Viewing archives for Risks & compliance

Cyber security & compliance strategy for non-technical Board members

Cyber and compliance are huge threats, but for a non-technical board member it’s difficult to set direction and strategy if you’re not an expert.

It’s a subject that isn’t going away anytime soon and keeps many business owners or CEOs awake at night. If you get the basics right you can protect yourself.

We have created various pieces of content on this matter. Our latest is this short video.

You might also find 13 key steps to cyber security for non-technical Board members relevant/interesting too.

You can also download and read our full CEO’s Briefing about Cyber, Legal, Compliance.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Cyber, Legal, Compliance … how a CEO can sleep soundly

It is not an exaggeration to say that most days we meet companies who have been hacked, their reputations damaged, and money lost. Successful websites can be juicy targets; ransom-ware can bring a company to a standstill.

Many companies have demanding standards and huge contractual penalties imposed on them by their customers. And the law is tighter than ever, with big fines making headline news.

The threat of cyber makes many CEO’s of mid-market companies feel exposed and uncertain. These are complex issues, your time is short, and finding a simple commercial and strategic approach can feel difficult.

But there are simple strategic steps and this document describes the basic projects to make your business secure and compliant.

You might also find 13 key steps to cyber security for non-technical Board members relevant/interesting too. And a short video about Cyber security & compliance strategy for non-technical Board members.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

13 key steps to cyber security for non-technical Board members

Cyber attacks can be complicated, but in our experience over many years, most are REALLY SIMPLE and EXPLOIT BASIC WEAKNESSES.

In the vast majority of cases, simple steps can make you safe, or minimise disruption in the event of an attack. But, normally, these decisions are taken by technicians and the Board are not able to effectively challenge or lead.

Here is a simple list of 13 questions and answers to allow non-technical Board members to stop hoping for good luck!

