

Monitoring Internal Threats

The potential for employees to steal data, breach confidentiality and security policies or corrupt your internal systems is increasing and it’s clear from the increasingly stringent demands of clients that this is an increasing concern for them.

Compliance to ISO 270001 is heading up the agenda for commercially focused legal practices as management of these risks becomes a higher priority for clients; much in the same way as “effective” Disaster recovery and business Continuity have become essential rather than just a “good to have”.  Maybe – for a period of time – ISO 270001 could be a meaningful differentiator before it becomes a standard requirement?  It is not easy to implement, but it does instill good practice that should really be developed anyway.

Anyway – Is the type of solution outlined in this video of interest to law firms now?  Is there a gap to be filled and do you think this would contribute effectively to managing internal security in your practice?