Post on 19-Jan-2016
Develop your Legal Practice using “Cloud” applications, but …
Make sure your data is safe!
Tuesday 17 November 2015The Law Society, London
Allan Carton, Inpractice UKwww.inpractice.co.ukManagement Solutions Blog
What I mean by “the Cloud”
Moved on? Where is the risk?Today’s “Cloud” is not fluffy.
Talking “Hosted applications”NOT about your IT Infrastructure
Overview
• Technology has come a long way. Cloud is good, but only if lawyers protect against risks.
• We want clients to use Cloud applications to access “ready to use” technology to fill gaps, but spend time in quickly putting them to work.
• But … many law firms have not equipped themselves effectively yet.
• Need to change to be able to harness new tools to support and develop your business more effectively.
• Your own people are the biggest risk – so not just about cloud. Negligence and malpractice.
• What should you do about it?
What IT do Lawyers need?
Why adopt Cloud applications?
• You are already there … to some extent• Cloud services help us make more happen, more
quickly• Frees up time to focus on what really matters
– Work, process– Clients, relationships, value
• Potential to do more
• But need to do it with confidence• Harness its full potential
What do employees know?
How would you characterise the following challenges in relation to your organisation’s use of cloud services?
Moving to the Cloud?
KPI Dashboards – Data Warehouse
Go here for more information >>
Microsoft Dynamics CRM
Go here to explore making it work for you >>
Automated time capture
Use this to improve productivity and process – not just bill more >>
Aligning Goals, Managing performance, projects …
Go here to arrange a demonstration >>
Market Intelligence
BI 24 – Business Intelligence
More information on BI24 here >>
What the suppliers say …
“For law firms, the challenge is that they are trying to weigh up the costs of implementing solutions against the perceived threat and the value the firm will receive. This can be difficult for partners to understand.
However one breach could bring down the whole firm. One of the big areas of concern in my opinion is the education of staff and their understanding of security not only in terms of IT but PII security – it is a long road but the journey really does need to start.”
2015 Data Breach Industry Forecast
“We expect … an increase in breaches involving the loss of usernames, passwords and other information stored in the cloud … as more information gets stored in the cloud and consumers rely on online services for everything from mobile payments and banking to photo editing and commerce, they become a more attractive target for attackers.
… an increase in hackers targeting online credentials such as consumer passwords and usernames to gain keys to the castle; with the likelihood that compromising one record can often give access to all sorts of other information stored online.”
“Despite all signs pointing to employees as the largest threat to a company’s security, business leaders will continue to neglect the issue in favour of more appealing security technologies in 2015 .
As a result, many companies will miss the mark on fighting the root cause of the majority of breaches. Organizations that implement regular security training with employees and a culture of security committed to safeguarding data will be better positioned for success.”
2015 Data Breach Industry Forecast
All Business
Tools to support the business
• All potentially hosted (SAAS) somewhere … NOW! – Business Intelligence and KPI reporting (BI24, Exen)– Conveyancing Searches e.g. Search Acumen– Case management e.g. Ochresoft– CRM – e.g. Microsoft Dynamics CRM, Salesforce– VoIP– HR, performance management – Online Training– Microsoft Office 365– DropBox– Document management– Practice management systems– …
Conclusions
• Don’t let this stop you using the technologies• Catch up on making their use safe• Engage your people• Make these tools work for you
Do more to catch up now• Invest in data security e.g. ISO 27001• Know what’s in the Cloud, identify sensitivity (personal data,
price sensitive etc..) and evaluate risks. • Assess impact of breaches - confidentiality, integrity, or
availability (but apply to on-premise too)• “Appropriate” pressure on your Cloud service suppliers
– Rights of audit, provision on insolvency/termination, their data security provisions
• Penetration and vulnerability testing• Define user policies, educate people and enforce• Protect passwords• HTTPS, encrypt data, emails and attachments• Passwords by SMS or letter
If you would like us to discuss this further with your team, please contact …
Allan CartonInpractice UK
acarton@inpractice.co.uk07779 653105
www.inpractice.co.ukblog.inpractice.co.uk