  1. How do we get security risks and issues under control?
    Every substantial business should maintain a list of risks and issues, with some analysis of the options and mitigations. Each risk or issue should be owned by someone around the Board table who has the expertise, time and ability to manage it. This document should be reviewed by the Board at least annually. The list and the open discussion drives sensible, productive decision-making and avoids a culture of sweeping issues under the carpet. This approach prevents overspending in the wrong areas – it’s all about “proportionate response”.
  2. What kind of insurance do we need?
    Unfortunately, not all Cyber Insurance is created equal and you need to take care to select an appropriate policy and provider. Check the exclusions on the policy and ensure a member of your Board understands the cover. Cyber Insurance may not give you back money that’s stolen from you – that generally requires Criminal Insurance. Check your IT is compliant with your policy conditions – the devil is always in the detail and your IT team or supplier need to know what they have to do to maintain compliance? Finally are your suppliers’ contracts clear about their liability and are they appropriately insured?
  3. How do I get staff to take security seriously?
    Security systems can be bypassed by canny criminals because they know where the weak link is … it’s your people. Create a “security culture”, where taking this stuff seriously is encouraged. Ensure you and the Board demonstrate good practice – for example, if you write your passwords on post-its then you should fully expect your staff to do the same… and one day you will probably be hacked as a result. Many hackers exploit helpful staff who simply hand over money! Sound financial processes, clear controls, good education and ongoing training are all vital to security. Remind people to “think before you click”!
  4. How do we keep data secure?
    Access to systems and data should only be given to those who need it. This is known as a least-privilege policy. For example, when a person is given access to a system, the default should ensure that person has no rights to anything. Then privileges should be granted according to what that person needs to do in the system, building up to only include the data and processes they require. If you don’t follow a least-privilege system, then you are really exposed to cyberattack, to fraud and to errors. When users’ roles change their access should be reduced if their job doesn’t require it anymore (and their access removed altogether when they leave!)
  5. What are firewalls?
    Start by ensuring your office has sensible physical security. Then make sure the equivalent measures are in place for your systems – these are your firewalls. Knowledgeable and trusted experts who understand the complexities of system and firewall management need to configure this equipment and to keep it up to date. Specifically ask them whether they have minimised points of access (ports) and are using secure ports for email and web access rather than standard ports.
  6. Why is it important to keep security up to date?
    This should be so simple, but most hacks exploit the fact that many companies fall behind. All computers should use up to date operating systems which are properly patched; utilise up to date anti-virus and anti-malware systems. However these systems only work well when they know what they’re up against. Newer protection systems coming on the market look for programmes acting suspiciously and will automatically shut down the programme before it has had time to cause mayhem. These systems provide protection against new attacks (often called “Zero Day”) because they spot the bad behaviour of an application rather than recognise the malware itself.
  7. What is data encryption?
    To protect your data, it should be encrypted and only accessible to those with the approved rights to look at it. Where you have customer data, particularly user accounts and passwords, ask your IT team whether the data is “hashed and salted” which will make it very secure and difficult to break even if your systems are breached. It is unforgiveable nowadays to be holding personal or confidential data unencrypted (known as “clear or plain text”).
  8. How should we backup our data?
    Your data and systems should also be well backed up and the backup must be stored off-site, preferably with no connection to your live systems (known as an “airgap”). Ensure the backups include multiple versions of the same document in case corruption or malicious encryption took place at some point in the past. Having a decent data backup can be the difference between having a business post-disaster and not.
  9. What is a penetration test?
    A penetration test is an assessment by an expert company of your website and network to find weaknesses. This is essential if your website includes custom software or any kind of ecommerce services. Poor technical practices can result in custom software being full of holes and these are well documented in a standard list known as the OWASP top 10. This list are the standard vulnerabilities that almost all hackers focus on – ensure your penetration test includes checks against the OWASP top 10. Simple!
  10. Practical but secure password rules.
    Many hackers don’t have to be clever because users make it easy by choosing “password123” – hackers automate attacks testing thousands of obvious passwords until they get lucky! Users must take passwords seriously, choose long passwords that are hard to guess, use different passwords, and don’t share. Software can be used to store passwords securely, but if people must write down details then these must be locked away. Make sure your systems are configured to enforce good password discipline and lock out users after repeated failure attempts. Sensitive systems should be protected by 2 pieces of information, not just a password (this is called “2 factor” or “multi-factor” authentication).
  11. Sensible Cyber Attack crisis plans.
    Establish how you will handle a crisis in advance. Who’s in charge if you are attacked by ransomware and decisions need to be taken on the spot. GDPR makes specific requirements about notifying the ICO if you suffer a security breach – who is responsible for making this happen; failure to do so will result in a fine.
  12. Why does security certification matter?
    Certification will give a focus and purpose to your efforts to improve security. A good place to start is Cyber Essentials Plus certification. This will provide you with a government standard accreditation that directly demonstrates to you, your company and your customers that you take security seriously and that you’re working to ensure their data is held securely and your systems are well managed. We know of clients that have won new customers simply because they stood out from the competition by having Cyber Essentials Plus accreditation. If your business is complex or has specific security requirements then ISO27001 provides you with a means to go further and embed a “security culture”.
  13. Who should be in charge of Cyber Security?
    Someone around the Board table who has the time, expertise and right commercial attitude! This person needs to start by getting clear on what you’ve got – who are the users, 3rd parties and suppliers who access your systems. List your equipment, networks, software etc. What are the crown jewels that really matter and ensure these are these properly protected. If you want a high-class CIO, CTO or IT Director on your side and sitting around your Board table … then that’s where we come in!

You can download and read our full CEO’s Briefing about Cyber, Legal, Compliance here. And a short video about Cyber security & compliance strategy for non-technical Board members. Or, visit our Knowledge Centre which includes all content related to this topic.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Why CTOs are on the rise in mid-market businesses

Many of our clients are using custom software and digital initiatives to drive sales, increase efficiency or improve service. Sometimes they are disrupting entire markets. As a result the requirement for a commercially astute CTO is on the rise. Our Co-Founder and Director Graeme Freeman discusses this in more detail in our video below.

