Technology Expectations Insurance Industry Clients Should Have of Their Outside Counsel

Bob Dolinsky, CIO, Sutherland Asbill & Brennan

Bob Dolinsky, CIO, Sutherland Asbill & Brennan

Insurance industry clients should have certain technology expectations when employing outside counsel. These expectations will vary depending on the scope of services provided by a law firm to a client as well as the requirements of the client, which may vary. Generally, though, insurance industry clients should expect outside counsel to have at least a strong focus on client service and practice-enhancing capabilities and security and risk mitigation capabilities.

Client Service and Practice-Enhancing Capabilities

There are many client service and practice-enhancing capabilities that a law firm should provide for its clients. Law firms should have a culture that is ’technology friendly’, and recognizes that technology can enhance client service delivery. A law firm’s technology and related processes should reflect a drive for excellent client service. A law firm’s technology should be able to provide the following capabilities:

The ability for the law firm’s team to work anytime, anywhere for its clients- This should include easy-to-use and secure access to firm systems, and support for the ever-increasing and relied-upon mobile device environment, as well as document sharing and even video conferencing capabilities.

24x7 tech support for lawyers- Lawyers need to be able to work 24x7. In order to do so, they need to be supported 24x7. Law firms should provide technical support during off hours as well as during typical business hours.

Easy–to-use and effective means of collaborating with clients - Client collaboration is no longer just exchanging documents by email. Collaboration now should include matter workspaces that support easy–to-use and secure document sharing and joint drafting capabilities. Features should include jointly managed matter calendars, issue lists and other tools.

Strong internal research capabilities – Efficient internal research should help a firm eliminate ’reinventing the wheel’ as well as minimizing the learning curve for clients and matters. Tools should include powerful search engines to search internal work product, ‘wikis’ to support the internal exchange of knowledge, and experience databases to ensure that firms have the best possible resources assigned to a matter.

“Law firms should have a culture that is ‘technology friendly’, and recognizes that technology can enhance client service delivery”

Strong external research and knowledge management capabilities - To ensure access to the latest developments, information and knowledge in the insurance industry, these capabilities should include both push and pull technology. Push technology delivers this information to the lawyers whereas pull technology enables lawyers to easily get to information resources.

Strong Legal Project Management (LPM) capabilities- Legal Project Management (LPM) is an important client service tool to help manage budgets and results for clients.

A team of lawyers and staff that is technology savvy- Making investments in technology is only part of the challenge and ensuring that lawyers and others in the firm know how to use it is just as important. A firm needs to provide effective training and opportunities to learn in a more relaxed environment (building off the concept of the Apple Genius Bar), along with events that users can attend to learn more in a one-on-one environment or to ask questions.

Billing capabilities that meet and exceed the needs of clients- Clients should expect that invoices can be delivered in electronic form with invoices breaking out time entries by tasks.

Technology that enables the law firm team to work efficiently and effectively for its clients-Examples of this technology include the use of effective workflow and ’paperless’ technology to enhance productivity and reduce costs for clients.

Strong practice support capabilities- There are insurance industry-specific uses of technology, internal and external research capabilities, and client support databases that should be a part of a law firm’s technology resources.

Security and Risk Mitigation Capabilities

Security and risk management are increasingly and appropriately getting more attention in the law firm arena. Law firm clients should expect their outside counsel to focus on and make investments in cybersecurity initiatives. Some that should be implemented or on the list for implementation include the following.

A firm culture that focuses on information security- Law firms should have a culture that reflects a focus on, and attention to, information security. Firms should have a user security awareness program that educates users on the importance of security for client information.

Ensuring that only those who should do have access to systems and data - Access to the firm’s information must be protected by reasonable access controls such as dual authentication, strong password policies, and strong controls over wireless access. Strong intrusion prevention and intrusion detection capabilities should also be in place.

Strong Encryption Practices - Data at rest on laptops, removable media such as flash drives, file transfers and even email should have the capability of being encrypted if requested.

Periodic security assessments -These assessments should be conducted by third parties and cover all aspects of the firm’s systems, including; applications, storage, network, remote access and mobile devices. These assessments should include penetration testing as well as social engineering testing.

Access to known sites that are sources of malware and viruses should be blocked -Products that at least warn and preferably block access to known problematic sites should be in place.

Strong security over sensitive data- Data related to insurance industry clients is likely to be highly sensitive and may include PHI, SSN, PII and HIPAA data. Law firms should have the capability to identify and secure this type of data for their clients.

Controls over the use of non-firm-owned computers- Many law firms rely upon bring your own device or similar policy. Controls should be in place to mitigate the risk of viruses and malware getting to firm systems through non-firm-owned computers. There should be a requirement that non-firm-owned equipment have adequate anti-virus software, be up to date on security patches, and have strong passwords in place.

Strong security over the use of mobile devices - Increasingly, lawyers are using iPhone, Androids, etc., to stay connected to their firms. These devices can be lost, stolen or hacked. Law firms should make use of Mobile Device Management (MDM) systems that can help secure mobile devices and “wipe” them clean of firm data if needed.

Physical security access controls-Access to technology-sensitive areas such as data centers, LAN and WAN equipment, and even client-related hardcopy materials should be managed to include only those individuals who need to have access.

Weekly Brief

Read Also

Business Agility is Key

Business Agility is Key

Jane Possell, SVP & Chief Information Officer at CNA Insurance
Evolving Constantly with the Changing Trends is the Key to Success

Evolving Constantly with the Changing Trends is the Key to Success

Randy Paez, Chief Information Officer, Arch Insurance Group
Project Management is Deal...Long Live Project Management!

Project Management is Deal...Long Live Project Management!

Douglas Duncan, Vice President, CIO, Columbia Insurance Group
A Promising Road Ahead for InsurTech

A Promising Road Ahead for InsurTech

Chris Purcell, CIO, PEMCO
InsurTech and the Benefit to the Business

InsurTech and the Benefit to the Business

Brendan Mills, CIO, nib Group