How can law firms overcome the security concerns that come with the shift to more flexible working?
Many law firm leaders are planning on welcoming their staff back into the office and exploring how this will work under a hybrid model, alongside the new challenges and opportunities this will bring. But this also comes with many concerns. As increasing numbers of staff are told that they are free to organise their own office schedules and can work from home whenever it is appropriate, such new flexible working policies mean that firms need to accommodate changing document management requirements.
Transitioning to digital
Law firms have been working slowly over the last decade to transition to digital processes. In 2013, the government launched an online claims portal to help keep track of and manage claims efficiently and quickly. Created to deal with claims of up to £25,000, the portal applies to organisations on the receiving end of employer liability and public liability claims. On May 31 2021 a new separate system was launched called Official Injury Claim. This service deals with motor accidents and handles personal injury claims up to £5,000. Virtual hearings conducted over the telephone and video links are becoming more common practice, which is extremely useful in sensitive court cases. Over the recent years, partly driven by GDPR, many law firms have been forced to rethink the way they manage data. Paper case files and manual processes were still very much prevalent in the legal sector pre-Covid. The current crisis, though, has completely shifted the way law firms work; they have had to quickly adopt new ways of working. It has presented a window of opportunity for private law firms to review company structures and identify inefficiencies that have existed for years. The need for an efficient method of working was highlighted further during the lockdown when employees without electronic access to documentation struggled to work from home. In a typical law firm, desks are stacked with correspondence and filing cabinets and archive rooms are full of confidential client documents. It is very hard for staff to transport a vast amount of paperwork around when working remotely, especially if multiple people are working on a case simultaneously from different locations and need access to the same case documents. With this documentation being incredibly confidential in nature, accessing such records in a secure and compliant environment was another obstacle law firms faced.
Law firms have been warned to rethink remote working policies to avoid cyber-attacks and data breaches., especially when working with sensitive data. When searching for a document management provider, law firms need to look for certain accreditations which will give them the ease of mind that their data is in safe hands. ISO 27001 is a world recognised standard for information security that outlines best practice for processing and storing sensitive data. Following regular audits, Storetec continues to demonstrate highly secure scanning operations and subsequently, has maintained the ISO 27001 accreditation for years. This is very important when looking for a provider as they will be working with sensitive case information. The Cyber Essentials Plus certification indicates that an organisation takes a proactive stance against malicious cyber-attacks and demonstrates that they have taken the essential precautions to protect their organisation against cyber threats. Being certified to Cyber Essentials Plus means clients have the reassurance that their provider is continuously looking to improve IT and security measures against the threat of cyber-attacks which is essential when working with and storing sensitive data.
To combat security concerns, firms may already benefit from a Virtual Private Network (VPN). A VPN reroutes a user's internet activity to another location so their location and identity cannot be tracked. This will benefit firms massively when their employees are working from home or on a public network. It keeps the user from becoming a victim of a cyber-attack and hackers from accessing their data. Another key consideration to ensure adequate security of documents is digitisation. Whilst documents exist in hard copy format alone, they are always at risk of permanent damage or loss via various potential disasters such as fires, floods or even just being mislaid on a commute to the office. By digitising documents, the single point of failure is removed as documents can be securely stored and backed up to ensure they are never at risk of permanent loss, whilst also facilitating fast and secure access that is not limited by location. That said, digitisation itself also comes with some key considerations such as the legal admissibility of the scanned images. This is easily addressed by selecting a document scanning provider, such as Storetec, who can guarantee legal admissibility by scanning in line with BS10008 - the recognised British Standard for evidential weight and legal admissibility of electronically stored information which outlines best practice for migrating paper records into digital files.
What about GDPR?
There are concerns about data retention policies and whether remote workers are abiding by required data retention policies. With regulations such as GDPR in place, businesses can receive serious fines for mishandling personal data and it is estimated that the average data breach costs £3.86M to resolve. Therefore, it is essential when looking for a provider to ensure they have extensive knowledge of regulations governing data protection such as the GDPR 2018. Storetec's compliance team is available to advise on how data protection impacts your business and the steps to ensure GDPR compliance. Article 32 of GDPR states that businesses should implement appropriate technical and organisational measures to ensure document security - meaning, if employees are working from home and accessing confidential personal information, there must be appropriate security measures in place such as data encryption. As a solution, firms can utilise a secure cloud-based document management system, such as FreeDocs, which has all necessary security provisions in place to protect the most confidential documents. Document management systems such as FreeDocs can encompass several features such as data encryption, detailed audit trails, managed password policies, IP address restrictions and super-user restrictions. Furthermore, additional security provisions can be integrated such as 2-factor authentication; meaning when logging in, a code will be sent via SMS to a pre-approved phone number for validation. User access can also be restricted; this means employees working remotely could be restricted over printing, emailing, and accessing certain confidential documents. Storetec works closely with the Law Society to offer support to solicitors regarding effective records management.
Our experienced team can offer advice and support on data protection, statutory retention periods and more. Get in touch today to learn more about the benefits of effective document management to combat the various security concerns that can come with flexible working.
T: 0800 612 4065