TLOMA Today

The Law Office Management Association (TLOMA) and Normandin Beaudry are pleased to officially invite you to participate in the 2022 edition of our compensation surveys.

This year we will be conducting the following surveys:

• Business Services Compensation Survey
• Associate Compensation Survey

Why participate

In an ever-changing and evolving job market, having and working with the right information is more crucial than ever. Are we under market? Are we over market? Should we increase our salaries? All questions that our surveys can help you answer. Compensation in the legal industry is rapidly evolving. We aim to capture up-to-date market data to equip you to attract and retain your workforce in a context of high inflation, ‘’Great Resignation’’ and labour shortage. To optimize your decisions regarding compensation, the survey data is detailed by region, firm size and other relevant segmentation.

Having the ability to participate in our annual compensation surveys is just one of the many advantages of being a member of TLOMA.

Your experience, our priority

As always, our main objective is to offer participants a seamless experience, while providing high quality and reliable market data.

This year again, the following features will be available:  

• User-friendly questionnaires, including all the relevant information required for the participation.
• Improved job-level descriptions to simplify the job matching process.
• Optimized report layouts.
• Online secure platform from which you will be able to retrieve all the necessary documents to complete the survey and download the survey results.
• One-to-one support provided by NB to address all of your questions and to collect your feedback.
  
  

For participants who completed the 2021 edition, your new questionnaire will include all the matches completed in the last survey which will save significant time and effort during the matching process.

A special offer for TLOMA members

Want access to a broader database? Our provider has you covered with their general industry survey, remun.

By participating in the TLOMA survey and in exchange for your data, Normandin Beaudry will offer you a one-year complimentary membership to remun, which represents a $4,800 value. To benefit from this complimentary membership, no additional effort is required on your end as NB will complete the questionnaire for you based on the information collected in the TLOMA surveys.

remun is the most comprehensive general industry survey containing useful and relevant data for over 400 organizations representing all sizes and industries. This tool, in combination with our custom TLOMA compensation survey, will provide you the total rewards overview you need. All survey results will be available in September.

You may refer to the 2022 TLOMA Compensation Surveys Pricing Structure for prices.

For more information about the surveys or to confirm your participation, please contact Normandin Beaudry at tloma@nbac.ca. 

We look forward to your participation! 

What a difference a year makes. In March 2021, we were wondering, “What’s next with the pandemic?” whereas in March 2022, it feels like we have something to look forward to and things are opening up. As I move around our office, there is a renewed energy which you don’t usually feel at this point in the winter. There is a sense of optimism that our workplaces will be buzzing again in the not-so-distant future.

On February 24, we held the TLOMA Annual General Meeting in which we officially welcomed our new board of directors. We are incredibly lucky to have the following people join the board in 2022: Brigitte Mulder (Henein Hutchison LLP) as Vice President; Louise McNeely (Laxton Glass LLP) as Treasurer; Rand Bilal (Mills & Mills LLP) as Communications Coordinator; and Colleen McHugh (McLeish Orlando LLP) as Conference Chair. I look forward to working with our new board.

At the same time, the following people have resigned from the board: Katie Donaldson (Davies Ward Phillips Vineberg LLP) as Conference Chair; Leah Halpenny (Green and Spiegel LLP) as Treasurer; and Mary DaRosa (Cozen O’Connor LLP) as Communications Coordinator. I am very much indebted to Katie, Leah and Mary for their support of TLOMA and their time as board members.

Congratulations to the winners: Tammy Pali, Diana Pye, Itzel Rendon, Rachel Rivas and Jillian Zavitz of our Fabulous Family Feud in February. This event was a lot of fun, and it was great to see everyone having a good time.

As a reminder we have our Professional Development event coming up on April 12.  Jane Southren and her team will be delivering an in-person development session on Relationship Mastery, Purpose Mastery, and Personal Mastery. You won’t want to miss this event where you'll learn about the importance of building strong relationships—with others and with yourself—and what it takes to build those relationships.

