It’s tempting to only think about email security in terms of protecting revenue. And it’s true that email security does that – it prevents financial penalties from regulators and the loss of clients from data breaches or reputational fall out. However, with so many organisations keeping a closer eye on the security within their supply chains, having excellent email security can help law firms to win clients and generate future revenue too.
We recently welcomed Mike Duff, CSO at Harneys law firm to discuss the topic of email security as a revenue generator with Egress Senior Vice President, Mark Lendon. Harneys are a global offshore law firm with an international client base including large financial institutions and private individuals. As a result, they work with a lot of highly confidential data.
Throughout the webinar, Mike and Mark explored how and why strong email security plays a vital role in both protecting and generating revenue in the legal industry. We’ll recap some of the most interesting takeaways here.
Email security as a revenue protector
As Mike explained, client-attorney privilege is a cornerstone of the legal industry. The safe handling of data is crucial in everything a law firm does and reputations are built (and broken) on how well firms protect their client’s data. The legal sector is also a heavily regulated one, adding to the need for excellent data security.
However, Egress research found that 90% of legal firms have experienced at least one data breach via email since the pandemic started. Law is a highly-pressurised sector, where it can be easy to become tired or stressed, especially when meeting tight deadlines. Unfortunately, this counts for nothing with clients when a data breach strikes. And all it takes is one slip of the finger and an email is gone and can’t be brought back.
Remote working has of course increased the amount of digital sharing, and with it the chances of data loss from human error. When people are working from home from personal devices, mobile devices, and shared environments, there’s simply more room for human error to take place. For example, a lot of printing goes on in law firms, and in the office these documents can be either securely stored or shredded. In people’s home, this isn’t always the case.
A law firm’s reputation is only as good as the last case they represented, so human error is something they simply can’t afford to let creep into their day-to-day work. As a CISO, you can make your business very hard to hack, but preventing human error is a much trickier task. Intelligent email security lends an important helping hand, offering a technological guardrail to help employees when the (often inevitable) human mistakes arise.
How email security can generate revenue too
Looking after client data is a top priority for Harneys, according to Mike. This should be true for any law firm – reputations are hard-earned over many years but can be lost in an instant. And when a reputation is lost in the legal industry, it’s hard to win back.
Clients are well aware that they’re sharing sensitive information, so it’s a key selling point if a firm can prove that this information will be looked after properly. Email security can help to maintain a good reputation by ensuring a firm doesn’t experience data breaches from human error and never makes headlines for the wrong reasons. This doesn’t just protect a firm’s standing with existing clients – it helps to win new ones.
More clients are taking an interest in the level of data security throughout their supply chain. After all, strong internal security counts for little if you have a weak supply chain. Law firms know there’s scrutiny from both clients and auditors, so having sub-standard email security is a risk when it comes to winning new business. Large corporates, the type who work with firms such as Harneys, expect legal firms’ security systems to be equally as strong and robust as their own.
Egress research shows that 62% of law firms have seen an increase in clients asking whether they have email DLP in place. Mike said that it’s unsurprising clients want to know what plans and safeguards are in place to secure their data. Details of firewalls and security operations aren’t enough – clients want to know what’s going on ‘inside the castle’ to protect their sensitive information before they choose to work with a new law firm.
Making the internal case for email security
The case for implementing email security is much stronger when it’s framed as both a revenue protector and a revenue generator. As Mike told the webinar attendees, you need to be good at sales when you work in security – especially when trying to bring new systems and software into a business.
Email security can sometimes be seen as taking money out of the business, rather than tools for generating revenue. It’s important for CISOs to reframe this conversation. Data security is so important to modern clients, that intelligent email security can be a powerful selling point.
It’s key for a modern CISO is to find solutions that engage with staff and take a proactive, rather than a reactive, approach. They don’t want to create friction through extra hurdles and additional clicks. It’s vital to have a dynamic, proactive response that ebbs and flows along with your business. The goal is to create a security system that works seamlessly in the background, genuinely helping people rather than overburdening them.
This is the approach Egress take with our Intelligent Email Security platform. Egress Prevent uses machine learning to silently analyse the content and context of all outbound emails in order to eliminate the risk of misdirection and incorrect attachment. Likewise, Egress Defend does the same thing for inbound emails, flagging and blocking any sign of phishing and educating the user on the danger signs to watch out for in the future.