Over the coming weeks we are creating a series of content pieces about CTOs, their role, how to find and recruit  them and the invaluable benefits they provide to a business. All of which can be found on our CTO Knowledge Centre page here.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Board action plan: 10 steps to Digital Transformation

Ambitious business owners will always look for ways to improve the way their organisation functions. Digital transformation is just one way. It enables a business to function more efficiently and in the long term with greater cost savings. But to see any of these transformations occur there is a requirement for a solid IT strategy that fits in with the overall business strategy and an experienced technical leader to help you get there.

This is our final piece in the DT series and is the Board action plan that will help you get started on your own journey. It covers ideas around automation and artificial intelligence, risk analysis, data visualisation and much more which are all achievable if you’ve got a vision and the right people to get you there.

So what exactly is Digital Transformation?

For our clients, Digital Transformation simply means using IT to deliver dramatic improvement. That’s different to just an upgrade or fixing some niggling problems. It means: using IT to make a significant change for the better.

That may just mean simple IT done well – that’s surprisingly rare! Or it may mean genuine technology innovation, something that is breaking new (or new’ish) ground.

We simplify this issue by defining 4 different kinds of transformation:

1. Market break-through
2. Wow customers
3. Internal redesign
4. Tame the risks

For an explanation about the 4 types, read our original post.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Digital Transformations – Efficiency, effectiveness & risk management

For many companies, the technology strategy begins and ends with technical details in which the Board have little interest. The absence of a digital vision and any experienced IT leaders means that the IT slot on the Board agenda is a discussion of details, issues and gripes. The Board may simply see IT as a problem to be overcome or a beast that has to be fed.

But IT genuinely has the ability to transform a business. There are radical new ways to grow the business, to serve customers better, and to make more profit.
Businesses that can connect with these benefits are, understandably, valued far higher than their low-tech competitors.

So what exactly is Digital Transformation?

For our clients, Digital Transformation simply means using IT to deliver dramatic improvement. That’s different to just an upgrade or fixing some niggling problems. It means: using IT to make a significant change for the better.

That may just mean simple IT done well – that’s surprisingly rare! Or it may mean genuine technology innovation, something that is breaking new (or new’ish) ground.

We simplify this issue by defining 4 different kinds of transformation:

1. Market break-through
2. Wow customers
3. Internal redesign
4. Tame the risks

For an explanation about the 4 types, read our post.

This document is a briefing on internal redesigns and risk management.

For one of our clients, detailed later, this meant not only radically improving how the business worked, but reducing IT spend by 75%! For other clients this meant halving delivery times, or massively improving competitiveness by calculating risk accurately and pricing products correctly for the customer.

Successful Businesses Focus Outwards

Directors of growing mid-market businesses tend to be focussed outwards – for example, they are often defined by an obsessive attention to the needs of the market, their customers’ perceptions and building revenue. Sometimes this includes supplier and partner relationships as well – securing excellent relationships, pricing and terms with suppliers can be of strategic importance.

Perhaps entrepreneurs are defined by their focus on seizing opportunities rather than worrying too much about details of how the deal will be fulfilled.

So as company revenue turns from millions to tens of millions, process, organisational and behavioural issues build up. Typically, people’s jobs become progressively less productive, there is increasing reliance on individuals, and often there is more argument and friction between people.

Many CEOs of growing businesses become exasperated as they feel that they are employing ever more staff who seem to spend their time making work for each other!

But, at every stage, the Board take the view:

  1. the issues are manageable
  2. the business is profitable
  3. securing growth is more important – in other words securing growth is more exciting!

And this can result in a mid-market business becoming progressively complicated and management “papering over the cracks” using old-fashioned ERP systems and point-solutions.

