The Lexcel standards for legal practices – technology compliance – the importance of cyber security
Technology for professional services firms can be a powerful tool, helping them to differentiate their clients experience, and allowing them to gain a competitive advantage in a crowded market.
Technology is also a significant driver of operational efficiency, productivity and cost reduction, yet many overlook the importance of cyber security. In the same way you protect your physical assets, it is important to protect technology and the data it holds.
Lexcel provides professionals in law firms, in-house legal departments and international practices with a flexible, supportive management framework to help develop greater operational efficiencies, manage risk effectively, reduce costs and promote profitability.
Lexcel sets the required Standard in seven different areas:
- Structure and strategy
- Financial management
- Information management
- People management
- Risk management
- Client care
- File and case management
By speaking with Concert and other Cyber Security Cluster members, as a law firm, you will be able to identify areas for improvement and implement solutions that enable you to protect your firm and mitigate risk, in order to become Lexcel compliant.
Looking slightly deeper into the required standards, here’s what you need to consider:
Structure and strategy
- Practices must have a business continuity plan – business continuity is really important, it is far better to prevent and continue than attempt to recover!
- Practices should have a time recording procedure
- Practices must have a procedure in relation to billing clients
- Practices must have an information management and security policy
- Practices must have an Internet access policy
Information management is vital for any professional service especially when working with sensitive data. According to research undertaken by Data Barracks (http://datahealthcheck.databarracks.com/) in 2014, human error/accident, still accounts for 18% of data loss within organisations, highlighting the need for robust information management policies and regular staff training on best practice in data management.
Good data management can also help to reduce the risk of sensitive information falling into the wrong hands!
- Practices must have a procedure to monitor key dates
- Practices must have a procedure to ensure that all personnel, both permanent and temporary, are actively supervised.
The data held by firms in the Professional Services sector is both highly sensitive and extremely valuable, meaning that there is a great deal of client trust in firms with responsibility for storing data securely.
Firms that fail to implement the appropriate measures required to protect their data, not only face a significant regulatory risk but also a substantial reputational risk, both of which could damage the firm beyond repair.
As an indication of the potential impact of a data breach, the Ponemon Institute (http://www.ponemon.org/), one of the world’s leading research centres on data protection and information security, highlighted that the average cost to a firm of a data breach in 2014, was circa £2 million.
- Practices must have a procedure to monitor client satisfaction across all areas of the practice.
File and Case Management
- Practices must have procedures to ensure that matters are progressed in an appropriate manner.
- Practices must have a document procedure for using barristers, expert witnesses and other external advisers who are involved in the delivery of legal services.
The Lexcel Standards for Legal Practices is a great framework that allows law firms to work safely, honestly and ensures risks are kept at a minimum.
In terms of cyber security and data management, the framework sets out to make sure that law firms are actively taking cyber security into account within the Structure and Strategy, Information Management and Risk Management areas of the framework.
To find out more about becoming cyber secure and complying to the Lexcel Standards, contact us.