At Cultivate 2019: Brisbane, David Bowles, Solicitor from the Queensland Law Society (QLS) led the panel discussion on ethical considerations for law firms today. From hiring with ethical considerations in mind to technological changes, cyber security and innovation, David shares his tips, via a Q&A, for ensuring a strong ethical culture in your firm whilst maintaining strong relationships with your clients.
Ethics is critical to our identity as a profession. It always will be. As we disseminate into multidisciplinary teams, there’s a risk that you lose track of the overall picture. We are all trained in legal ethics yet, often, we rely on good people to be honest.
In a more complex environment, with a mix of technology and people, we need to set in place a real system that looks for problems and functions as an audit system to keep us accountable. You need to understand the technology that you are using first, and understand the workflow so that problems don’t arise that might affect your reputation and your firm. You can’t ignore something if you don’t understand it.
Ethical requirements are the same today as they were years ago, say in 1910. What has changed is the type of teams we work in – multidisciplinary teams- and the technologies we have involved into our processes. It’s the same as when you are trying to develop and drive an innovation culture. There will be people who are risk adverse and those who are more inclined to take risk, but what happens if a team member takes a risk and it pays off? The more cautious in the organisation are ignored. Thus, your culture is made up of what you notice and what you reward. Topics and ideas that are discussed at Friday night drinks, these are what you are going to get in the people your hire for your firm. So, you need to be very careful with that and make sure that what you are wanting to encourage is trained into people at every level and the people who do deliver that are noticed and recognised.
You can’t assume that your IT person will take care of new technologies for you. You’re the only one who understands your role in your organisation more broadly and understand how the moving parts of your firm work with others.
The traditional way of answering this question is to list the top things you can do to protect your firm, such as:
The non-traditional answer to this question though is to consider a mindset change. If you’re working in a big firm and you are a divisional manager, you cannot afford to simply “let IT handle it”. They don’t know your division as well as you do. You can’t rely on them. Big companies around the world have problems in their security systems, not because of the technology they are using, but instead because of the processes and the people involved.
For example, a few years ago Google and Microsoft, both which know a bit about IT, got a hit for around $100 million. This was because a fraudulent invoice was sent and over time, the bill was paid. You can’t rely on the IT shell around you. You’ve got to have this mindset change.
There is no level of cyber security protection required for firms, but QLS is trying to get together with the other states Law societies to develop a ‘star rating’ for cyber security. The reality is you aren’t going to have the cyber security protection of a bank, and if you are trying to do so, you won’t get there because you simply don’t have the money.
If you focus on who is trying to attack you, it’s not the Korean Government, or Mossad or the Ukrainian Secret Service, it is criminals who are using software developed by those organisations, but they are running a volume business. They are going to give your law firm a quick shake on the security door. If you pass, they move on to the next firm.
So, if you understand that, develop a company-wide mindset and build an Information Security Team who looks at your firm’s information security as a whole, then you are on the way to standing up to that shake on your security door.