Tag: Legal IT

5 ways law firms can benefit from document solutions

Posted on by Beth Price

5 benefits of managed document solutions

When law firms think about how they can optimise their IT environment, it’s doubtful they consider the impact printing has on their business. After all, it’s a basic, everyday task and it can be difficult to see how changing it will benefit the firm in any way?

Yet in a document-intensive business like law print is a likely area where you’re burning through your crucial resources of time, money and manpower. So how can using document solutions help prevent this, and what benefits does it bring?

5 ways document solutions can benefit your law firm

1. Lower IT spend

How often do you print something just to proof-read it and throw it away? What about printing a document in colour, only to realise you really needed it in black and white and having to print again? These may seem like small costs individually, but if everyone in the firm is doing this on a daily basis then it soon mounts up. Even if you think you know your costs, your actual spend is likely to be more. MPS providers will be able to identify several areas your firm will be able to optimise the budget, from eliminating unnecessary hardware to ongoing monitoring of the print environment and making more efficient use of resources. Centralised, web-based administration software provides you with a comprehensive view of your entire print fleet and surrounding processes, removing the need for time-consuming site visits to configure each device. You can remotely schedule maintenance and update software versions for all devices whenever you need to.

2. Greater document and data security

Documents left lying about on the printer represent huge potential for a data leak. Just imagine if they contained highly sensitive client data and were picked up by the wrong person? Solutions like “Follow-Me” printing will prevent this. Instead of documents printing automatically, users will have to sign in to the device to release their documents. Users won’t be able to access the print queue of anyone else. Also as only one individual can log into one machine at a time, it prevents print jobs from overlapping and documents mix-ups. These solutions are simple to implement and can utilise existing methods of building security. If employees already use a fob for building access, this can be configured as their printer access key. Additionally, the centralised software allows approved system administrators to view previously printed material in the printer log to check who’s been printing what.

3. Improved workflows

There are a vast amount of solutions which can make printing, scanning, copying and fax quicker and easier. The right provider will learn end-user trends to help you develop workflows and rules that really meet their needs. This will help them to complete day-to-day tasks in a more simple way. With rule-based systems you can automatically send documents to be stored in the right place, providing quick and user-friendly access. Printing rules can be configured based on document size, type or volume. Larger jobs, like court bundles, can automatically be sent to the most cost-effective machine. Automate time-consuming recurrent processes to free up your employees’ time and prevent annoying mistakes.

4. A manageable environment

A new firm-wide, software solution roll-out doesn’t have to cause frustration and ongoing problems for your employees. If handled correctly, the impact of installation on day-to-day management should be insignificant. Having a consistent, user-friendly interface across all devices not only reduces training time but means it will be unlikely that you will need to retrain employees if you bring in a new device or upgrade a current model. It also increases the end-user adoption rate as they don’t have to set aside time to understand a new system, improving the overall cohesion of the office.

5. Reduced storage costs

The majority of law firms will not only have documents in-house but will also have offsite storage as well. Imagine how much employees waste searching through boxes of files for that one important memo? Then add on the cost of transporting that employee back and forth between your offsite storage facility and the office. It’s not going to be a one-off occurrence, and time and money soon add up. Rules-based routeing and scanning allow you to easily convert your paper documents into digital files. This increases search capabilities, saves time, improves security and greatly reduces ongoing storage costs. With an intelligent managed solution you can scan bundles direct to court, reducing costly paper files transportation.

At the end of the day, these are just a fraction of the benefits documents solutions can deliver. An optimised solution, from the right provider, will bring true operational enhancement and positively impact your bottom line.

The benefits of flexible working for law firms

Posted on by QuoStar

the benefits of flexible working for law firms

Flexible working is slowly becoming more common in the legal sector, with numerous firms announcing plans to implement the practice in the last few months or, at the very least, exploring the idea.

This increase is a response to numerous issues affecting law firms, whether it’s improving work/life balance for employees, the challenge of having global teams in different time zones, or in response to escalating rental costs – a particular concern for London-based firms, many of whom are starting to move out of the city.

We are also seeing a good number of start-up and boutique firms using quite advanced technologies to work from home or hot desk, giving them much better profit margins than their larger competitors. There’s no real reason why firms cannot increase the availability of flexible working.