Most importantly, many staff begin to see these issues as normal and they see handling and wrangling these problems as the purpose of their job.

People stop complaining about how much time they spend in Excel processing an order, instead they ask for more Excel training. They begin to look forward to being promoted to Senior Order Administrator. Everyone has forgotten that order administration should be entirely automated.

Three Main Opportunities

A useful way to navigate Digital Transformation is to consider 3 specific opportunities:

Customer Integration is Changing

Integrating with customers allows you to provide higher levels of service and lock-in, but customer service is not what it used to be!

Increasingly customers of all sorts want to interact using mobile apps rather than call centres. Many people, especially younger people, expect a chat interface even in a B2B environment and many companies are using bots and language recognition to fully or partially automate their handling of incoming requests or queries. Bots can support call centre agents and increase their throughput and responsiveness or automate parts of their roles.

And modern back-office systems allow integration far more easily than they did in the past using APIs. So your prospects may well make their buying decisions based on how easy it is for their systems to integrate with yours and if you can offer faster, simpler, more reliable and secure integration than your competition then that can be a powerful USP.

Internal Redesign

In some cases it’s possible to bring about genuine transformation simply through a successful, well-engineered top-to-bottom system replacement programme.

British Retail Consortium (BRC) are the go-to trade association for all UK retailers. Their membership encompasses over 70% of the UK retail industry (by turnover) and they have 25 years of history. Over the last 2 years they have been through a complete systems transformation project with impressive results.

BRC’s CEO, Helen Dickinson OBE, summarised their objectives:

“We had systems and ways of working that were deeply embedded but not always very efficient. Several areas of our business were caught up in this problem and it impacted people’s attitude to their work as well.
Many aspects of our business are about publishing and our website was completely out of date. Not only did it fail to project our brand but publishing content was difficult and time consuming.

 

And our working practices were looking old fashioned – lots of expensive office space and everyone chained to their desks. It was time for a major overhaul.”

David Webb from Freeman Clark became BRC’s CIO and over a 24 months period he shaped, planned and delivered a programme of changes. David explained:

“Real change is about systems and how people work, so a large part of this project was ensuring that communication was effective and people were lined up.

For example, once we had created a rapid and effective website and publishing system, we had to work out how to take BRC’s brilliant content and turn it into things people want to read, watch or listen to. This meant new ways of working as well as new roles and new attitudes.

We replaced every system in the business and we also moved to modern offices and implemented flexible working and hot desking to reduce space by 30%. This was a worry for staff and we spent a lot of time in workshops and discussions. We had to create policies and rules but also give managers strategies and simple ways to make these changes work.

But the end results speak for themselves. The old systems were not fit for purpose and overall IT costs were 10% of revenue. This has now reduced to 2.5% of revenue!”

Chillisauce are an example of both removing swivel chair problems and improving integration with suppliers. And, no surprise, this has also enabled them to radically improve their customer experience as well.

Chillisauce is an events agency, specialising in stag and hen parties. They offer a choice from over 5,000 different activities in 70 cities worldwide. Customers use their website to select all the components of their own bespoke event including activities, locations, hotels and transport.

James Baddiley, CEO of Chillisauce explained the challenge:

“Our website was previously just a brochure which customers could browse on line but if they wanted to actually book anything they had to call us. We would craft the event with them over the phone and we would liaise with the suppliers manually to pull it all together. We’d communicate with the customer through emails throughout this process and at the end, hopefully they would book! Of course some customers still want to talk to one of our experts and it can be good to provide some personal service. But much of the process can be automated.

 

Our website was very inflexible. If we wanted to add a new product then this was a very major undertaking, so it was a drag on our ability to really expand and develop our business. Choosing and buying a stag or hen do is a major decision for people, we want to make it fun and offer the best experience and the best options on the market.”