Our upcoming SIGs are:

• March 10: Information is useless without transformation: How to rapidly impact workplace mental health
• March 23: Unleash the Untapped Potential in Your Firm’s Website 
• March 31: Cyber Head Winds 2022: the State of the Cyber Insurance Market and its Impact on Law Firms 
  
  

You don’t want to miss these events.

And don’t forget to register for the TLOMA 2022 Conference & Trade Show at White Oakes Resort & Spa from September 21 to September 23. The committee has confirmed Dr. Lisa Belanger and Shawn Shepheard as our guest keynote speakers, which will be incredibly exciting.

Happy New Year everyone. This was my first year as the Marketing SIG Leader for TLOMA.

The marketing sessions in 2021 included a session on starting a legal podcast, tips from a graphic designer, information on what you should be paying your legal vendors, and a discussion on branding for your law firm and lawyers. I am actively looking for new topics for 2022. If you have any suggested topics, all ideas are welcome. I can be reached by email at nbrown@oatleyvigmond.com. Stay safe. 

Daryl Craig - Technology SIG Leader, Director, Information Technology, Lenczner Slaght LLP.

2021 was my first year as the Technology SIG leader for TLOMA.   Despite living through another year of the pandemic and conducting our Technology sessions virtually, I managed to successfully provide 4 Technology SIGs with the help of some extraordinary speakers.  Here’s a recap of our sessions.

My first SIG topic was entitled “Reflecting on the Law Firm of the Future”. Where we discussed the role technology plays in shaping the law firm of the future.  Our speaker was Peter Zver, Tikit, Director, Tikit Americas.

My second SIG entitled “How to Protect Your Firm From Cyber Attacks” outlined the orchestration of security layers necessary to secure your law firm and how to properly manage your information technology.  Our speaker was Tom Kirkham, founder and CEO of IronTech Security.

“Protect your firm’s reputation with Data Loss Prevention” - a briefing for law firms was held as my third event.  In this session, we discussed how firms like yours use Data Loss Prevention (DLP) tools to better protect confidential information.  Our speakers were Chris Roney and Tim Deluca-Smith from CoSoSys.

And finally, the last event for 2021 was a panel discussion on the “Evolving Role of the IT Professional in Law Firms”.  Peter Zver, moderator, and our 3 panelists Christopher Almaraz, Director of Information Security at Keesal, Young & Logan, Daryl Craig, Director Information Technology and Thomas Oakes, Director Information Technology, Bereskin & Parr LLP discussed their personal experiences in a journey cumulating how their roles and responsibilities evolved throughout their careers.

Stay tuned for more details on future Technology SIGs!

Among the hundreds of decisions companies are faced with when it comes to planning a construction project, one which stands out as both challenging and impactful is whether to engage the services of either a Construction Manager or a General Contractor to carry out the construction work. Understanding the differences between the two approaches, as well as the pros and cons of both, is critical in the decision-making process.

Construction costs account for 50% to 70% of total project expenditure making it the most significant component. It’s the decisions made at the start of a project, such as who will form the project team, that will set the stage for wise investments and ultimate success. Owners who are inexperienced when it comes to construction projects may not be aware that engaging a Construction Manager is an option available to them, let alone understand the benefits that may be achieved by doing so.

Allow us to break these options down.

The Construction Manager (CM) sits on “the owner’s side of the table”, where duties include:

So, which is the most cost-effective approach?

Many Owners hesitate to engage a CM because the perception is that doing so will cost more due to the CM fee, however this is not the case. The construction management fee replaces the general contractor’s overhead and profit in the lump sum. When the project is completed and all the final costs are known, the Owner pays only those costs, plus the CM’s fee.

Furthermore, because a CM assumes the GC’s responsibilities for administration and supervision of the subcontractors, they are not an additional layer of management (and cost) to the Owner. The CM replaces the traditional general contractor in the CM approach. To truly compare which approach results in a lower project cost, one would have to compare two very similar projects with the same intricacies and complexities side-by-side. Even then, a higher cost in either instance doesn’t necessarily mean one arrangement is better than another.

