Implementing tech can help small firms with cyber security
This year, cyber security is likely to remain a key challenge for those in the legal profession. For small firms, mitigating cyber crime can be especially challenging, but tech will continue to play a “crucial role” in bolstering protective measures.
With 2024 likely to bring a number of challenges for firm owners, boutiques, and SMEs, being able to keep up with new legal tech trends is important for smaller firms to mitigate potential challenges and become increasingly efficient in a digital landscape.
This is particularly important given recent data breaches and the surge of cyber crime – and with this year reportedly “another big year for cyber”, small firms have been urged to implement protective measures and educate themselves on new and emerging risks.
Work Visa Lawyers principal lawyer Chris Johnston said that for his firm, utilising tech has helped both streamline operations and improve their cyber security.
“Technology plays a crucial role in bolstering cyber security measures for smaller firms. Implementing robust encryption tools, multifactor authentication systems, and regular security audits are essential steps,” he explained.
“We utilise specialised software for case management, document preparation, and research. By automating repetitive tasks, we can streamline operations, reduce errors, and ultimately provide more efficient and cost-effective services to our clients.
“Sole practitioners and boutique firm owners can benefit by investing in similar tools tailored to their specific needs, allowing them to focus more on client interaction and strategic decision making. While many talk of the benefits, there are also many possible downsides, with AI getting too good and reducing the need for the current volume and scale of many white-collar jobs such as being a lawyer.”
For Conveyed founder and chief overlord Melissa Barlas, using artificial intelligence (AI) to automate processes has resulted in increased consistency in her firm’s service delivery.
“Our entire onboarding process is automated, all the way through to issuing documents to clients. We’re a conveyancing law firm, so the documents include pre-settlement documents,” she said.
“This avoids any risk of human error in drafting, and it means clients get their documents and communication from us instantly. It’s a game changer and results in happier clients.”
Anchored Family Law also uses automation as much as possible – and director Emma Maxwell said it especially helps with administrative tasks.
“Part of the biggest shock in becoming a sole practitioner is just how much work it takes to run a firm without a management team – it’s like a second job. There is a lot of tech (and increasingly more appearing on the market) that removes a lot of the heavy lifting. I know small firms are always conscious of overheads, but using tech proactively has always paid dividends for us, and allows us to do more fee-paying work and less admin,” she explained.
“We record (with our clients’ consent) all of our conferences; those are zapped to an AI transcription platform and then back into our practice management software. We have another zap that sends the transcript to another AI platform and produces a file note of action tasks for both the team and the client.”
New tech to help with cyber security measures
Cyber security has been a key issue for organisations across a range of sectors, including legal, with companies urged to implement protective measures such as cyber insurance and take a closer look at their positive security obligations – particularly smaller firms, where the costs of a breach could be detrimental.
However, according to DotSec director Dr Tim Redhead, while the implementation of tech is important to drive cyber security in smaller firms, it should be done with care and caution.
“Various technologies can help firms to manage their level of risk by offering capabilities such as automated real-time threat detection, intrusion prevention, and response mechanisms, allowing firms to proactively protect their clients’ data and their own reputation,” he explained.
“But while it’s common for organisations to focus on implementing technology in order to improve their cyber security capabilities, before doing that, it’s important to step back and take a deep breath. Now (mind cleared, sales excitement banished), consider two points: firstly, has your business developed an initial set of prioritised, risk-based cyber security requirements? And secondly, does the technology that you are considering fit in with and address those requirements?
“Tech can assist, and some tech will almost certainly be required in most businesses, but even so, don’t just rush for tech! Instead, develop a prioritised set of risk-based requirements and then select the most cost-effective tech that meets those requirements. This approach will ensure that your firm allocates resources strategically, focusing on the most critical security threats and vulnerabilities specific to its operations.”
In terms of actually getting started with this tech, Ms Maxwell said that while her firm has brought in fingerprint scanners for its team, tech and cyber security measures can be tricky.
“I keep a database of tech I want to try because it can feel overwhelming to learn new software. Sometimes, I don’t get to it immediately, but when I hear a recommendation or something catches my attention, I put it in the database so I can come back to it later when I’m mentally ready to deal with it,” she added.
“I’m working on creating a branded client portal at the moment and am working my way through the platforms I had saved and not tried previously.”
Conveyed uses “robust firewall systems and multi-authentication across all platforms”, which Ms Barlas said, in her view, “significantly reduces the risks of cyber attacks”.
“We use government-grade cyber security software across all devices and email accounts that we use to deliver our service. Our software updates are automated to ensure they are updated with the latest security patches to address vulnerabilities that could be exploited by cyber attackers. We also have multi-authentication on all online accounts to mitigate the risk of cyber attacks,” she added.
“In addition to these measures, we are also registered to receive Australian Cyber Security Centre alerts by email so that we are advised by the government of any known cyber crimes. We provide cyber security awareness training through specialists to all staff members to educate them about common threats, phishing scams, and best practices for safeguarding sensitive information.
“These measures are also part of our cyber security policy. Conveyancing companies are high targets for cyber attacks, so we are always looking for new ways to improve cyber security.”
Lauren Croft
Lauren is a journalist at Lawyers Weekly and graduated with a Bachelor of Journalism from Macleay College. Prior to joining Lawyers Weekly, she worked as a trade journalist for media and travel industry publications and Travel Weekly. Originally born in England, Lauren enjoys trying new bars and restaurants, attending music festivals and travelling. She is also a keen snowboarder and pre-pandemic, spent a season living in a French ski resort.