One of our Principals, Tony Tinnirello advised Chillisauce on a programme of work to transform the entire fulfilment activity. Tony explained:

“We implemented a suite of new systems, all based in the cloud, and we used some sophisticated technology to link them all together. It’s all largely automated. So the entire process is far less manual, far faster and less error-prone. Critically we generate prices dynamically so customers can see the price right in front of them – that’s very rare in our market!

Communication with suppliers is challenging as they range from airlines who have sophisticated systems, to a farmer offering Zorb Football in a field! For the airline we integrate with their system in real-time, for the farmer we create automated emails and he can login to our portal to confirm he has taken the booking.

The result is that customers can create their event online, book and then check the status of each element taking shape.

From our internal point of view the new systems also now provide a wealth of data. We can check revenue and margins on every product, check we’re meeting service targets and rapidly deal with any issues. In particular this has been a huge time saver for the accounts department.”

Availability of Information Can Transform Growth Prospects

The growth of many mid-market businesses is limited by the lack of availability of their Board to pursue major changes and expansion. And the fundamental reason is that the Board are too busy managing the business and this takes most of their time and energy.

As the business expands, it would make sense to build a layer of senior managers under the Board but the barrier is a lack of hard information which should be the basis for delegating meaningful decision-making authority and accountability.

When information is not available the business operation continues to revolve around the knowledge, experience and “gut feel” of the Board members and this becomes a serious choke on expansion.

Real-time and accurate data can be the basis for:

  1. informed, objective decision-making by middle and senior managers according to rules, guidelines and set targets
  2. introduction of machine learning tools and Artificial Intelligence to reduce effort, improve speed, reliability and accuracy
  3. visual analytics technologies can allow people to better understand complex data, to get insights and new ideas.

Because data can allow the expansion of senior management to free up the Board, availability of information is more than just a detail, it can have a truly transformational effect.

Tame the Risks

Finally, digital transformation can be focussed on improving a business by addressing risk management. By understanding risk in specific contracts, products or customers, you can price more accurately and competitively. Provision for risk can be applied more specifically, perhaps by more sophisticated analysis of a company’s own existing data or by combining data from multiple systems, and potentially 3rd party data as well.

In some cases the transformation might be achieved by more timely application of existing risk processes. For example, real-time calculation might allow more accurate pricing for sales people on the phone, or can allow real-time calculation of prices whilst customers are going through a purchasing process online.

Integrating systems can ensure that credit risk information is applied during the sales process as prices or processes can be adjusted dynamically in line with customer credit risk at an individual, group or aggregate level. Or, very simply, customers should be put on hold in real-time if credit limits are breached – many companies have had the experience of putting a customer on stop just a few days too late!

Having accurate risk reporting can also significantly reduce time wasted by Directors worrying about this issue. If simple risk data is available in real-time then the Board can understand the level of risk and take measures to adjust it as a routine activity. Automated rules engines or AI can pick out patterns or raise alerts when thresholds are near or are breached.

Simply having hard facts available all the time can reduce the level of anxiety and wasted energy!

For companies heavily reliant on IT, well-structured systems can reduce their existential risk by ensuring that they are more resilient in the event of a disaster.

In the past the British Retail Consortium (BRC) experienced a fire in their office and were locked out for 3 weeks. Their CEO, Helen Dickinson OBE, explained,

“We basically had to shut down for 3 weeks because we were locked out of the office due to smoke damage and our systems were unavailable.

 

One of the benefits from our transformation project was that we were able to start again with our business continuity plans. And the tragic London Bridge terror attack in June 2017 put this to the test as our office was again unavailable for several days. But this time we were pretty much unaffected and were able to continue our business without interruption.”

For businesses providing critical or 24/7 services, a Digital Transformation might be justified simply in terms of providing a proper robust platform for continued operation in the unlikely event that the office or parts of it are unavailable.

Where to Begin

The opportunity for ambitious mid-market businesses is to start with a blank sheet of paper and design the internal framework you really want.