The Benefits of Flexible Working

Flexible working can take many forms – part-time working, term-time working, home-working, compressed work, flexitime or hot-desking are all possibilities to explore. The practice can bring many benefits to a firm, among them including:

1. The ability to hold on to valuable staff

For example, those who need to work part-time in order to balance work and family life.

2. Reduced levels of sick leave

Employees will feel less run down due to a better work/life balance. Alternatively, they will no longer have to take sick leave in order to meet other personal commitments.

3. Increased employee morale, engagement and commitment to the firm

Staff will feel taken care of and have the flexibility to meet personal obligations and life responsibilities.

4. Improved productivity

Staff can work when they feel they can accomplish most and feel freshest – depending on the flexible work schedule adopted.

5. Greater talent pool to recruit from

It develops an image as an employer of choice, e.g. family-friendly, modern etc. Many workers these days, particularly graduates, have higher expectations and view flexible working as the norm.

6. Faster response time

Business decisions today can be made or lost in a matter of minutes. Having employees who can work from anywhere, at any times, means firms can be more responsive.

7. Reduced overheads

Flexible working initiatives like hot-desking have the potential to save money in terms of office space. For some firms, it’s unnecessary for every member of staff to have a fixed desk, and it’s a waste to pay for an empty desk.

Some firms implementing or exploring flexible working:

Herbert Smith Freehills

The firm has had a flexible working agreement since 2012, but in August announced plans to implement agile working across all its London based practice groups following a successful three-month trial. A number of partners and fee-earners were invited to work from home up to one day per week. The majority of those involved gave positive feedback; 89% reported improved work-life balance; 75% said flexible working improved their productivity and only 3% experienced negative responses.

Foot Anstey

The firm launched a “warm-desking” pilot in August, which is set to run for two months. The move is partly a response to a need to look for new premises in the city within the next three years.

BLM

In February, the firm announced that it was offering a flexible working program for all its London staff as it consolidates its two offices into one. BLM said they have invested heavily in technology to make flexible working simple and achievable.

The key to achieving the benefits of flexible working is implementation. Technology, of course, is important but also easy. Any IT department should be able to enable employees to work in the same manner, whether they’re in the office or not, without effort. A vast array of technologies and readily available Internet connectivity make it easy to collaborate in and out of the firm.

There are however also other softer elements to consider. Personality types, organisation and culture can all determine whether flexible working is a possibility for your firm. Overall you should focus on the business requirements first and foremost.

If you are considering flexible working for your firm then check out the Five Minute Guide For Becoming a Flexible Employer.

10 Data Leak Prevention Tips for Law Firms

Posted on by QuoStar

IT security - 10 data leak prevention tips for law firms

Data leak prevention (DLP) is a subject that comes up again and again. “How do I stop data leaks from occurring?” and “How do I know if a data leak has happened?” are two questions that legal firms want answers to.

The premise of DLP is to stop intellectual property, client details or other sensitive data from passing into the unprotected Internet. Something that sounds easy, but isn’t. Leaks can happen via email, internet browsing or a breached cloud platform.

You may realise that those are three of the biggest things your firm uses every day and that’s where the difficulty comes in. Setting up a full DLP system is usually difficult and takes a lot of time, technologies and planning. But before you can even start to make a plan you need to understand the fundamentals.

What are the types of data leak?

  • In transit
    • Being intercepted whilst travelling over the wire, i.e. email, web chat, web traffic, etc.
  • At rest
    • From areas such as a file share, a database or from a desktop or laptop.
  • In use
    • From screen captures, clipboard, a printer, USB disk, CD, etc.

Your firm should break down each of these areas, understanding when data is in each vector and how it could leak via the vector. Once you understand what you have and what risks you face on each classification you can start to think about controls and policies. For instance:

  • What is your policy on staff plugging in USB sticks?
  • What controls will you have to stop sensitive details lying in the printer?
  • What is your policy on sharing information via social media?

The controls will vary significantly by but here are 10 areas to consider when contemplating how to keep your sensitive data secure from an accidental or malicious leak.

How can you make data secure?

1. Portable encryption

You should encrypt any sensitive data which leaves the secure confines of your firm’s network. You’ll need software systems to control this as you cannot typically rely on employees to do it. It only takes a lost USB disk, laptop or phone to deliver a severe or critical blow to a firm.