The fundamental reasons for an Owner electing to engage a CM might outweigh a cost premium, or, with another Owner, a lower cost achieved by using a GC might be the only way a project is brought to fruition at all.

Some examples of project conditions where it may make sense to forgo engagement of a construction manager include:

• Budget is flexible or there is a reasonable contingency for change orders based on site conditions, errors and omissions in design, delivery delays, strikes, etc.
• Schedule (completion date) is flexible to accommodate delays because of change orders, site conditions, errors and omissions in design, delivery delays, strikes, etc.
• Project size is under 3,000 sq. ft.
• Same design has been executed previously within identical building conditions, using similar budget (factoring in inflation depending on how recent the last project was executed) and schedule. In this example success can be increased when the pool of GC’s invited to bid on the project are consistent and the successful bidder has recently built-out the identical space(s).
  
  

This Sample Budget Comparison is based on costs and prices applicable in December 2021. Costs and prices are updated weekly. Budgets by Vestacon are subject to change depending on prices and costs at the time.  

How to maximize the benefits of the CM Approach

As described, it’s always in the Owner’s best interest to engage a Construction Manager as early as possible in the design process. It is when the CM is brought on board early that they can have the greatest influence on the success of a project. This stage is known as Pre-Construction and CM services at that time include:

• Develop initial high-level class D budget based on design intent for review with full project team
• Establish a detailed construction schedule with milestone dates and include any long lead items to be pre-ordered for review with full project team
• Attend design development meetings with the full team to review documents and design issues
• Complete a constructability review of the 80% working drawings and review items with consulting team that require clarification
• Engage industry professionals as needed to review the scope for value engineering opportunities and cost savings
• Acquaint the team with any labour agreements that may adversely affect the project
• Present value engineering opportunities with the potential to better the project timeline and/or maintain or improve upon budget
• Visit the project site to review all conditions and advise the team of items not captured on as-built drawings
• Become familiar with Landlord and/or building rules and regulations and tenant manual
• Update a control budget on a weekly basis, or as required, during the preparation of construction documents
• Prepare progressively detailed Class C budget
• Derive quantitative budgets (separated per division) to showcase scope of work and budget distribution
• Monitor and update schedule as required
• Work with the design team to prepare tender packages to eliminate duplicates or omissions of scope
• Complete constructability review of complete working drawings package, address any concerns with the team prior to tender
• Provide a cost analysis for alternate solutions, materials, or construction methods to reduce the cost or time for construction
• Prepare progressively detailed Class B and A budgets
• Prequalify all subcontractors and vendors applicable to the project scope for approval, (invite three per division to bid at minimum)
• Select union sub trades if required
• Pre-tender any long-lead items to maintain schedule and obtain applicable warranties for these items
• Identify and apply for city permits as required
• Distribute tender documents and tailored instructions to bidders to outline scopes of subcontracts
• Host a site visit for sub trades
• Review and analyze quotations to ensure the full scope is captured, (remedy any errors or omissions)
• Provide resulting recommendations and tender summary in writing to the Owner and design team for consideration and approval
• Issue subcontracts upon Owner approval to proceed and request start-up documentation from sub trades
• Submit start-up documentation to the Landlord for approval to proceed with construction start

Leading law firms have realized that a more active governance model is required to best manage their costs and their coverage going forward.   But it is all too common for firms to have put their employee benefits plan on autopilot, not realizing their plan has become out of date. . When they ‘wake up’ to the new realities – they are discovering new best practices to invigorate both their governance and their plan performance. 

Take this test to see how many of these common mistakes you’re making with your employee benefits strategy;

1. Paying retail instead of wholesale

A law firm with 100 employees will pay approximately a half a million dollars for employee benefits.  Every year.   For an expenditure of that size, why are you paying retail? Many firms continue to overspend out of habit.    By splitting your benefits into two distinct groups, insured and experience rated, leading firms are able to remove significant excess costs built into their rate.  In today’s competitive market rate guarantees of as high as four and five years are available.   Reducing costs now and locking in rate guarantees for up to 5 years makes sense. 