In our experience mid-sized businesses often have a huge advantage over their larger competitors in this kind of transformation because larger companies are mired in details and variations. The 80/20 calculation for a larger business is far more difficult because the absolute value of the 20% is much greater. In addition, larger businesses have layers of managers who are deeply entrenched in existing ways of working and the effort to change behaviours will be a huge task.

For ambitious mid-market businesses, the Board can get close enough to the coal-face to personally see and hear what is happening, and the company is small enough to make rapid decisions and to make changes more quickly. Of course a major change is never simple, but the scale of effort increases greatly for larger companies.

Starting the journey towards a Digital Transformation is perhaps the most difficult step. The following questions can be a useful kickstart for a Board workshop…

  1. How much of your cost is not directly related to winning customers and fulfilling their needs?
  2. How many experts do you have locked into “swivel chair” roles where they simply manage systems and data, and help other people around the business to do the same?
  3. How could you really integrate with your customers activities?
  4. How could you remove waste from your business by integrating with your suppliers or partners?
  5. How much is it worth to you to correctly quantify risk at a supplier, customer or product level?
  6. How much would it be worth if you were able to reduce the risk of a major outage affecting your business?
  7. How can you remove the barriers to enable you to lead this transformation?

Imagine that, tomorrow morning, you read in your trade press that one of your competitors has made a radical change that leaves you behind.

Be the one who does this first!

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

How to avoid a CRM car crash

Any CEO knows that customer information is a very valuable asset. And how you manage customer relationships is vital. So of course you need to implement systems to help you standardise and manage this… But we see countless CRM projects that fail, systems that are mis-used, under-used, or never used at all.

So why is this the project that fails most often? Why do we meet so many CEOs who despair at their company’s attempts to make this work?

Why is this project the one most likely to end up as a car crash?

This CEO’s briefing explains what a CRM system is, why companies use them and presents 10 golden rules in avoiding a CRM project car crash!

If you find this CEO’s briefing relevant, you might also find another recent article from one of our sister businesses of interest. The Marketing Director’s view on CRMs written by The Marketing Centre.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

 

Even for Visa it’s hard to get disaster recovery right, can you?

The recent Visa systems outage brings disaster planning into sharp focus. A simple hardware failure brought chaos to shoppers across Europe. Whilst no-one yet knows the details, this should be a salutary lesson for all businesses: Not having a plan for a disaster and testing it regularly can be a costly mistake. Unfortunately, it’s a rarity for businesses to have a decent plan and even rarer for a company to test those plans. If Visa can’t get this right, then how can an ambitious mid-market business hope to do any better?

Disasters happen more frequently than you think; at least two of our clients have experienced a disaster that could have brought their business to its knees if we hadn’t been involved. A fair estimate is that an average business will be hit by a catastrophe every 5-10 years. Hardware fails, software fails. Hoping nothing will go wrong is simply a delusion.

When we start with a client, one of the first things we do is to create a risk and issues log with the Board. This is the beginning of a good DR plan and we treat it seriously. It is a long-term priority for us to ensure our clients have good plans for when things go wrong. And good plans mean plans that are appropriate, practical and tested. Of course, some of our clients provide critical 24/7 services and they need bullet-proof disaster plans; for other clients the plans are far more loose – the key point is that the plans are appropriate. It’s not doom-mongering, it just makes sense.

Preparing for the worst is an on-going activity because things change, but a good place to start is to imagine some common scenarios and to work them through with the management team. For instance, what would you do if your company’s office was completely off-limits due to a police incident? What would you do if your internet connection was down for a few days? Or, thinking about the recent issue at Visa, what would you do if your main servers failed? Playing out these scenarios will expose weaknesses and priorities and will help you focus on what needs to be implemented to prevent these outages from having a major impact on your business. That may be an updated process, improved system or better distribution of critical services. Practice makes perfect, so these scenarios should be worked through regularly embedding them in the minds of your management team so they are easy to execute when it comes to the crunch.