2. Endpoint protection

The data endpoint is typically a computing device, i.e. desktop, laptop, mobile, server, etc. It’s on these devices that IP and confidential data resides or passes through. DLP endpoint protection solutions can protect data inside and outside of the network by controlling functions, such as print, copy, and data transfer to USB devices or a cloud storage platform, such as DropBox.

3. Email content control

Email is a common source of a data leak, as employees use it to send confidential information and documents. Content filtering uses deep content inspection technology to scan the text, images, and attachments of an email, to flag up any potential threats and can alert you if a user tries to send sensitive information.

4. Intelligent firewalls

Data leakage often arises from email, IM or internet use. Firewalls can protect individual computers and whole networks from security threats and can take automatic action against potential data leaks, unauthorised access or malicious behaviour, either by notifying the administrator or by blocking the action.

5. Device control

Endpoint solutions allow administrators to control what devices are in use. They can also see when they have been used, who by and what information was copied, managing the threat of portable storage devices. You should also have effective security policies for your devices, as users typically store email and other sensitive documents on their smartphones and tablets. For example, some required could include the use of complex passwords or to set devices to automatically lock when not in use.

6. Evaluating security permissions

Many users may have access to sensitive data, but do they really need it? Allowing access on a “need-to-know” basis can dramatically reduce your chances of a data leak, accidental or otherwise.

7. Controlling print

Multi-Function printers (MFP) are typically unmonitored and can have a high level of data leak potential. Requiring users to ‘sign in’ before use can reduce this, as they will only have access to certain functions and documents. It also prevents users from leaving sensitive information on the printer, as the document only prints once the correct user has signed in at the MFP.

8. Securing back-ups

Many firms rightly have back-ups of their most important information, but these can be vulnerable too, either from an attack or due to loss. Just like the original data you should encrypt these files, which is a function of most backup software.

9. Image text analysis

Images can be sensitive data in themselves, plus camera-enabled devices like smartphones make it very easy to capture sensitive data. DLP solutions have the ability to analyse text within images, preventing data exposure.

10. Education

Businesses often assume employees know what information is confidential and what they cannot share. Yet, sometimes a data leak is accidental and can be something as simple as an email to the wrong client. A good security policy is well-defined and easy to understand. Helping users perform important functions with reduced risk and increasing the adoption rate of the policy.

NEXT>> How to protect data in end-of-life equipment

Are Law Firms Engaging More with Legal Tech?

Posted on by Robert Rutherford

are law firms engaging more with legal tech?

I was asked this question the other day and had an enjoyable discussion about it so I thought I’d jot down my thoughts.

In this blog, I’m talking in general terms outside of the ‘Magic Circle’. Technology turns off most business people, partners included, in the main. I don’t understand why so many technology firms in the legal sector fail to grasp this concept.

Even when you turn up and say “this product’s going to make your super effective because of XYZ” they’ll often switch off.  They’ve heard it all before and been burnt by expensive and bad solutions in the past. Or because they are just confused by the numerous options. This is why there is so much of a ‘herd mentality’ in legal. I always find it a little strange that so many plod together, but I can tell you this will change, and rapidly, as the space comes truly competitive- basically like every other sector. Change is going to come so fast, but it’s not the technology that needs to lead it. The processes and models need to drive the change.

If I hear cloud, big data and AI many more times I’m going to explode. It’s boring for me, let alone lawyers having tech rammed down their throat in every email and publication. You are just talking about tools, and who cares about tools? Nobody except techs care about tools. I don’t care that my plumber has a new wrench with better grip, so why should ‘business leaders’ in law firms? Yes, these technologies may add value to a firm but many won’t until they are mature or integrated into a wider ‘business solution’ driven by a defined business strategy. Sure you may attract a partner’s attention with a fancy new mobile device, but often that’ll be the wrong device to really support a mid/long-term strategy.

Many firms will not truly engage technology until they have up-skilled general business improvement. Be that ISO, Lean Six Sigma, intelligent outsourcing etc. Technology is easy in general. Yes, there are exceptions, but generally, it’s easy when the business case and requirements are clear and championed by leadership. This needs to happen before the technology can really add its value. It’s surprising how many firms don’t have standard operating procedures. Or they don’t really review and develop them. This is pretty scandalous when most operations in legal are process driven.

In short, my message is that technology is not relevant without leadership, evaluation and analysis. You’ll see a rise, very quickly, and also many new entrants now the sector is opening. It should be led by increased efficiency (as stated) as margins are going to erode. I know that I don’t really pay any more per hour for legal services than I paid 10 years ago!

