LawNet have been conducting research and have produced a white paper outlining the research findings. This is not only a worthwhile and informative read, but it affirms all the things I tell firms when I am assisting them with compliance. I whole heartedly agree with LawNet’s headline “A cultural shift in attitude towards risk management may prove to be the most important driver of future law firm growth..” as you will see below.
A staggering £85 million has been stolen across the legal market in the last 18 months. Can you be certain that your systems will stand up to scrutiny? As a firm have you tested the systems that you have in place. If not, I would suggest you look for a company who can conduct penetration testing which will give you a full report. Firms always think that their systems are impenetrable, if this is the case you have nothing to fear!
With PII providers asking whether you have Cyber Essentials or Cyber Essentials Plus, my recommendation is that firms work towards this standard. It is government backed and given the amount of money lost to cyber-crime it will become a mandatory certification. You will continue to face if you play Russian Roulette. £7m of client money was lost to cybercrime, 75% of which the SRA stated was due to "Friday afternoon frauds".
30% of people did not know that their firms had suffered a fraud attack. Sweeping this under the carpet compounds a deeper issue. How about sharing with your staff, explaining what happened, how it happened and what you have put in place to ensure it does not happen again.
The key to any risk management is to review your systems and processes, ensuring you communicate any changes to your people. Your people are your biggest investment, train them where needed, enable and facilitate them to help you reach the firm’s overall objectives.
Driving and embedding compliance into the culture of the firm can only be a positive step. Creating a safe environment and a common-sense approach will hopefully eliminate the misconception whereby 81% of firms say that compliance is an additional burden of fee earners and 47% of law firms have said that the cost of compliance is excessive. Whilst I appreciate this view point, I am certain this is due to it not be embedded sufficiently. By taking for example, the LawNet ISO 9001 approach this could be simplified. It is not a tick box approach and as I wrote in a recent article it’s not a question of fee earners -v- fee burners, it’s about being proactive and not reactive.
With firms facing so many challenges an “It won’t happen to us” attitude simply won’t cut it. It must be led “Top Down, Bottom Up”
Everyone is talking about GDPR – what are you doing about implementing your systems now. I fear that a lot of firms are leaving it without appreciating the amount of work involved. Make sure that your systems are talking to each other. A lot of you will have different systems for CRM, CMS, Accounts, HR. Be sure that you are compliant on them all! The firms that I am working with, we are using it as an opportunity.
To take the opportunity and find out more, please contact the Symphony Legal office.