Skip to content
Legal Technology

ILTACON 2021: Hot takes on asking your CFO for a legal tech budget and cybersecurity’s worst practices

The annual ILTACON, which began this week, brought together a multitude of legal tech gurus both online and in-person to discuss some of the hottest topics in legal

LAS VEGAS — The ILTACON conference, the annual soiree presented by the International Legal Technology Association (ILTA), opened this week as a hybrid event, both virtual and in-person, amid concerns and precautions about the lingering effects of the pandemic.

It was the first high-level in-person get-together of legal tech professionals in almost two years, and as such, didn’t fail to deliver a good amount of tech-awkwardness, such as someone holding up a microphone to an iPad so Joy Heath Rush, the CEO of ILTA, could join remotely.

Still, the event brought a multitude of legal tech gurus together IRL (as the kids say) to discuss some of the hottest topics in legal, including how to ask your organization’s CFO for investment in legal tech projects and the worst cybersecurity practices to avoid.

Making the case for legal tech investment

Kenneth Jones, Chief Technologist for Tanenbaum Keale (and an occasional writer for this blog), joined two CFOs — Daniel Lasman of Fish & Richardson, and Ed Aguero of Cole, Scott & Kissane — to present a panel on how legal technologists within an organization can best advocate for the needed budget and resources to better leverage legal tech to transform and improve their organization.

The panel, titled Advocating for Legal Tech Budget by Speaking the Language of the Modern Legal Chief Financial Officer, focused on making the case to the CFO as to why such tech investment is needed within the organization.

Kenneth Jones

Jones said they modeled the presentation, very loosely, as a “Shark Tank” episode, in which he presented three project proposals — moving a document management system (DMS) to the cloud; establishing an overall security program; and undertaking a financial system upgrade — to the other two CFOs hoping to evoke commentary from their perspective on the proposals.

“I thought the session was unique in that ILTA does not generally have a lot on the insights or perspective of non-technical law firm C-Suite financial leadership with respect to tech project scoping and approval,” Jones said. “I think it was really good content for legal tech professionals to hear.”

The panel outlined some clear components of what the CFO must hear from the technologist if the CFO is expected to fund proposed legal tech projects, including:

      • What does the project accomplish and why is it important to the firm?
      • How does the project improve efficiency, reduce, or help manage costs?
      • How does the project fit in with the current and future priorities of the organization?
      • And, perhaps most importantly, what is the implementation plan, including a list of required resources in both dollars and personnel?

“Legal tech professionals need to try and define the financial benefits to the organization, in terms of return on investment (ROI), cash flows by year, and defined savings,” Jones explained, adding that it is also crucial for a firm technologist to partner with law firm executive management on proposals and to be willing to adapt as needed, especially around scope, timing, and budget. “It’s also important to ‘speak different languages’, so to speak, to different constituents, such as fellow technologists versus those on the business-side of the organization.”

Keeping the worst from happening in cybersecurity

Another well-received panel at ILTACON was the discussion titled Common Security Worst Practices, which included panelists, such as Mel Gates, senior legal editor in Privacy & Data Security for Thomson Reuters, highlighting a top 10 list of the worst cybersecurity practices and analyzing common challenges organizations face when trying to strengthen their cybersecurity defenses. (You can read a full interview with Mel Gates about her ILTACON presentation at Thomson Reuters Legal Current here.)

Some of these worst cybersecurity practices include:

Mel Gates
Mel Gates

Failing to understand and consistently manage cyber vulnerabilities — This includes not making needed patches in a timely manner or not maintaining the organization’s IT asset inventory. Panelists suggested establishing a patching policy and prioritizing remediation activities based on risk.

Failing to destroy data when appropriate — Not deleting old, unneeded data or not supporting a formal data retention policy can lead to trouble. Organizations should train their users on data retention and establish back up protocols with tools and automation.

Believing you can outsource your risk management and accountability — Organizations should understand the need for due diligence and continuous management of their service providers and suppliers. Security leaders within an organization should embrace their role as protector-of-the-business and of clients

As the panel made clear, organizations should recognize that while the fire department racing down the street with sirens blaring is reassuring, a community without fires is a much better place to live, work, and do business.


You can see more coverage of ILTACON 2021 at Legal Current here.

More insights