2.  Employing outdated risk models

Harvoni, Sovaldi.  Ripatha.  If you haven’t heard of these high cost drugs yet – by this time next year – you will have. With today’s growing drug costs, having a proactive risk management strategy in place is more important than ever.  However, many employers are still employing high claims pooling and/or stop loss products that are decades behind.  By analysing your real risk (mostly due to prescription drugs) it is easy to reduce your corporate risk by as much as 90% simply by updating your coverage for high health claims to today’s best practices. 

3. Buying all your benefits from only one store

When it comes to most of our purchases, we tend to shop around for the best deal.  Not so much with employee benefits.  Even today, many employers continue to purchase all of their benefits from one insurance company. The emergence of Third Party Administrators (or TPA’s) in the Canadian benefits industry has evolved to suit the demanding needs of employers and their ever-growing appetite for diversification. When using a TPA, your law firm can purchase insurance from multiple providers at the same time, but enjoy a consolidated bill, reporting, fulfillment and claims adjudication.

4. Offering a sickness plan instead of a real health plan

Today, employers realize that the majority of their employee benefits costs are driven directly by the health of their employees.  Yet the majority of employee benefit plans are built to be reactive; to pay the claim after it happens. Forward thinking employers are developing proactive wellness strategies to help prevent claims before they happen.  Many wellness plans are now being offered on a complimentary basis when included in the employee benefits program.

5. Getting less for more

Many plan sponsors complain of routine cost increases year after year – without any benefits improvements.   This forces them to cut coverage in order to stay cost-neutral.  However, in today’s competitive marketplace, insurers are willing to provide free value added benefits in order to earn your business.  Today, it is not unusual to find complimentary Employee Assistant Programs, Wellness Programs, Trip Cancellation Insurance and other enticements included within the core benefits – at no additional cost. It’s yet another way for your firm to get more value for your dollar without increasing your benefits expenditure.

6.  Accepting Poor Service

Traditionally, your firm meets with your benefits consultant once per year to discuss trends, costs increases and review their plan design.  As your spend increases on benefits – it makes more sense to review the trends, costs and reporting on a more frequent basis – yet this rarely happens. 

Today’s leading firms need to be far more demanding in the level and frequency of customer service required.   Written service level guarantees help meet this demand including detailed reporting, quarterly meetings, long term rate guarantees and establishing committees to ensure good governance and compliance. 

7.  Your Benefits:  Same as it ever was

There are a staggering number of plan designs available to the average employer. Yet, for the most part, plans can remain the same for years; sometimes decades.  How can a ‘one size fits all’ benefits program address the needs of a multi-generational workforce? 

Conducting a benchmarking exercise is a good start to determine how your plan compares with the competition – and with the national averages.  From there you can align your plan design with your company goals and objectives.  Plan Design Optimization and Benchmarking are good ways to ensure that every penny spent on benefits is a wise expenditure. 

8.  Disability Mis-Management

Going to work is one thing; Returning to work after a disability is entirely another matter.  Many Canadian employers are mismanaging their short term disabilities (STD’s) to the point of negligence.  Some employers choose to ‘self-manage’ their STD’s - which leads to issues created by a conflict of interest, lack of privacy and lack of expertise.   The best practice in disability management is to have a written policy on both short term and long term disabilities and to use an integrated, professional supplier for both.  Helping employees return to work as quickly as possible and with dignity is as much an art as it is a skill.  And it is best left to the experts.

9.  Poor Reporting 

The level of reporting in today’s benefits world has fallen behind the employers needs for good governance.  Many providers have recognized this and are offering more reporting options to suit both HR and Finance’s unique needs while remaining within the privacy guidelines.  Interpreting these reports regularly along with your consultant is key to this best practice.

10. Lack of Employee Engagement

Employees can be part of the solution.   To be an employer of choice, is to purchase a cost effective and competitive benefits plan, and then effectively communicate the value to employees.  Yet many employers simply hand out employee booklets and wait for questions.    A structured communications program doesn’t need to be complicated; only clear.  Leading firms know this and create professional communications to all level of employees. 