Robert Rutherford – CEO of QuoStar

How to protect data in end-of-life equipment

Posted on by QuoStar

IT security - How to protect data in end of life equipment

Any device where data is downloaded or stored is at risk of being accessed by a third party once it is no longer in your possession. Devices at risk range from the obvious hard disks, right through to printers.

The basic principle is: if data is written it can be retrieved unless it’s encrypted. Therefore, if you’re in an industry where your clients’ data is sensitive (which is to say, every industry), if you can encrypt the data you should always do it. Of course, you need to factor in performance overheads in relation to encryption but that is becoming less of an issue now with the entry of technologies such as solid-state disks and self-encrypting storage arrays. Encrypting data effectively removes a lot of the concerns around the disposal and/or loss of a device.

If you do have to dispose of a device then it is usually best to have it done by a third party specialist data destruction firm. However, you need to be aware that by choosing to outsource this function, you are not outsourcing all responsibility. If a client’s data were to be stolen from one of your disposed machines, it’s your brand that will be tarnished, therefore you have to do your due diligence. Assess the data destruction firm and assess your risks. Do not simply settle for a van turning up to remove the worry.

Once you identify the risks you should have them signed off at partner level and agree on a strategy to apply suitable control to minimise them. If you can follow these steps you can be pretty sure that your clients’ data and your firm’s reputation will remain safe.

Don’t think that PCs are the only source of data that can unintentionally (or maliciously) disclosed to a third party though. You should also have security and disposal policies covering the following:

  • PCs, laptops, tablets
  • Mobile phones
  • Printers
  • USB storage devices
  • CDs/DVDs
  • Servers
  • Hard disks
  • Backup tapes
  • Cloud storage

Again, all of these items can be encrypted and, arguably, they all should be if your data could cause your firm or a client embarrassment.

Risk of extortion

Never think that your information is not of interest to a third party. A large proportion of data and security breaches are now focused on blackmail and extortion. Hackers hack for money now, not simply for fun. A hacker doesn’t have to come in over the wire, getting hold of a physical device littered with information will give them extortion material and valuable clues on how to breach network defences at a later date.

Your key considerations

So, what are the key things to consider in relation to ensuring data is destroyed after its useful life? In this article, ‘destruction’ refers to physical destruction (shredding) and ‘wiping’ to cleaning the data off securely, to retain some resale value to the firm or a third party.

1. Control access

As you can imagine, it’s possible that, if you leave a pile of hard disks or USB keys in an uncontrolled area, once could go missing. And if this happened it would be open to all risks. When you have set aside equipment for disposal then secure it away from general access.

2. Control / document assets

Make sure your asset lists are up to date so when you wish to ensure any data is destroyed you don’t miss anything. If you aren’t controlling your assets then you aren’t truly controlling the risks. When you do dispose of an asset, ensure the information is logged, including the device, serial code, how it was sanitised, by whom, when, where it went, etc. If you go to a third party it should provide you with a certification of destruction.

3. Destroy the data

If you just format or delete the data on a device it’s relatively simple to pull it back. If you want to ensure the data is irretrievable then you can use specialist tools to do so. You can start by looking at tools such as Kroll Ontrack and Blancco if you want to do it yourself. If you want to go belts and braces, encrypt the device storing the data and then run the secure erase tools. You then, of course, need to factor in the time required to undertake this work. It all comes down to how sensitive your data is.

4. Destroy the device

In some circumstances, the data is so sensitive that the entire device should be destroyed, shredded in fact. Generally, you would outsource this, but you can also buy the specialist equipment to do it yourself. Typically memory and hard disks are shredded, and other parts of the device sold on to retrieve precious metals. There are strict environmental guidelines on disposal of equipment so be sure to familiarise yourself with the current regulatory requirements if you do it yourself.

5. Destroy it quickly

Once you have identified equipment to be disposed of or wiped, then do it quickly. The longer devices hang around, the more chance they will fall out of control or go missing. You would typically expect to have a periodic destruction cycle or pick-up if using a third party.

6. Have a process

Ensure you have a documented process for the destruction of data and devices as required. If you don’t have a rigid structure, things can and will slip through. Generally, legal firms can’t risk that happening so controls and processes must be put in place and followed. Failure to follow procedures must have tough disciplinary repercussions.

