img

Lawyers Must Recognise the Value of their Data and Take Security Precautions

Monday, January 30, 2017

Lawyers Must Recognise the Value of their Data and Take Security Precautions

- Guest Blog by Richard De Vere, Principal Consultant, The AntiSocial Engineer Limited

Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, it’s easy to forget about the true value of things around us – especially their inherent value to other walks of life. Similar to a life of slavery in ‘The Matrix’ we start to just see the ones and zeros, contracts, pdf’s, ledgers and scribbled notes.

It’s hard to imagine a criminal world where there are no regular pay cheques, no need to wear a suit, people making up the rules as they go along, no Christmas parties, no AGMs and so forth. It’s all just so alien to our mindset in business that we feel we have no reason to focus on these carefree, parasitic lifestyles. But we should, or else, our ignorance could be our downfall.

Hackers, cyber-criminals, fraudsters or whatever they get labelled, are just people in search of a slightly better-off life. Based on all the crooks I’ve met, the thing nearly all of them have in common is a blunt ‘laziness’.

I’m reminded of the following quote by Bill Gates: “I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”

This quote sums up perfectly why a criminal would rather target your law firm. Criminals after credit card data, target hotels – i.e. the aggregators of these details. Criminals after sensitive data for extortion or of victims regularly transferring large sums of money, target law firms. These hubs of commerce are fast becoming centres of illegal industry and are big targets.

It’s about time that law firms analysed the security risks and firmly instituted preventions. By this I don’t mean a new device or an extra padlock on the filing cupboard! It’s time to embed a real security culture and put into motion implementations.

This said, it’s not all doom and gloom. The best defence is knowing where the security risks in the organisation are, and being aware of the tricks of the ‘criminal’ trade and the variety of ways in which they will target you, ‘the individual’, so that the necessary measures can be taken. Let’s take a look:

Phishing Attacks

  • Phishing - This is the number one attack vector. It poses little risk to criminals and is relatively easy. Be wary of all attachments and never allow them to enable macros - ever!

  • Spear phishing - If the phishing doesn’t go too well for the criminals, next in line will be ‘spear phishing’ – i.e. targeted emails that are tailored to your typical areas of interest. They might guide you to login pages designed to harvest your credentials or might simply deliver malware, ransomware or a whole host of other nasty attacks on your computer.

  • Whaling - These emails target the ‘whales’ – i.e. the CEOs, the finance heads, CFOs and such. They are designed to blend straight in and are sophisticated attempts to go for the big wins. Often impersonating a company head, criminals will ask for payments to be made to bank accounts. Watch out for emails from your children’s school, rushed requests for money, emails from people who are on holiday and so on.

  • These emails are hard to spot, so as a rule, NEVER make a bank transfer based on an email request.

    Physical Access

  • Physical breaches are often disguised as robberies, but some criminals break in to steal computers containing data. Be sure all your law firm’s devices have full disk encryption.

  • Social engineering attacks come in many forms – the individual might appear as a potential client booking a meeting, but in reality, may be more interested in knowing the company WiFi password and location of cabinets in the firm, rather than contracting the organisation.

  • Phone Attacks

  • We all like to be helpful on the phone, but be on guard always! You are better off making your client jump through a few hoops to validate their identity as opposed to discussing their case with anyone who cares to call and enquire.

  • Be aware of text messages, especially the ones claiming to be from your bank or client. Text messages can easily be spoofed and should not be trusted. Instead agree a safe method of communication such as a messenger that validates the recipient and sender share ‘keys’ which can confirm it is indeed the correct device. Wickr Messenger, Signal or even WhatsApp have many security benefits over SMS.

  • Documents, data and processes that are considered routine by lawyers are often extremely valuable to cyber criminals. Firms must be acutely mindful of this and indeed the fact that criminals are adept at deception and manipulation to successfully gain the data for their own financial gain. A well-rounded awareness of breach methods and approach to security is essential.