How did you score?  If you’re below a 5 out of 10 it’s time to talk to the experts at People Corporation. 

Cybercriminals are like water. They follow the path of least resistance. They look for an easy way in, and once it is found, they strike. When the attack economics are in their favour, they scale up the operation. They rinse and repeat. But when the cycle ends, the search for a new soft underbelly resumes. They then look for new techniques, vulnerabilities, and business modalities they can exploit.

For the past decade, businesses have been ramping up their investment in traditional cybersecurity solutions. The solutions have been focused on and designed to protect devices, networks, and employees in the office. The office was declared a “secured perimeter,” and any device connected to the network had to be verified and approved. External traffic to and from these devices was also monitored. All to ensure that an office is a safe place.

But over the last few years, we have seen a monumental shift in how and where we do our work. Employees today work from anywhere. They are using any device, connecting to any network, and adopting any application that makes their tasks more manageable. And in this context, in the last two years, we have realized how critical mobile phones have become for our workforce productivity.

Today mobile phones mirror your corporate data onto a smaller form factor and hold the keys to your corporate kingdom. From replacing passwords with 2-Factor Authenticating Apps to enabling Office365 access and more. These devices have become both keepers of sensitive data and enablers of identity and access to additional data not stored on the device. They are now, de-facto, a part of your core technology ecosystem. And as such, it must be protected.

Why do you need a mobile solution?

According to the Verizon 2021 Mobile Security Index, “70% of organizations adopted BYOD policies to support the distributed worker.”

In plain language, this means that your business data is being viewed, accessed, downloaded, and shared on devices that are mostly not protected and unsecured.

These devices can be infected with malware, phished for credentials, leak information externally, spoof for authentications, and spied on. In some cases, unsecured devices even led to ransomware attacks. Without a proper solution, an attacker can lurk without interruptions or the possibility of being discovered.

According to Check Point 2021 Mobile Security Report, “Almost every organization experienced a mobile-related attack in 2020, with 46% of organizations having at least one employee download a malicious mobile application.”

Today unprotected mobile phones are fertile ground for attackers. It is their latest path of least resistance.

What does a good mobile security solution look like?

Before we explain what a good security solution looks like, it is worth noting that the passcode or a password you have on your phone is not considered a mobile security solution. The same goes for a Mobile Device Management (MDM) solution. MDM has some features that sound like they are security-related; they are not. MDM deals primarily with policies and compliance, but it does not have preventative and detection technologies to stop cybersecurity attacks.

• Look for a solution that provides you with 360 degrees of protection on all attack vectors. Insist on a solution that protects the device layer, the Operating System layer, the application layer, and the network/connectivity layer.
• The solution needs to defend against all types of modern attacks. Prevent malware from infiltrating the device by detecting and blocking the download of malicious codes and ensure the device is not exposed to compromise with real-time risk assessments detecting attacks, vulnerabilities, configuration changes, and advanced rooting and jailbreaking.
• Risk visibility is also crucial. Without a complete view of your organization’s mobile security posture, you will not be able to mitigate risk and accelerate remediation effectively.
• Do not let the solution restrict your technology. Scalable and fast deployment that supports every device type, operating system, and device ownership model (company, BYOD) is a must.
• Security solutions can become an annoyance when they get in the way. Good solutions have minimal impact on the device usability, user experience, data consumption, and battery levels.
• Mobile devices are hybrids. They store both corporate and personal information. Make sure the solution you choose ensures that data is kept private from everyone, especially when the device belongs to an employee. If the solution you intend to implement doesn’t follow the privacy-by-design principles, it is not the right one for you. Privacy is paramount when it comes to personal mobile devices.
  
  

As always, the technology becomes far more effective and powerful if your team knows how to implement it, manage it, deal with events, and understand how it fits within your entire cybersecurity strategy. Maximizing these technologies requires cyber expertise that you may not have in-house. Before you decide on a solution, consult with a cybersecurity partner who can right-size the solution for your specific business needs.

Looking to understand your remote workforce security gaps?

