Insights from DCS
Knowledge for the information generation

How RPA Can Solve the Legal Industry’s Cyber Security Woes

By Pola Zafra-Davis - 5 Aug 2019


Robotic Process Automation (RPA) is still in the early stages of adoption in the UK legal sector. Only 4% of law firms have adopted robotic process automation with the Top 50 firms leading the way. The versatility of robotic process automation for law firms is either unknown or underappreciated. Sure you may have heard of uses in accounts payable, staffing & recruitment, and financial compliance. But for law there is another alternative: cybersecurity.

Robotic process automation in the legal sector can be applied to processes that are routine, repetitive, involve rules and logic; also known as “swivel chair” processes. These swivel-chair processes also exist in information security.If you do find robotic process automation anywhere in law, you’ll find it in the transactional legal services.

Only 19% of RPA-adopting firms are using it for high-value legal services. In the high-value services it’s all about technologies that improve client accessibility, data insights and data visualisation at 81%, 54% and 61% adoption rates respectively.

This new tech ecosystem has become increasingly necessary for delivering services for high-value clients. LegalTech are tasked to hold incredibly valuable information like logins and user details from collaborative tools, financial details in e-filing, named parties in document management forms, etc.

But when law firm systems are breached they have led to illegal insider-trading and media leaks by cyber criminals. Unfortunately, it’s the law firm that finds itself part of the headline and is identified as the attack entry-point!

The currently less popular robotic process automation is not a technological silo that sits apart from other new technologies. RPA’s value can also lie in strategically protecting a law firm’s wider tech ecosystem from cyberthreats. We’ll be describing RPA’s applications in greater detail (click to jump):

  1. Tasks for Robotic Process Automation, Cyber Insecurities and the Legal Industry’s Bottom Line
  2. Why Introduce Robotic Process Automation to Your Law Firm’s Legacy IT Systems
  3. Robotic Process Automation Safeguarding Against Vulnerabilities in Integrated Legal Apps

Tasks for Robotic Process Automation in the Legal Industry, Cyber Insecurities and the Bottom Line

With the squeezing of company budgets and the introduction of alternative legal services, competitive client delivery for the legal industry is more important than ever.

Each sign-in into a law practice management software, each document pulled from a case manager, and each e-mail sent from a server becomes a risk for client confidentiality. Worker and client details can be cross-referenced by hackers to laterally access other software, databases or those of external organisations.

If a law firm’s computer structure contains undiscovered exploits (or if their IT staff become so tired that they start making oversights and errors!) a client’s financial data and legal proceedings are at risk.

In a law firm’s vast information network, robotic process automation can perform crucial but mundane cybersecurity groups of tasks such as those that fall under:

  • Digital identity access
  • Data protection and data discovery, including data loss protection and mediation
  • Threat detection and response

All of these “behind the scenes” responsibilities happen when any file or software is accessed. There is an IT machinery chugging away if anything is downloaded or any detailed is typed inside a system. High profile cases show how risky it is to hold or access private client and employee information. The string of 2016 cyberattacks from China; the 2015 attacks directed at 48 law firms; the Panama Papers and Paradise Papers leak come to mind. LogicForce’s Law Firm Cybersecurity Score Card found that 40% of law firms did not know they were breached in 2016. The situation has become so severe that MacFarlane Chief Charles Martin named cyberattacks as an “existential threat” to the legal industry.

Since cyber crises make up 48% of crisis management exercises undertaken by law firms, there are also impacts on legal staff trying to perform regular operations. The 2017 DLA Piper hack by Petya Ransomware locked staff out of their system for more than 2 days. Pundits claim that this could have cost the firm millions in lost revenue per day!

While the IT team is quietly panicking, this happens….

  • Lawyers become unable to review important deadlines because of the inability to access case management files.
  • Litigators are unable to create or access court bundles.
  • Important files and e-mails can be wiped from the system or corrupted via malware and ransomeware.
  • Potential clients will start to doubt the ability of a law firm to protect sensitive information..and may even spread their doubts to their connections!

Why Introduce Robotic Process Automation to your Law Firm’s Legacy IT Systems

Despite everyone using firewalls, anti-virus scanners, patching operating systems and third-party apps, incidents still occur. Phishing attacks are the most common cybersecurity incident in the legal industry. In PwC’s 2016 State of the Legal Industry Survey, 12% of firms were suffering attacks daily and 30% on a weekly or monthly basis.