    About Richard De Vere

    Richard De Vere (@AntiSocial_Eng) is the Principal Consultant for The AntiSocial Engineer Limited, he has an extensive background in penetration testing and social engineering assessments, including ‘red team', ‘phishing’ and ‘smshing’ exercises, and information gathering assessments for financial institutions and some of the UK’s largest companies.
    Thursday, January 5, 2017

    E-billing – There is Something Here for You, Law Firms

    E-billing – There is Something Here for You, Law Firms

    Guest Blog by Bryan King, Independent E-billing Consultant

    The benefits of e-billing to corporate legal departments is relatively well understood today, but there is still some convincing required among law firms of its advantages. Typically, the deployment of e-billing in law firms is driven by corporate clients and so the underlying sentiment of "what's in it for me?" is often palpable. The reality is that law firms have much to gain too – both from an internal perspective and an external relationship standpoint.

    Direct benefits

    The obvious tangible benefits of e-billing are that, law firms get their invoices paid more quickly, due to faster authorisation and payment processes at the client end. Also, law firm bills are validated and checked for compliance with the corporate legal departments’ billing guidelines by the e-billing solution provider ‘before’ they are submitted to the client, so normally there are fewer disputes over payments. Additionally, with some corporate legal departments adopting legal spend management solutions, that go beyond the stereotypical e-billing solutions, clients are able to view the time and expenses recorded by law firms much earlier in the process and so have the ability to query the law firm's potential charges well before they are billed. This ensures less "surprises" and reasons for clients to hold back payments.

    Finance managers have access to data that can be analysed via the Uniform Task-Based Management System (UTBMS) codes to record matter phases, tasks and activities, for example to compare the performance of departments and offices. Such insight is usually not easily available to the finance and accounts departments in law firms.

    Strengthening client relationships

    By embracing e-billing, firms can strengthen their working relationship with clients, help them earn goodwill, which in turn can bring new opportunities. For instance, through legal spend management tools, law firms can provide clients visibility of things like written-off /unbilled time and non-chargeable work undertaken. They can also categorise billed time by the client’s own work breakdown/cost codes and improve the value of the information in the e-bill.

    Law firms can leverage e-billing as a marketing tool. Prospects now expect law firms to be knowledgeable about e-billing. Firms that are able to advise on e-billing issues and even on how billing data can be tailored to best meet the client’s needs, are attractive to legal departments.

    The approach facilitates initiation of fresh dialogue with clients regarding the pricing of legal work and the use of flexible cost models. E-billing allows work to be broken down and measured in different ways, with transparency. Also, analysis of historical pricing data from the e-billing solution is a great way to determine and agree alternative fee arrangements that are a win-win for both parties.

    Many of the newer legal spend management solutions offer very sophisticated metrics and management information reporting capabilities that benefit the law firms as well as corporate legal departments.

    There is business merit in adopting e-billing and legal spend management solutions for law firms. The insight and transparency offered by such solutions, in reality is of equal commercial value to both parties.

    About Bryan King

    Bryan King is an independent consultant, advising law firms and in-house legal departments on e-billing issues; and assisting with the successful implementation of legal spend management projects. Prior to this, he has senior IT management positions at Linklaters, Lovells and Clifford Chance. At Clifford Chance, he also held global responsibility for the firm’s electronic invoicing (e-billing) projects.

    If you are interested in finding out more about how the new breed of legal spend management and e-billing tools mentioned in Bryan’s article can help your legal department save time, significantly reduce overhead and collaborate more effectively with inside and outside counsel, please email contactus@ascertus.com for a, no obligation demonstration of the BusyLamp web-based enterprise legal management solution.

    Monday, February 6, 2017

    Adoption of E-billing Tools – US versus Europe

    Adoption of E-billing Tools – US versus Europe

    Guest Blog by Bryan King, Independent E-Billing Consultant

    Although e-billing is playing a role in the commercial relationship between a growing number of UK/European in-house legal departments and their law firms, there are still many organisations that aren’t yet reaping the benefits of e-billing. It’s often said that numerous non-US organisations don’t “get” the value of e-billing. I believe, it’s not that they don’t “get it”, rather the e-billing solutions, until recently, didn’t necessarily deliver against the needs of European organisations.

