Legal Tech Talk 2024: WHAT THE SPEAKERS SAID
PART 2
As we promised in Part I – we are back with more pearls of wisdom from our illustrious speakers. So, without further ado, we give you –
Barry Swart – AJS
What would happen if you became the victim of a cyber-attack?
Imagine that you have lost all your electronic data, all your files, all your emails, all your accounting data, all your work in progress. Would your company survive?
Let’s pose a scenario – imagine you have a secret, something you need to keep safe, something you need to guard with your life. Imagine it’s stored on your computer. Is your secret safe?
No. Your secret isn’t safe because if your computer is connected to a network, for example it has Bluetooth, Wi-Fi, or ordinary internet connection, a hacker can and will steal your secrets.
Let’s assume you unplug your computer and kill all your connections – no Bluetooth, no Wi-Fi, no internet connectivity of any kind. Nothing. Is your secret safe?
No. Your secret isn’t safe because someone can steal your physical computer and steal your secrets.
Let’s assume you take your computer and lock it in a bank vault. Only you have the combination. Only you have the keys to that vault. Is your secret safe?
No. Your secret is still not safe.
Let’s take this to this to the extreme – you take your computer, you cast it in a ten-ton block of concrete, you take that block of concrete and dump it in the Mariana Trench – is your secret safe?
Probably not!
The thing about keeping your digital secrets safe is to realise that nothing is really safe!
It’s all about cost vs reward. A hacker won’t spend R10 million to steal a secret that’s worth R10 000. So, when it comes to your digital secrets make sure that it’s difficult to get to those secrets.
If we look at the types of attacks and cybercrimes we see these days – we get phishing attacks, spear phishing attacks, whale phishing attacks. There are 1.7 million ransomware attacks happening every single day. It’s daunting when you realise that these attacks can happen to you.
(To read more on these types of attacks, click here).
Now you may be saying to yourself – I’m in the business of law. I’m not in the business of cyber security. I’m not even in the business of hardware or software. I outsource all of that. But all of us – even lawyers – are in the business of data.
And because we are in the business of data, it isn’t a case of if you will ever be attacked. It’s not even a case of if you will ever experience a cyber-attack. It’s a case of when. And it’s a case of whether your organisation will be able to recover from it. The next cyber threat is really a ticking time bomb waiting to happen. And you could be the one sitting on it.
On the 27th of July 2024, AJS withstood a cyber-attack by a new group of hackers called Cicada 3301. They had taken advantage of a new vulnerability that had been discovered in Windows – vulnerabilities in Windows are discovered all the time. Microsoft hears about the vulnerability, they work through it, release a patch and you then get an update on your computer. But in-between the time the vulnerability is discovered, and you receive the update, you are vulnerable to attacks.
Cicada 3301 target large, listed companies in health care, property, construction, IT, and law firms. They take control of servers and ransom them for money, which in our case was R11 356 000.00 for one server in our hosting environment. We have 171 servers. And there’s an 80% chance they won’t give back the data you have just paid for.
After the initial shock of the attack wore off, I began to gather my thoughts – are we prepared or this?
Do we have the necessary protection in place?
The development team, are they highly skilled, are they qualified, do they use international best practices?
Does the development team design our software from the ground up with top security in mind (Security is not something that you can add to your software later on. It’s something that you need to start with – from the ground up.)
Have we recently done a security audit on our software to make sure that our software compares to the latest and the greatest security standards?
If one of our hard drives fails, and then another one and then another one – can the system pick up the slack without our clients noticing that there’s a physical failure in our infrastructure?
Is our remote disaster recovery station up and running? Is it more than 30 km away from our hosting site – Why? Because of acts of God, floods, terrorism, earthquakes?
What about our firewalls – internal and external firewalls. Hardware, software, AI powered firewalls. And very important – do we have system monitoring software that will notify us the moment there’s an attack?
Do we have security, policies and procedures in place. Do we update them regularly?
Our network specialists, can they protect us against the biggest attacks in the world?
