Law Technology Today From the ABA Legal Technology Resource Center
Related Articles
IT employees don’t have much free time. From keeping systems updated and ensuring valuable data is backed up to securing employee devices and keeping cybersecurity threats at bay, it’s easy for an IT department to become backlogged. Once that happens, however, it’s much harder for a department to get back on track, which can create a reactive, break-fix environment.
Law firms are investing more in IT and cybersecurity, but not in a way that’s consistent and will provide long-term protection. Internal IT teams are often fighting a losing battle trying to perform all of their responsibilities while ensuring every device with access to the company network is secure. Too many responsibilities and too many threats exist, and cybercriminals are well aware of the potential gain from cracking a law firm’s security framework. It’s a race against the clock and one that doesn’t allow anyone to slow down enough to fix problems effectively and before they occur.
According to the FBI, attacks against law firms are on the rise. These can involve anything from hackers breaking into one device to an attack that fully penetrates a network at a firm. Even the most inept cybercriminals can use power tools to conduct phishing attacks, spread ransomware, and exploit businesses.
These attacks have serious consequences and often result in less productivity for employees and even financial loss. Simply having break-fix, reactive solutions to security problems not only doesn’t solve problems, but it can also create them.
Why Break-Fix Is Broken
Only reacting to security problems and not proactively guarding against them can have a number of implications, and these implications might require you to look inward. If the only solutions at a law firm are break-fix, it might indicate bigger problems in your IT department.
A break-fix environment ultimately means your employees won’t have time to dig into your law firm’s IT infrastructure and determine how to create a plan to improve a security system that might be in need of protection. Technology will continue to change the way the world works, which means IT teams will deal with more devices, more security systems, and more people to oversee an increasingly mobile workforce.
To prevent your law firm from becoming an easy target, your IT department needs to break out of the break-fix routine and take proactive, long-term steps to produce a sustainable IT strategy. Start with the following four steps, and your firm will be well on its way to a brighter, more secure future.
1. Outline areas for improvement.
Even technologically advanced firms are probably lagging behind in at least some areas. Maybe your employee onboarding process is cumbersome and time-consuming, or perhaps you still rely on unfitting tools for e-discovery. If you’re like many firms, your greatest weakness could potentially be your security framework. 45% of firms lack formal policies regarding cybersecurity. Take a step back and look at all areas of your organization closely. Wherever you rely on antiquated or manual processes, consider what technology might be available to bring that part of the firm up to speed to better protect your networks.
2. Ensure employees see benefits.
Employees don’t always like change. To garner their buy-in from the start, be sure to communicate how they will benefit from transformative technologies. For example, a new system to filter email could reduce the amount of spam that employees have to sift through, giving them a clear way to reap benefits from technology that also keeps your law firm’s information safer. Considering that one out of every 100 emails is a hacking attempt, and your employees likely see far more emails than that every day, the entire organization will benefit from a robust spam filter.
3. Assess your needs and budget.
If your firm is getting by with a break-fix IT environment, there are larger underlying issues that need to be addressed. Your internal IT staff might be too small or underfunded, and they might not be using technology that helps eliminate redundancy and accelerate workflows.
As your employees bring more devices to work and also conduct their work remotely, the demand placed on IT will only continue to grow, and budgets for the department need to grow accordingly. 76% of respondents to a Robert Half Legal survey said their organizations would increase spending on cybersecurity within the next year.
4. Draw out an implementation road map.
Implementation of new security technology can be complex, so ensure your team is on the same page by creating a road map. Consider conducting trial runs of the technology within a single department and track whether you see increased output and productivity. This approach allows you to demonstrate the value of the investment to executives and to gain employee buy-in.
If you’re not sure where to start, the International Bar Association’s Presidential Task Force on Cyber Security published a number of guidelines and resources for creating one of these road maps in its 2018 report.
Break-fix is a broken system because it forces your internal IT department to take a reactive stance to security. If your IT personnel are always trying to fix emerging problems, they’re never able to get ahead and figure out long-term solutions. Further, when employees are constantly trying to put out fires, it becomes easier for cybersecurity cracks to form, making it more possible that a hacker could slip through at any time.
By making room for technological improvements, law firms can ease the burdens of their overworked IT departments and start to benefit from a proactive approach to solving problems before they arise.