    E-billing is a norm in the US

    It is estimated that 90% of all litigation work is now e-billed in the US; and a recent study shows that in many mid-sized US firms, around 70% of annual revenue is collected via e-bills.

    One of the key reasons why e-billing has been a success in the US is its single currency, the US Dollar. The e-bill format (LEDES 1998) is based on a single currency; and law firms and in-house legal departments don’t have to comply with a complex tax and regulatory environment, like in Europe. This facilitated standardisation of e-billing, and established it as a norm, becoming acceptable to lawyers and clients alike.

    Europe sees the business value of e-billing

    On the other hand, law firms and corporate legal departments in Europe faced significant barriers to the adoption of traditional e-billing solutions from financial, cultural and regulatory perspectives – and so, US market driven solutions proved inadequate to business requirements.

    Are e-bills compliant with the various tax rules, regulatory bodies and legislations in Europe? Is the e-bill a VAT invoice as well as a note of legal costs? Does the e-bill comply with the requirements of the Solicitors Accounts Rules, HM Revenue & Customs, Data Protection laws, the Business Names Act and EU billing regulations? Law firms have to ensure that the e-billing intermediary system handles these issues correctly and that the e-bill as seen by the client complies with all the appropriate regulations. Therefore, on a technical level, organisations needed to accommodate several LEDES file formats, VAT and compliance issues, as well as a multi-currency, multi-jurisdictional billing environment.

    Interest in e-billing started in earnest in 2003, when UK branches of US insurance and finance organisations started demanding such functionality from their regional law firms, which led to US e-billing solution vendors setting up offices in the UK. Over the past decade, many e-billing projects have been undertaken, with a number of law firms successfully e-billing their largest clients to the value of many millions of pounds per year.

    On the corporate side, legal departments have used e-billing to make cost and fee cuts of course, but also tapped into it to develop a wider strategic relationship with their external law firms. The legal operations manager at a major retail bank that recently completed a high-profile e-billing project outside of the US, has been quoted as saying: “We believe it (e-billing) will make our in-house lawyers think more commercially. Are we putting the right resources on matters? What’s the selection process? We hope over time it will have a positive behavioural change.”

    Similarly, a major transport insurance specialist has been motivated to adopt e-billing with an objective to reduce its law firm panel down from around 60 to between 5 and 12 firms.

    Legal spend management – the most current incarnation of e-billing

    Today, in-house legal departments and law firms are looking for legal spend management solutions that go beyond traditional e-billing in their functionality – such as ability to track billing information before the invoice is sent, monitoring compliance with client-agreed billing rules, ability to query disputed charges before billing, and so on. These latest requirements have led to the rise of new solution providers in not just the European markets, but in the US too.

    In addition to e-billing, these web-based solutions incorporate a legal procurement module, which automates the issuance and evaluation of requests for proposals, demands for cost estimates and legal matter staffing plans. They offer sophisticated reporting and management information with easy to understand metrics and KPIs for corporate legal departments and the law firms. As these solutions integrate with other applications such as document, knowledge and legal project management and calendaring and such, often via standard e-mail interfaces, corporate lawyers and law firms have a connected business environment that also facilitates collaboration.

    It is a matter of time before legal spend management solutions become a norm in the legal sector across regions and markets. The e-billing concept has evolved.

    About Bryan King

    Bryan King is an independent consultant, advising law firms and in-house legal departments on e-billing issues; and assisting with the successful implementation of legal spend management projects. Prior to this, he has senior IT management positions at Linklaters, Lovells and Clifford Chance. At Clifford Chance, he also held global responsibility for the firm’s electronic invoicing (e-billing) projects.