Many people have heard the “buzz” about Artificial Intelligence.  Google’s CEO, Sundar Pichai, has even gone so far to say it will have a greater impact on society than fire or the internet.  This means it will transform all businesses, including law firms.

Yet for all the attention it gets, most people do not know what AI is, or why it should matter to them.  This article provides a practical introduction to AI for legal management professionals.

It also introduces forthcoming governmental grants to cover the cost of developing an AI Strategy.

What is Artificial Intelligence?

When people talk about AI they use many different terms, such as “machine learning” or “deep learning.”  These differences are quite technical, and for most professionals not that important.

Instead, you can also think of AI being like electricity, but instead of powering things, it makes them smarter.  AI can turn into a “bot” or “digital co-worker.”   These bots can be trained to carry out certain tasks, often much better, faster and cheaper than a person ever could.

The trick is to divide up tasks between people and bots, so each is working to its strength.

How can AI help the Law Firm “Front Office”?

In general, AI applications do one of two tasks. First, the AI can quickly read millions of pages, and read them all in the exact same way every single time. Second, the AI can keep track of millions of data points and make connections between them that no human ever could.  If you give the AI data on past legal cases, it can make predictions on future legal cases.

Legal AI vendors use these two abilities to enable lawyers to work with greater speed and accuracy. Below are three examples of how leading law firms are already using digital co-workers.

• Predictive Coding in E-Discovery.When getting ready for a trial, it is necessary to organize electronically created information.  There could be millions of files, from emails to videos.Searching all these files can be costly and ineffective.  AI can help this process.  Lawyers start by tagging documents that they know are relevant. The AI learns which ones are most relevant to the case and scans the millions of files to create a short list for the lawyer to review.
• Legal Research. Lawyers routinely need to conduct legal research. There are now services where lawyers can pose a question to an AI, and the AI scans millions of documents looking for relevant cases. The lawyer receives back a legal memo that sets out the conclusion, the background law, and a list of authorities. We are not at the point where the AI is not so sophisticated that it can do all of this on its own. There is still a need for oversight of the research by a person at the AI vendor.
• Predictions. Clients want to know, “What is the chance that we can win this case?”  Traditionally providing an answer meant doing research and relying on a lawyer’s experience and intuition. AI is now available that can let the data speak.  It can identify which factors are going to be most important in deciding a matter and give a probabilistic forecast based on the facts in question (e.g., “there is a 75% chance that the court would classify the person as an independent contractor.”)
  
  

How does AI Help with the Law Firm “Back Office”?

When it comes to the administration of law firms, the business case for AI may be even stronger.  Firms are always under pressure to work more efficiently, decrease operating costs, and drive innovation. 

A good way to increase capacity without increasing headcount is by automating the manual and repetitive tasks.  Digital co-workers can mimic people.  They can understand what’s on a screen, complete the right keystrokes, navigate systems, identify, and extract data, and perform a wide range of defined actions.  Even better, bots can do this work faster and more consistently than people.  This frees employees from mundane tasks to take on more valuable and enjoyable work.

Three categories of task automation relevant to law firm administration are set out below.

• Finance & Accounting: Purchase order entry, customer data management, bank reconciliations, fixed asset accounting, and data aggregation for reports (e.g., cashflow, profit and loss).
• Human Resources: Sourcing candidates, assessing resumes, payroll processes, and employee onboarding.
• Information Technology: Employee onboarding, helpdesk ticket triage, password resets, permissions and access, and infrastructure maintenance.
  
  

While automation of tasks may be the most straightforward application, AI is also able to digest enormous amounts of data and make recommendations or predictions that no human would ever be capable of repeating.  Finance teams can make better forecasts, HR teams can learn what is driving engagement, and IT teams can mitigate the risk of cyber attacks.

There is even an AI that can amplify human intelligence by optimizing the combined knowledge of everyone in a group.  It makes teams smarter and faster in decision-making.  Finance teams can make better budget allocation decisions, HR can make better hiring and promotion decisions, and IT can make better risk assessments.

