Security and knowledge must go hand-in-hand in professional services

04 March 2021 Consultancy.uk

Carlos García-Egocheaga is Managing Director of Lexsoft, a software provider to the professional services industry. He explains why security and knowledge management must go hand-in-hand in professional services.

85 per cent of fraud reported in the UK in 2020 was cyber-enabled, a report published by the Royal United Services Institute (RUSI) shows. And this is when fraud and cybercrime is under-reported. These findings are potentially reflective of the situation globally too.

Due to the constant onslaught of all manner of cybersecurity attacks, not just fraud, in the current ‘work from anywhere’ business environment, professional services firms are rapidly adopting need-to-know security measures to restrict access to data to those who need it or are authorised to view the information. 

Security and knowledge must go hand-in-hand in professional servicesThese actions are instrumental for GDPR compliance. Additionally, there are market pressures that demand such an approach from professional services firms. Routinely firms’ business contracts with clients include stringent clauses that prevent certain professionals or practice teams in the firm from accessing certain types of documents and data pertaining to their organisations. 

For example, a tax and legal services firm may be representing the top two telecommunications companies in different practice areas, validating the need for need-to-know security policies. 

Ethical walls are inadequate

Up until GDPR came into force, restriction to data access was almost negligible in professional services firms, despite ‘ethical walls’ in place. Anecdotal evidence suggests that lawyers could search up to 95 per cent of the firms’ matter-related documents. This allowed informal collaboration and knowledge sharing across the firm, providing efficiency and productivity gains for professionals. 

In 2020 with the pandemic, this data access rate dropped down to something like 75 per cent in many firms, potentially owing mainly to a remote working environment and indeed security-related attempt by organisations to limit access to confidential information. Now, due to massive security concerns and implementation of need-to-know security, firms are working towards searchability of only about 25 per cent of documents, be that within individual practice areas in the firm or across the document and information landscape in the organisation. 

Whilst undoubtedly this is a sound approach to security, applied rigidly, need-to-know security is likely to curtail sharing of information and intuitive collaboration – thereby impacting employee productivity and in turn, business efficiency and potentially the company’s bottom line. 

Many clients employ large, multi-disciplinary professional services firms because they have experts for every practice and sub-practice area. To illustrate, most tax advisories will likely offer, say corporate and personal tax advice – but very few will have the capability to offer specialised advice on Expat Tax guidance for Poland. Consequently, to deliver timely and far-reaching advice, professionals in firms need the ability to intuitively share expertise. 

With limited capability to leverage well-rounded knowledge, some of these firm could potentially lose their shine in the eyes of their clients. After all, the tax professional can no longer lean over the desk to his colleague asking him or her for the last 10 final documents prepared on similar matters in the last year. 

Blending security and knowledge management

Nevertheless, combining need-to-know security with best practice-led knowledge management (KM) can help firms effectively secure data, comply with regulatory demands such as the GDPR and facilitate spontaneous knowledge sharing.

Many large professional services firms are already adopting this approach, given that their ability to leverage and repurpose knowledge is key to delivering efficient and cost-effective client services. As firms undertake such projects, there are some best practice recommendations that are worth considering. 

Typically, professionals send the final documents, per the knowledge management policies of their firm, to the KM department, who then use a variety of technologies, including AI, to redact and store the information to comply with GDPR and client requirements. Instead, if the professionals redacted the documents prior to sharing with the KM department, while including the reference to the original document, will ensure quicker inclusion into the firm’s KM system for sharing. 

Firms will do well to consider including KM-related processes into professionals’ natural workspaces and business processes too. For instance, in some firms the KM department sends weekly emails to designated professionals (lawyers, tax advisors, compliance officers, practice heads, etc.) to help identify documents pertaining to the matters they are working on that should be included in the KM system.

This allows the professionals to add the documents into the KM system with a single click directly from within the email. Because this process is undertaken routinely and on current and open matters, it minimises inadvertent errors as the professionals are likely to remember what they can or cannot include in the firm’s KM system, based on the clauses agreed with the clients in the business contracts. 

Professionals are busy people, let’s face it, KM is not always front and centre in their minds – and perhaps even more so today in a remote working environment. Working on complex matters on a day-to-day basis, their focus is squarely on addressing the pressing business problems of their clients.

For knowledge management success therefore, a combined and intuitive approach to security, technology and process is the holy trinity that needs to be applied based on a thorough and thought through knowledge management strategy.