Smoke without fire

During the Easter weekend in 2015, an underground blaze stretching one square mile from Kingsway, Holborn caused mayhem in central London. It took 36 hours to put out, led to thousands being evacuated and businesses impacted for a considerable period.

Though different in nature and nowhere near the scale of covid-19, from a business continuity and disaster recovery perspective there are similarities – and learnings that can be applied today.

In the thick of it

I was the IT director at a central London law firm at the time, only metres from the epicentre. We had detailed business continuity and disaster recovery plans, but it’s only when an event occurs that one realises that no matter how well thought through strategies are, gaps exist due to the unpredictable nature of black swan incidents.

For starters, when the fire erupted and human safety was the key priority, every- one exited the building – with the business continuity and disaster recovery plans safely pinned to the office notice boards, which had been placed there for easy access in the event of an emergency.

In recent years, we’ve come to take electricity and internet access for granted but, on that day, in a flash there was no power or internet, making the situation highly critical. Aside from accessing the soft copy of the business continuity plans, how could the firm enable wholesale, efficient remote working?

How, for instance, could it ensure the safety of data and disaster recovery processes (cloud adoption wasn’t at the level it is to- day)? How was the firm to communicate with employees and clients without tools such as Zoom and Teams? It wasn’t known how long it would be before normal operation could resume.

This incident potentially played a key role in many businesses’ approach and strategy for IT investment and adoption – much like the influence covid-19 will have for the future.

Tech to the rescue

The number one challenge was communication – with staff, clients, third-party suppliers and service providers; indeed, with every kind of organisation that a business needs to work with when running a commercial entity.

In law firms, communication is typically via email and phone. With all staff at home, correspondence became a huge challenge in the absence of email; and with no access to the data centre until the disaster recovery plans were invoked.

Perhaps the saving grace was that every- one in the firm had mobile phones, having recently transitioned from the Blackberry to the iPhone.

That helped a little, but typically people don’t store every number they may need on their device. One of the lessons learnt was ensuring we could maintain regular communications between individuals, so we worked with a third party to develop a business continuity mobile app.

This allowed in-app ‘push’ messages and gave staff access to the employee phone directory, making it easy to communicate with colleagues. Additionally, with staff safety paramount the app gave the firm the ability to undertake a rollcall from the mobile phone.

De-risking it

The need for strategies to de-risk IT and the traditional way of working became clear – a requirement equally applicable today. Cloud computing had a business case even five years ago but today it’s a no-brainer. Firms need to seriously consider moving their on-premises systems to the cloud, taking advantage of its inherent benefits – always on, scalable and secure.

Many firms moved to the cloud after the 2015 fire, but today there are still a significant number of organisations with data on-premises and, in this pandemic, are struggling to keep busi- ness efficiently operational.

Cloud-based systems and data centres have inbuilt security, resilience and redundancy, generally at a level that’s rarely equalled with on-premises systems; and capabilities that few firms could hope to achieve independently. Security and compliance are critical aspects which need to be considered when selecting any system (not just cloud).

Many of the systems used by law firms and large corporates have widely recognised security and compliance accreditations. These should be checked carefully as part of the due diligence process and any shared responsibilities understood and managed.

While the nature of the communication challenge is different today, effective communication remains the number one challenge with widespread remote working.

The Microsoft Office 365 suite is highly valuable; moving email from on-premises to Exchange Online takes the reliance off an often-overloaded email server; and firms gain access to Teams.

Most firms are knowledge repositories with the information residing in documents. These documents are the work product. A cloud-based document management system is indispensable to enable lawyers and other staff to work securely from any location or device.

These applications seamlessly integrate with Office 365 and Outlook. For a remote working environment, this approach almost eliminates the advantage that an office-based environment may pro- vide for access to matters and information related to the firm. In future, location of where work is conducted will become immaterial – ‘working from home’ will become just ‘working’.

Thus far, relocating practice management systems in the cloud hasn’t been explicitly successful in the larger and well-established firms.

This is primarily because these firms already deploy the traditional practice management systems that have limited capability to transition to the cloud, compared to the small and medium-sized firms who have adopted the more recent entrants to the market.

In recent years, the route of travel for larger firms has been to move their practice management systems to environments such as Microsoft Azure. The London fire and covid-19 have clearly established the need for minimal reliance on on-premises technology and greater operational flexibility.

A mix of software-as-a-service (SaaS) solutions for critical functions such as document management, time recording, finance and accounts or an Azure-based platform will deliver flexibility, organisational agility and de-risk IT. More importantly, in this new world insurers will demand this level of technical sophistication from law firms to insure their business.

IT investment

From a commercial standpoint, covid-19 is a business continuity incident so firms need to be able to deliver the same level of service to clients as before the incident occurred. IT investment strategy will need to change, in tune with new business practices and the needs of the 21st century employee.

Surprising as it may sound, many firms (including some of the biggest and the best) don’t have a flexible working policy or set of practices that make flexible working possible, despite proven technology available to facilitate remote working. Covid-19 has made clear that access to the traditional office is no longer a given and future IT investment needs to cater for a highly dispersed workforce.

At the most basic level, desktop PCs may now be redundant. When the lockdown was announced, many firms had to undertake a significant outlay to provide employees across the board with laptops.

Even though digital signatures are legally admissible internationally, are more secure than wet ink signatures and in keeping with the needs of digitising data, their adoption isn’t as wide- spread as one would expect. Digital signature technology now becomes essential.

Security has always been a priority for firms but their approach to adoption has been conservative. Just in the last few weeks, we’ve seen security scams increase exponentially as cyber criminals see a massive opportunity for fraud during lockdown.

With a remote workforce becoming conventional, firms will need to increase their investment in security to adopt measures that help minimise threats emanating internally and externally.

Technologies such as behavioural modelling, machine learning, Zero Trust and need-to-know security will become critical to protect confidential business data.

Thought will need to be given to technologies that provide operational scalability without compromising performance while minimising costs. At the same time, IT support structures will need to change.

Firms must review their IT infrastructure holistically to determine its suitability for the post covid-19 business environment, then take tangible measures to make it fit for purpose today – and agile for the foreseeable future.

Neil Davison is the chief technology officer at Ascertus and a former IT director at Farrer & Co