Lawyers told to make cybersecurity a priority at board level
25 October 2018
With the European Cybersecurity Month running this October, there’s no better time to speak about cybersecurity and the challenges law firms face.
To find out more, we asked the President and Vice-President of the Intellectual Property, Technology, Media, and Telecommunications Commission, Árpád Gered (Maybach Görg Lenneis Geréd Rechtsanwälte GmbH) and Silvia van Schaik (bureau Brandeis).
What are the challenges of cybersecurity for law firms?
Árpád: The biggest challenge is that law firms often don't consider themselves valid targets. In many cases, this leads to firms taking the minimal necessary technological precautions but forgetting about the appropriate organisational measures. This includes first and foremost educating all collaborators in a law firm on the importance of those precautions and that they can only be effective if they are upheld by all concerned.
After all, according to the ENISA Threat Landscape Report, the top five cyberthreats target the people having access to target systems rather than the systems themselves. Thus, with appropriate technological measures and the proper education of all collaborators, even law firms on a tight budget should be able to counter a significant number of threats.
What about the challenges for smaller law firms with smaller budgets?
Silvia: I believe that large firms and firms that are well known are more likely to become victim to a ransomware attack. Smaller firms may struggle more with finding affordable, practical and safe solutions, for instance for remote working. It’s not always easy to find a balance between safely storing and sharing documents and being able to work.
How can law firms overcome these challenges?
Árpád: As with every potentially challenging situation, effectively facing cyberthreats starts with consultation by experts in that field. While the concrete measures to be taken may vary from firm to firm, in all cases they should cover the ‘CIA-Triangle’: Confidentiality, Integrity and Availability.
Confidentiality means measures to restrict access to the information to authorised persons, e.g. training of personnel, authentication of users, classification of data and users. Integrity refers to measures to ensure that the information can't be altered or deleted erroneously, be it unintentionally or on purpose, e.g. permissions, version control, redundancy plans. Finally, Availability relates to measures to ensure that the information is always available to the authorised persons, e.g. failover and redundancy measures, geographically separate backups, disaster recovery plans.
Silvia: Involving experts is indeed important. Those experts should also truly understand what the work of a lawyer entails. In my experience, it’s difficult to find such experts, especially at a reasonable price. Furthermore, lawyers should have proper tools and receive training about cyberthreats and what they can do about it. Enough time and budget should be allocated for doing that.
We see that legal services are more and more embracing new technologies. But it’s time to also take a closer look at the skills available in the legal profession to ensure good cybersecurity practices are in place. In this regard, to what extent is the legal profession equipped with the necessary skills?
Árpád: In countering cyberthreats, the legal profession is not any worse equipped than other businesses that have traditionally worked with analogue media and now discover that the core of their business has been digitalised. The legal profession insofar has even an advantage over other lines of business, as secrecy obligations have always been among the core values. However - nowadays - the process is more complicated than locking up the files in the cabinet at night.
One major skill that is currently often lacking (but not only in the legal profession) is the understanding of what sharing of information over certain means might entail. While a firm might make available appropriate tools or services (e.g. secure online storage and file exchange services), it is nevertheless the people working with the information who need to understand why they shouldn't use any non-sanctioned tools or services. This is especially important in the legal profession, where confidential and sensitive data is regularly processed.
Silvia: I believe that most lawyers have the skillset but don’t always know what tools are available and how they can use them. However, I also believe that cybersecurity, or even IT in general, is still often seen as something secondary to our core business. What can be done more? Truly make cybersecurity a priority at the board level of all firms. Our clients trust us with their information, so we should do anything to make sure it is safe while also being able to do what our clients hire us for!
To find out more about the European Cybersecurity Month, please visit the dedicated website: cybersecuritymonth.eu.
In search of leadership in Dubrovnik...
16 October 2018
by Darko Marković, executive coach and leadership development expert, Inn.Side – learning and development, Serbia
We all have experiences with leaders, either in politics, our community, business or sport. If you type ‘leadership’ in Google, you may get no less than 145,000,000 of hits about books written on this topic. Somehow, everybody knows what leadership is, but there is still a never-ending interest about it. Interesting, isn’t it?
Either in life or in the movies, we can easily recognise a great leader and get impressed with their skills: how they communicate, motivate people, manage conflicts or formulate compelling visions to follow. The good news is that these superhumans were not born with those skills, those were all developed!
Looking at the topic of what makes a great leader great, contemporary leadership researchers and thinkers would agree that the expertise and how smart you are wouldn’t make you a leader; you need different ways of being smart. The outstanding leaders demonstrate several different intelligences, such as emotional, cultural, political and systemic.
In my work as a leadership development coach, I have been working with executives from multinational corporations, leaders in international NGOs, owners of businesses or start-ups. What I have learnt from them is that it is never about the skills only. Skills are important, but also easiest to learn. Skills can be learnt and trained, but to produce results they need to land somewhere. There is a need for a fertile ground. This fertile ground in the context of leadership development is leadership mindset and leadership identity.
In other words, it is not so much about WHAT you do as a leader, but rather HOW you do it and WHO you are. You can imagine two leaders saying exactly the same things, but the way the things were said and who they were as persons could have created a completely different impact on people around them. Sounds familiar?
For effective leadership in the complex and fast-changing world that we are living in, more than ever, leaders need to reflect on their leadership. This reflection should include questions like ‘what are beliefs and convictions of mine that are blocking/supporting my leadership’, ‘am I ready to say YES to my leadership?’, ‘what is my leadership calling and the source of my leadership’, ‘where do I lead from; from the past, present or the emerging future?’, ‘what does the world want from me?’, etc. Yes, you are right, this goes much deeper than ’10 steps to effective leadership’-approach, but that’s the way it is. Leadership development is much more about the inner work than public relations. In the forthcoming AIJA workshop in Dubrovnik, we will create a unique space to learn and grow as leaders and human beings.
About the Half-Year Conference in Dubrovnik
From 22-24 November, we will host our Half-Year November Conference in Dubrovnik. This year's theme is 'Building Leadership Skills for Success'.
On Friday, 23 November, participants will spend one day in an interactive workshop run by Darko Marković, executive coach and leadership development expert, Inn.Side – learning and development. The workshop 'How to become a better and more effective leader' promises to provide participants with hands-on advice and practical examples on how to become a better and more effective leader in their day to day work.
On Saturday, 24 November, participants are invited to attend one of the three parallel workshops held during the first half of the day. These will focus on how to develop leadership skills in an international association, such as AIJA, by taking on different roles within the association (e.g. commission officer, national representative, member of the organising committee for an event). Participants will learn how such roles can help them to strengthen their personal brand on social media and build a portfolio that they can showcase in their law firm or the wider legal community.
From 22-24 November, networking sessions will complement the leadership and skills development programme to allow for business contacts and meeting other international law practitioners.
Early-bird registrations end on 23 October. To register and view the full programme, visit the dedicated website.
About Darko Marković
Darko works as a leadership development trainer, executive coach and consultant. During 20 years of his consultancy work, he has been supporting leaders and organisations in their growth and transformation. He has been working with a large number of clients, including multinational companies, European institutions and international organisations in more than 30 countries. His main professional focuses are leadership development, team development solutions, cultural intelligence and systemic change. He has MA in psychology, background in psychotherapy (REBT, psychodrama) and certificates in The Art and Science of Coaching (Erickson College International), Leadership Development through Emotional Intelligence (Weatherhead School of Management, USA) and Systems Dynamics in Organisations (Bert Hellinger Instituut, NL). He is the owner of Inn.Side – learning and development and he is based in Belgrade, Serbia.