Phillips Lytle Increases Firm-Wide Vigilance with OnGuard Information Security Awareness Program
If your law firm is targeted for a cyberattack, are your attorneys and staff prepared? Do you have the right information security measures in place as well as the vigilance to prevent attacks?
As recent news stories confirm, law firms face considerable information security challenges today. Whether it is employee errors that lead to data breaches or hackers that target a firm for information about their corporate clients, forward-thinking law firms are renewing their focus on information security.
Phillips Lytle, LLP, a 180-year-old law firm based in Buffalo, New York, is one such forward-thinking firm. The firm’s strong information security measures and policies helped it ace stringent audits from financial institutions, but firm leadership wanted to take things even further by instilling a proactive approach to information security in its employees.
“In terms of legal malpractice, security is an area of grave concern,” shares Edward Bloomberg, a partner at Phillips Lytle. “We were looking for a way to proactively reach a wider internal audience about security as well as continue to protect the firm and its clients.”
Adds Brian Eckert, Executive Director for Phillips Lytle, “We had successfully navigated an extensive security audit by one of our financial institution clients. However, we wanted to ensure that security continues to be front-of-mind for our firm.”
The firm also wanted to demonstrate its security savvy to its insurance underwriters.
“I fly to London every other year and sit in front of underwriters who ask what the firm is doing about security,” comments Bloomberg. “While we always have developments on that front, we wanted to amplify our efforts with a dedicated security awareness program.”
Phillips Lytle’s leaders knew that they would need outside resources to spearhead the program.
“How do you start a security awareness program for more than 400 lawyers and staff across numerous offices?” asks Bloomberg. “It’s always been my belief that a good lawyer knows the extent of his expertise and capabilities. If we tried to do it to ourselves, we’d send out information that sounded like lawyers wrote it. We’d probably get a low response rate from important audiences such as young associates and administrative staff. To maximize participation in the security awareness program, we needed to partner with a company experienced in learning, development, behavior change and effective communications that also knew how to work with law firms.”
Peer Recommendations Lead to an Experienced Partner
Phillips Lytle began researching potential partners, and many of Eckert’s peers quickly returned a recommendation – Traveling Coaches.
“I had put an inquiry out to a small group of friends who do what I do and Traveling Coaches was recommended by several of my contacts. I quickly discovered through independent efforts that Traveling Coaches has an excellent reputation for working with law firms. I felt that we could easily collaborate with them and that they could get the message across to our audience,” says Eckert.
After evaluating Traveling Coaches, the company’s OnGuard Information Security Awareness Program was an easy sell to the managing partner and the firm’s governing committee and board. OnGuard focuses on raising employees’ awareness about information security issues, communicating the business reasons firms are changing the way they work, and ultimately influencing and educating professionals to change their own behaviors. The program is truly turn-key, including online content, knowledge checks to measure learning, reference materials, marketing materials, and more – all of which provide a comprehensive foundation for a secure legal environment.
“We were excited about what Traveling Coaches could do for us,” explains Eckert. “They had a method and processes in place to educate our firm on security awareness with a long-lasting impact.”
OnGuard in Effect
Traveling Coaches kicked off the information security awareness program by gathering the firm’s practice group leaders, the CMO and the head of human resources for a strategic planning discussion. During the full-day meeting, the group discussed key factors in planning for a successful program at the firm, such as goals, firm culture, and business drivers for the initiative.
As Eckert sums it up: “You could tell from that kick-off meeting that this was going to work.”
After the session, Traveling Coaches developed a change management plan based on discussions during the strategic planning sessions and additional conversations with a cross-section of the firm’s leadership. This plan served as a blueprint for the project and included customized content to reflect Phillips Lytle’s policies and best practices.
OnGuard officially launched with town hall meetings delivered by Traveling Coaches in of Phillip Lytle’s offices during October 2015. The town hall sessions were delivered to staff as well as lawyers, with lawyers receiving CLE credit. The town hall sessions provided an overview of information security challenges facing law firms and their clients, an explanation of the most common threats targeting law firms, and the role every employee can play in keeping information safe. During the session, participants were introduced to the OnGuard library of materials and information on how they could learn more about keeping the firm’s information safe, as well as protecting their personal information.
“For most meetings in a law firm, one-third of the people like it, one-third don’t say anything and the final third only say bad things. The security awareness town hall meetings, however, received a high number of positive responses with many attendees saying they enjoyed it and that it was thought-provoking,” shares Eckert.
Eckert continues: “We got highly favorable comments back on the CLE evaluation forms such as ‘That was really worthwhile’ and ‘We would have never thought about what they discussed.’ Traveling Coaches brought a new view on security awareness to Phillips Lytle.”
After the initial town hall sessions, the program continued with a topic from the OnGuard library being highlighted each month and firm employees and lawyers encouraged to review one module each month. This ongoing approach rather than an annual event, is much more effective in keeping information security front of mind for employees, and in effecting behavior change.
With Traveling Coaches, Phillips Lytle created a high level of security awareness that resonated positively with its lawyers, staff, clients and even its insurance carrier.
The firm, guided by communications best practices from Traveling Coaches, demonstrated a high level of engagement in support of the program. This contributed to its success.
As Eckert explains: “Ninety-eight percent of Phillips Lytle’s attorneys and staff attended the town hall meetings. It speaks to our firm’s commitment to security as well as the skill level of Traveling Coaches.”
The program and content also garnered a good overall response. Overwhelmingly, the OnGuard town hall sessions received marks of “excellent” on evaluation forms from the firm’s lawyers. Lawyers shared feedback such as “Very helpful,” “Great and informative program” and “Great speaker. All good!”
“Traveling Coaches ensured that all components of the program were relevant to our law firm and its culture. They made it real, engaging and entertaining. OnGuard got our interest and kept our interest. I view it as an extremely positive experience,” comments Eckert.
Beyond positive internal reviews for the town hall sessions helmed by Traveling Coaches, Eckert and Bloomberg are pleased with its impact on two important external audiences: Clients and the underwriters for the multiple syndicates that write the firm’s malpractice insurance.
“We saw immediate benefits in being able to share our ongoing security awareness program with our clients. It demonstrates that their security - as well as our own - is always a priority. In fact, it was a plume in our hats regarding ransomware attacks. While those attacks prevail in corporate environments and other law firms, our attorneys and staff already had in-depth training about how to secure their processes and prevent malware attacks. People are forwarding emails to IT and asking if they are legitimate. We’re seeing actions like this even from attorneys,” says Eckert.
Bloomberg notes that the OnGuard Information Security Awareness has been well-received by the underwriters as well.
“We negotiated a provision with our professional liability carrier that, if we bring them an idea to address potential liability concerns and they like it, they will return a portion of our professional liability premiums. We presented OnGuard and they agreed. Since both parties realize the importance of security in a law firm environment, it immediately made sense,” Bloomberg explains.
“I would tell any law firm that they are being penny-wise and pound-foolish if they think they can create a culture of security with in-house resources,” Bloomberg continues. “I absolutely recommend Traveling Coaches.”