In reality, when disaster strikes then you will need to respond and adapt to the circumstances. But the rehearsals mean that you have already worked through the critical questions, for example: who can make decisions? how will key people be contacted? what are the priorities to keep your business going? The directors and management can handle unexpected situations far more effectively because they have a common understanding and have workshopped situations like this before.

If you’d like to talk to one of our Principals about ensuring you have the plans and capabilities in place to survive a disaster, please get in touch via our Contact Us form or by calling 0203 020 1864.

Managing Partner’s Briefing on IT’s Role in Successful Legal Services

The context for IT in the legal sector is changing but the winners are those with, amongst other essentials, a defined IT strategy where IT spend is targeted at driving their business performance. Many of our IT Directors have wide experience in this sector and they have created this Briefing Document specifically for Managing Partners/CEOs in this sector.

 

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

IT’s evolving role in an evolving Legal sector

The context for IT in the legal sector is changing. Legal Aid cuts, new flexible legal service providers, referral fee bans, new ABS and the Big 4 accountancy firms form an increasing threat to the typical traditional mid-sized “partner led” legal firm.

A higher level of freelance and temporary legal professionals and growth in outsourcing creates new cost-pressures and new threats, but also new opportunities.

The winners are those with, amongst other essentials, a defined IT strategy where IT spend is targeted at driving their business performance. Firms must determine their vision; for example simply to use technology to drive automation and cost-savings; or to free up partners and equip them to leverage their personal relationships and to provide the highest levels of personal service.

How can IT make this happen? We see the following areas of focus for our clients:

Optimised Practice Management & Reporting – Smooth-running, effective and efficient processes are the bedrock of a well-run firm. Systems need to provide clarity on matter and client profitability, billing, WIP, expenses and cash management and to free up highly-paid professionals from excessive administration. Firms living with ageing Practice Management Systems need to untangle their processes, identify a clear Target Operating Model and select and implement a PMS to make that a reality.

Mobility – Some firms still need to move from a paper-based, solely office-based culture where senior staff assume IT is for junior staff! This means ensuring that the IT works well, for everyone, anywhere, anytime. It means good access to the full range of systems and collaboration tools for people working remotely or on the move. All staff need proper training and support and need a positive and enthusiastic attitude.

Sales & Client Engagement – Effective CRM and relationship nurturing initiatives go hand-in-hand. Successfully implementing these initiatives is partly about technology but also about process, training and behaviours. Changes to organisation and incentive structures may be required.

Cybersecurity, Risks & Compliance – Reputable law firms can easily lose their reputation as a result of technology-based fraud or IT catastrophe. Adoption of security standards and external audits can help drive programs of security and business continuity planning. Getting these right often involves getting a wide range of technology and process issues sorted out, so this can be good all-round. But there is no end to the money that can be spent, and a commercial and real-world attitude is needed.

Innovation – Most firms have very unremarkable websites, and are not taking advantage of on-line marketing or sufficiently leveraging client portals. Forward-looking organisations are already embarking on a journey to automate “low end” activities using machine learning and artificial intelligence (AI). Mid-tier legal firms must be wary of another cycle of “IT industry hype” but also need to avoid being left behind as gradual change can overtake them!

In every case the key issue is IT leadership and culture. IT must be at the top table; all senior leaders must be engaged with innovation, but there must be healthy scepticism and constant attention to ROI. The aim of IT must always be to deliver business outcomes.

IT needs to be owned by a confident, competent leader, well connected and influential around the firm. Good IT can significantly contribute to a unified and collaborative culture; and this can be self-reinforcing as more unified firms tend to adopt good IT more effectively.

Adoption and commitment are often the key factors in successful IT (and perhaps in success more broadly!) and strong IT leadership is the basic ingredient.

Read our Managing Partner’s Briefing on IT’s role in the Legal Sector here.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organisations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.