7. Check third parties

If you are outsourcing the destruction of data and devices to a third party then ensure that you are careful in your choice. There have been press reports of devices turning up on sites like eBay with very sensitive data on, even on a printer’s internal flash disks. So, when choosing a service provider, you should be looking for companies with ISO 27001 and ISO 14001 certification as a bare minimum. Also, it helps if they are certified to destroy MOD equipment, e.g. CESG and MOD approved. The higher-end secure destructions firms will also have the equipment they can bring to your premises or premises you can visit to witness the destruction of your data devices.

8. Communicate and review

Once you have a process and policies in place to relation to wiping and destruction of data and devices then ensure that it’s communicated and clearly understood. Make sure all relevant areas of the company understand their roles. Also once created don’t just forget about the policies and processes, review them at least annually. Your assets will change, as will the risks. Ensure that you review them regularly and know what they are

Security is changing

As we look back over this tiny area of IT security, the case for ISO 27001 is becoming more and more important in law firms. The risk of a security breach of any kind can have serious implications more so now than ever before. ISO 27001 will give a firm a framework to identify all risks and assign appropriate controls to mitigate them. It will also give your firm a continual improvement methodology that will deliver gains year on year. It should also be noted that many clients are now demanding ISO 27001 certification as a standard before instruction.

As a final note, just do remember that your data is of interest to many people. Don’t take risks, or at least don’t take them without informed sign-off from your firm’s partners.

Robert Rutherford, CEO of QuoStar

NEXT >>> How to protect your business from social engineering

8 IT security mistakes law firms make

Posted on by QuoStar

IT security - 8 common IT security mistakes made by lawyers

The IT security landscape and the threats faced by law firms have changed little in the last 20 years. The nature of these threats, however, has changed drastically and many firms are yet to catch up.

While the old hackers typically hacked for fun, interest and challenge – the main driver for the modern hacker is now money. Particularly around extortion and blackmail. This trend has brought attacks to the gates of every single firm, no matter their size. Your information is valuable and when hackers gain access to it, they can deal huge damage to your brand or extort money. And for law firms where trust and respect of the client and protection of their highly sensitive information is paramount, you cannot afford a breach.

Legal firms may think they’re not at risk from an IT security breach, or believe they’re doing enough to protect their sensitive data, yet here are eight common mistakes I see firms making time and time again when it comes to IT security.

What are the IT security threats for law firms?

1. No two-factor authentication

Many firms are still only using passwords to access IT platforms, both within the office and whilst working remotely. Passwords are simply not secure on their own. The number of passwords every member of staff needs to remember this day and age is too vast, and the threat landscape is too big to solely rely on them.

The solution which many sectors have adopted already is two-factor authentication, for example, a password and a token. Many banks insist on this, and for a good reason.

2. No disaster recovery and continuity plans

A tried and tested business continuity plan is essential for any firm. However, many will not have one and those which do will not really test is regularly or earnestly enough. This is one of the biggest and most worrying lapses in security. Not having a plan to recover and operate after a significant event is negligent, verging on criminal. Try explaining to your insurance firm after a disaster why you can’t show them your recovery plans.

3. Device control

Most legal firms have mobile devices such as laptops, iPads, mobile phones and the like, but few are controlled by the firm. For example, some firms will allow employees to pick up work email on a personal device. This is completely negligent unless you have secure controls in place. It’s also concerning to see that a number of firms are still not encrypting every mobile device containing sensitive data. If you believe your information is not of use to a third-party, you are very wrong.

How would a partner explain to a key client that their sensitive information had been stolen or leaked to a third-party? What if that third party was the press, keen to highlight how legal firms like yours still aren’t taking client data security seriously? A breach like this could permanently damage or even end your business.

4. No asset list or risk register

Most firms haven’t really evaluated what their risks are. You simply cannot protect what you haven’t assessed. Firms need to evaluate every asset and service within their business, not simply IT hardware and systems. They should also be looking at their other assets, e.g. their brand, their people, etc.

Once these are identified, you must assess the risks associated with that asset and how it could impact the firm. With this information, the controls for those risks should be documented. You can’t be comfortable with the security of your firm if you haven’t been through this process.

5. No patch management

This is something that still doesn’t happen to the level that it should. Many firms still have no formal patch management strategy. I know that it’s painful for an IT department to do, but it is so important to get critical updates on machines as soon as possible. A significant percentage of hackers, viruses and Trojans use vulnerabilities in software to gain control over a device, so it needs to be done.