Do we have an incidence response plan? If something happens, how will we respond to the attack?
Do we have up to date backups?
After answering YES to all of the above, I realised that we would be ok and that we would survive this. Why? Because we were prepared.
We knew how to defend ourselves against the attack, we knew how to isolate our network, we knew how to make sure that none of our clients lost their data, and most importantly, we did not have to pay a ransom to the hackers.
It’s only when something like this happens that you realise the value of having an incidence response plan and a network team that knows how to execute this incidence response plan.
You have to be proactive about cyber-attacks. It’s real. You can outsource your IT, but you cannot outsource your responsibility to stay safe.
We were tried. We were tested. We survived. And at the end of the day, we won.
Contact AJS here.
Tony Dovale – LifeMasters
Management and leadership matters.
There are leaders that break people. Leaders that abuse people. And they think it’s good. They think it’s good to be a rough and tough, dictatorial kind of leader. If this kind of leadership style resonates with you, it’s time to catch a wake-up because that world is gone.
If you don’t create a context, a culture and a leadership style that enables great performance from your people you will lose them. And good people are hard to find.
So, take a moment to think about what percentage of your staff may be ready to move in the next 12 months, what percentage of your staff are openly looking for new opportunities? And what percentage of your staff if they leave will be worrying for you?
The concerning thing here is that you probably – on average – spend more money on your car than on technology, than on hardware and IT tech that can help your firm perform better. Even more concerning is the fact that you most definitely spend more on your car than on the people within your organisation – what I call “warm ware”.
The thing is – if you don’t address the heart part of your “machine”, of your organisation, you will be left out in the cold. Because the world of dictatorial push force is gone.
The challenge is this – as a leader you have unlimited potential but it’s not being used correctly. And you are frustrated because your staff appear to have no work ethic, and don’t know what they’re doing. But the truth is, it’s not your staff’s fault. It’s your fault. Because you don’t know how to lead in an inspiring way. Staff want more heart; more love in their place of work. Not more fear. And not just tech.
We are creatures of habit. Our unconscious brain makes decisions seven seconds before we are aware of it. Just like an elephant that is chained at the circus – it could get away if it wanted to, but it doesn’t. Why? Because it has trained helplessness. You have it, your staff have it. But that’s what a leader is supposed to undo and unleash – the potential within their employees.
Get to know the individuals in your firm – what’s their “love language” that makes them feel valued and appreciated? Remember – the right people matter. So, grow your people, train them, engage with them, get them involved in the processes, give them meaning, support them, give them recognition and validation. Do what you can – as a leader – to bring out the best within your team.
Because people will work for a living, but they will die for a cause.
Performance transforms via leadership consciousness. Good leadership is the defining difference in an organisation and in a high-performance team. So, lead by embracing the soft skills – because the soft skills are the hard skills.
Remember – just because you upgrade your tech to the latest and greatest on the market, doesn’t mean you will automatically be successful. You have to bring both tech (the head) and the heart into your organisation in order to thrive.
You can stay as you are – in a rough, tough, dictatorial, toxic work environment – and risk never being part of a winning team. Or you can change by caring about your people and embracing the future.
Some people bring happiness when they walk into a room and some people bring happiness when they leave a room…. Which one are you?
Contact LifeMasters here.
It’s at this point that we can say – hand on heart – that we truly believe that the LegalTechTalk 2024 was a phenomenal success. Connections were made, knowledge was shared and law firms around the country took important steps to future proof their practices.
We look forward to the LegalTechTalk 2025 which promises to be bigger, better, with more venues and larger crowds. Watch our updates for news on this – coming soon.
In the meantime, if you are ready to incorporate a new tool into your existing accounting and practice management suite, or if you need to start from scratch, feel free to get in touch with AJS – we have the right combination of systems, resources and business partnerships to assist you with incorporating supportive legal technology into your practice. Effortlessly.
AJS is always here to help you, wherever and whenever possible!
– Written by Alicia Koch on behalf of AJS
Related posts
Leave a Reply