No doubt the in-house IT team would be under immense pressure to both safeguard against external attacks on their servers and identify phishing infiltration. One challenge is securely integrating new batches of software into the law firm’s legacy IT system.

Luckily robotic process automation is well placed for legacy system adoption and can perform security tasks until an in-house IT solution is found. Filling the gap with robots provides a cost-friendly and operationally efficient alternative to hiring more IT staff or immediately replacing a legacy IT system. Legacy replacement can even take years!

Robotic process automation’s software robots use rule-based logic and operate on clearly defined pathways. Just like the way malicious code within malware and ransomware operate.

Robots imitate any cybersecurity task with a pre-defined process. Examples include:

  • Repetitive application access requests, alleviating pressure on an IT help desk.
  • Discovering and re-allocating sensitive data around the document management system.
  • Security validation and checks to identify vulnerabilities in applications.
  • Security control tracking and patching known vulnerabilities in the overall IT architecture.
  • Removing time-wasting access errors. This is useful as legal and business clients start to expect greater speed and responsive communications when working on a case.

The case for RPA and cyber security is not about a firm’s legacy internal servers vs. new cloud servers. Robots can be introduced to both. But this first step towards robots can close the security gap while giving a law firm time to bring their IT architecture up-to-speed.

Robotic Process Automation Safeguarding Vulnerabilities in integrated Legal Apps

The insecurity of the internet and piece-meal apps create multiple entry-points for a client’s data to be lost or compromised. Even with something as mundane as a law firm employee using a mobile password management app to store passwords, the firm is vulnerable.

When fee earners in a law practice is exposed to more disparate mobile and desktop apps in e-discovery, time keeping, or case management – infiltration opportunities for hackers and viruses multiply. A survey from Palo Alto Networks revealed that 68% of UK cyber security experts felt that cloud adoption didn’t take into account the full security risks.

This doesn’t mean you should burn your phones and delete all your software keys. But it is still important that any application and law practice management software should give the firm’s IT team the power to control access to the system.

One issue is that even in this robot-less best-case-scenario, it would be near impossible for an IT staffer to police all of a law firm’s cloud software all of the time. The Palo Alto Survey also reported that only 15% of UK security professionals were able to maintain consistent cybersecurity across cloud networks and endpoints.

Reasons to consider robot to help out your IT team:

  • Robots do not get worker fatigue. Robotic process automation also operates with 100% accuracy.
  • Multiple robots can be deployed at any given time and each robot can be assigned a different type of task. This is especially useful if you find that there are multiple inefficiencies in handling the security of various legal management software and legacy systems.
  • Robots can also be given the responsibility of highlighting threats and can collect data and create tickets in suspicious user behaviour.
  • Robotic process automation keeps away internal hackers or victims of social engineering. A user doesn’t need to find an overly technical way to direct a robot. Software robots mimic the user’s actions on the interface level. It doesn’t require access to an API…. which is convenient since a lot of software vendors wouldn’t give out their API anyhow!

While robots in RPA may not have the smarts of an IT Chief in troubleshooting problems, processes that need human judgement can be solved15-20% faster through human-robot collaboration.

In short, robotic process automation enables greater threat discoverability and speeds up sorting and processing incidents. It’s very useful in a diffuse app environment. Just a handful of robots can mitigate the liabilities of law data breaches across devices, access points and individuals.

Robotic Process Automation - Parting Words

Robotic process automation’s impact on a law firm’s cybersecurity strategy goes beyond RPA’s argued savings in back office staff. The consequences of the law profession if firms were to replace or scale-down book keepers, paralegals, and librarians with robots is a discussion for another time. All things being equal – robotic assistance in cybersecurity operations alone can have a positive knock-on effect by efficiently protecting the various apps and/or legacy IT systems used by all law firm employees.

So if your lawyers aren’t too keen on working with robots yet, you can still shove them in the back closet where all your servers live. They like that.

You may also be interested in....

Robotic Process Automation Solutions Page
Blog – 6 ways RPA can Help Law Firms Meet the Challenges of Fixed Recoverable Costs Blog – Can Robotic Process Automation complete the automation loop?