6. No staff training

The largest weakness of a firm’s security is its people. It’s imperative that people understand the risk they pose and how to be more aware of the threats. You’d be surprised how many firms I could breach within minutes by simply calling up, pretending to be a new member of the IT team and directing them to a web page to allow myself access. The risks around staff are huge and educating them is essential.

7. Device disposal

We are all aware of the risk of disposing of PCs, laptops and similar devices properly to ensure that no data is left on them. However legal firms scan and print large amounts of data and this also poses a risk. The information is sent to a printer’s internal disk before it is printed, be mindful that these disks will hold sensitive data, so ensure they are wiped or destroyed before you dispose of them.

8. Being lax

If you don’t take IT security seriously then you will suffer at some point. How badly you are affected is a game of chance. Do not think for a second that you are not at risk, or IT security can simply be seen as an IT department problem and leave your team to it. You need to take responsibility for IT security as you are most certainly accountable.

There are many more risks than this out there, but you need to shut the doors and windows before you start sealing the cracks.

Robert Rutherford, CEO of QuoStar

How can law firms reduce the risk of cloud services

Posted on by QuoStar

IT security - How law firms can de-risk the cloud

Rapid change within the legal sector nationally and internationally has made many firms look to the cloud for solutions. In times of turbulence, legal firms and, in fact, other businesses look for change, to get an edge over the competition, to pick up that golden chalice dangled in front of their noses by a smart salesperson. However, when you are hungriest, you need to be doubly careful with decisions. Don’t take risks. Be informed. Take your time.

The cloud is a very large playing field, so I’m going to talk in general terms and at a ‘high-level’. After delivering and consulting on cloud systems for more than a decade, we’ve seen and heard pretty much everything, so this blog post is just a summary.

So many IT service providers are pumping cloud services as the only ‘real’ IT solution for the modern legal firm. This is simply false and negligent – the cloud isn’t always the right solution. Whilst there are many areas where cloud services can deliver a business gain – you should just throw everything into the cloud without consideration.

Cloud is a tool, no different from a new server or piece of software. For example, if you’ve bought your marketing department Apple Macs, should you now roll them out throughout your firm? No. It’s the same with cloud services. They have their uses but you need to apply clear business rationale to any decision – think of now and the longer-term.

It’s important to remember that cloud isn’t some brand new technology – it’s mainly just hype. Hype causes issues and clouds judgement. It creates a sense of urgency and a fear of missing out. The herd mentality within the legal sector only exacerbates this further.

The cloud gold rush has got every man and his dog trying to provide and resell cloud services to fill a demand. You even have phone system companies and printing machine companies trying to resell IT services on a cloud model into the legal sector. This is just insane, IT isn’t simple – true business-enhancement comes from careful analysis, effective tailoring and solid integration of numerous different technologies and systems. Legal firms need to be evaluating and analysing their business models, workflow and general operations, looking for improvement and identifying the right technologies and systems to support that change. Technology should not be leading change, merely supporting it.

So, what needs to be covered when speaking to Mr Provider about the shiny new cloud solution? I’ve created a list of ‘high level’, not exhaustive, questions legal firms should consider.

Ask yourself:

  • Has our firm, and its operations, been analysed in suitable depth by the provider, and a clear business case made for the change?
  • Will they stand by and guarantee any claims made in their proposals?
  • Are there any changes to the firm in the foreseeable future that could impact our chosen solution?
  • Do we have options, both in and out of the cloud?
  • Do we clearly understand the benefits and drawbacks of the different options?
  • What are the true costs of the options over the term of the contract or life of the solution?
  • Do we need to factor other costs into the project, i.e. do we need additional network connections, training, resource allocation, etc.?
  • If this doesn’t work – how are we going to fall back?
  • Does the solution meet our regulatory requirements?

Ask the provider:

  • What is the financial status of the provider?
  • How long have they been delivering cloud services?
  • What certifications and accreditations do they hold?
  • What are their Service Level Agreements and what happens if they don’t meet them?
  • How will you exit the cloud service should you wish to or need to?
  • Do they have control of their infrastructure and services, or are they reselling someone else’s?
  • How can they assist with your migration into the cloud – and vice versa?
  • What can impact the service they are delivering to you, and how can those risks/effectors be mitigated?
  • How are they securing your data from external threats? Can they Certificate testing?
  • What levels of resilience have you built into your infrastructure? If a server fails what happens? A network connection? A disk storage system? Power?
  • How will the billing model change if you ramp the firm up or down?

