The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/7599
www.iltanet.org 24 Peer to Peer SmART mOVES W hen legal it staff and partners try to communicate, it often seems like they are speaking different languages. one topic especially leads to dangerous translation errors — security. Poor security equals risk to the business. this is understood on both sides, but how do you define security, and how do you define risk? As legal IT professionals, you are entrusted with ensuring the security and integrity of the systems and data the firm relies on. You've tightly locked down your firewall, applications and databases. You've trained your users to practice "safe computing" by selecting secure passwords and avoiding suspicious attachments to e-mail messages. You've examined the network for vulnerabilities and configured a disaster recovery system. You've thought about both intentional and unintentional actions that can put the systems you are responsible for at risk. You're feeling pretty good about the work you've done, and rightly so. So why do the partners keep talking about risk? The security of the business, and how to remove risk from the business, are completely different topics that refer to very different things. Whether you're a firm of one lawyer or 10,000 lawyers, your business will have security risks. Someone needs to be thinking every day about the security of the business, not just the security of the business systems. You can help reduce that risk, if you're speaking the same language. BROADen YOUR VIewPOInT Here are some questions partners might ask when thinking about security and risk concerns: • are we taking on the right business, and are we properly balancing intake speed with the minimizing of risks? • are we protecting ourselves from accusations of impropriety, and can we prove it? • can we properly manage the increased number of lateral hires we are taking on? • are we going to get paid for the work we do? • can we eliminate manual errors in our highest risk business processes? • Will senior partners be alerted of irregular activity within the firm before it's too late? The stakes on this side of the table are many times higher than the consequences of being infected with a computer virus or failing to implement proper password policies. Firms can face heavy fines from authorities when they ignore their business risks, or the firms can disappear altogether. Of course, any mishandled situation has the opportunity to become an embarrassment and can damage the firm's ability to attract new business. An end-to-end risk management solution requires well thought-out processes and a good risk management system, both of which the savvy IT professional can influence. TwO SIMPLe STePS TO A MORe SeCURe FIRM First, understand the connected business processes that govern the major stages of risk management. These include the following: • taking on new business • hiring laterals • checking conflicts • building and maintaining ethical walls • Managing legal holds • Monitoring improper use of firm intellectual property and systems These critical business processes represent the primary challenges facing today's law firms: the competitive importance of speed to new business, continued uptick in Bridging the "Risk-Speak" Language Barrier