Don’t steer away from the cloud. As with any IT system, when it’s been chosen through careful analysis and tailored to a business’s operations the results can be impressive and game-changing. Just have your eyes open and take the time to breathe.

Robert Rutherford, CEO of QuoStar

NEXT>> Can cloud help businesses to go green?

7 legal technology trends for 2015

Posted on by Robert Rutherford

legal technology trends for 2015

In terms of technology, process and systems the legal industry is changing more rapidly than any other sector. It has a lot to get to grips in a short space of time, far shorter than many may believe. Larger global firms have mostly begun to change, but it’s now the turn of the small and mid-market. They need to become much more commercial and competitive in their outlook.

It is particularly smaller firms need to make the biggest changes as they are being squeezed from multiple directions. However, the progress in these firms is often slowed by resistance to change. As well as not having the necessary skills in place within the firm to deliver it. Firms shouldn’t be fearful of the current environment, they should be looking at the opportunity. Particularly to seize the competitive advantage over the competition

I see the following technology trends really taking root in 2015, particularly in the small and mid-market:

1. Customer relationship management

Law firms are now simply service providers. This means that the key to earning revenue comes down to relationships, as much as expertise. As the legal market is now more international, understanding clients is more important than ever. CRM systems have in the past been used as glorified address books, but expect them to be used to gather more intelligence on clients, behaviours and relationships.

2. Process/workflow management

The business operations within many small and mid-market law firms often leaves a lot to be desired. The worst thing is that many do not truly understand how bad things are and how much additional margin can be gained through process re-engineering within a firm, using existing IT systems and people. Of course, cultures can be difficult to change, but partner teams need to be pushing through change in order to remain competitive in a rapidly shifting market. We are already seeing a monumental shift to process re-engineering in the legal sector; it’s exciting to see how small changes can make a real difference to profitability.

3. Automated time management

Time management and capture has typically been a relatively cumbersome process. Some lawyers do it as they go, some at the end of the day, some at the end of the week. This obviously can lead to issues, things do get forgotten or missed and clients are often suspicious of how time is really captured. The rise of passive time capture is now unstoppable and will become a prerequisite for clients very quickly. This method works to the firm’s and the client’s benefit as it’s seen as more transparent. It also stopping billable time slipping through the net.

4. Business analytics

– As every firm should understand, business decisions cannot be made without clear information. Many firms do not understand that the majority of the information that they require to become more profitable is already being captured by their existing IT systems. It can often take a matter of days to bring data and information together to give clarity to ‘gut-feels’, sometimes without any significant cost. Expect to see more demand for analytics and real-time dashboards to allow partners to really see what is happening within a firm.

5. E-billing

– Many other sectors find it hard to believe that firms are not billing the bulk of their clients electronically. I fully understand that it is more difficult for certain departments, but many clients find it frustrating and somewhat bizarre. Personally, as a business owner, I find it slightly concerning if my suppliers cannot bill me electronically. It’s just so much more efficient and cost-effective to bill electronically, and firms are now seeing this in hard Return on Investment figures.

6. Cloud infrastructure

Cloud in law has been treated with great caution by some firms. In all honesty, this has been the fault of the cloud industry, due to overpromising and not pushing back on security concerns. Cloud, in particular, private cloud, is now a norm for most businesses. We are now seeing legal firms gaining confidence in the cloud, and using it to gain the IT platforms they need without the associated capital and running costs. It should be noted that not that many firms will be cloud only within the next 2 years, especially the mid-sized firms, they are much more likely to operate in a hybrid arrangement – a mix of on-premise and cloud-based solutions.

7. Outsourcing

Too many firms are holding onto all elements of IT. This will be inefficient for many firms, increasing the risk to the firm whilst also decreasing profit margins. We are looking at a second, some say the third wave of more intelligent outsourcing. Internal IT teams should typically focus on adding value, leaving the day to day operations and security to the experts. Many firms have been reluctant to outsource, however, now they must do so in order to actually gain more control.

Obviously, there are other areas of IT within legal that will change over the coming year. The interesting thing now is that it’s varying from firm to firm, as it should do. In the future we will see less of the herd mentality in legal, well at least I hope we will.