Grants for Digital Adoption

Making a decision about whether to invest in AI, and if so when, is not easy.  We recommend that companies first develop an AI Strategy to ensure they get an application that is suited to their environment.  Here are some questions to ask before making a commitment.

• Will the AI address an important problem?
• Who in the firm is going to be the owner of this AI?
• Does it require data to operate, and do you have access to that data?
• Is your IT system compatible, or will investments have to be made?
• How much will it cost?  Subscriptions can be as low as a few hundred dollars per month, but costs can start much higher and escalate over time.
• Are you taking steps to manage risks around privacy (e.g. data anonymization and de-identification) and ethics (e.g., bias)?

If you are not sure how to even approach these questions, help is available.  In a forthcoming program, Boost Business Technology, the Government of Canada will offer support to small and medium Canadian-owned businesses (SMEs) to adopt new technologies. Support for these businesses will be in the form of grants to offset the cost of retaining Digital Advisors who will develop digital adoption plans tailored to the business. The grant will cover 90% of the cost to develop the digital plan, up to $15,000.

If you are interested in learning more, please join us for an information webinar on March 29.  There will also be a joint SIG even on June 6, with more details to follow.  Email john@aiguides.co for more information.

Taking a personal approach to welcoming people returning to work or new ways of working can influence client relationships and help you make more friends than you could ever imagine.

With economies starting to regain traction and businesses beginning to fully reopen, right now is the ideal time for personal contact either in-person or by digital means.

Relationships Matter

All relationships, whether personal or professional, need to be nurtured to survive and better yet, thrive.

This is why managing by walking around has been a leadership tactic since time immemorial. But even if you’re unable to walk the halls, leaders can still find ways to connect with people for two-way conversations on an individual basis.

As people begin, alter or continue with new ways of working whether full time, part-time, in office, by remote, a hybrid arrangement, or by making cameo appearances, it’s critical to welcome them back warmly.

The results of doing so will amaze you and the returns will be exponential.

 A Personal Story

Once upon a time and for 14 years, I was in the broadcast news business.

Early in my broadcasting career, I worked for a television station that went on strike during the last few weeks of my employment with them. A month prior to the strike, I had accepted an opportunity with a new company, but due to dealing with the upcoming labour disruption I had yet to give notice.

When I did, I resigned to the CEO. He surprised me by returning to the station from his cottage to counter-offer with three different roles each of which I declined. He further surprised me when, even though our relationship had often been turbulent over the years, I was invited to his office for a chat.

During our conversation, we talked about people who had remained inside the station during the strike as well as those who had chosen to join the picket line. He had some hard feelings toward people who had chosen to go on strike, and was concerned about what would happen when it ended and some of those people returned to work.

I asked to offer some unsolicited advice and to my surprise yet again, he accepted.

This is what I said: “Some of the best people who work here are inside. The rest of the best people are outside on the line. The only difference is that each individual made a decision based on what was best for them at the time.”

I said that those who returned to work might feel awkward and resentful, and perhaps hurt and angry, but that as CEO he could help mitigate this.

I suggested that he find a way to meet every single person who returned, and that even if he had passed them in the halls thousands of times over the years without having met them officially, he should find a way to do that now.

Furthermore, I suggested that he take a direct approach and ask about their experience during the strike, including the impact it had on their families. And then ask about their history and roles at the station, and for recommendations to improve how everyone could work together better as a team.

I said that by doing so, he would learn more about everyone who worked at the station and make more friends than he could ever imagine. Lastly, I cited the two of us as proof that a relationship could change, since while ours had been difficult for years – sometimes to the point of combative – we found common ground and were now friends.

He stared out the window and said nothing. Then he escorted me from his office and we said goodbye. I left the station at the end of that week.

Six weeks later, the strike was over and some of the people who had chosen to strike returned to work. I called a friend in the newsroom to ask how everyone was doing.

I was told that no one could fathom the baffling behaviour of the CEO who had undergone a transformation unlike anything anyone had ever seen.

He had given himself a job as the mail boy, and was delivering mail all over the station and learning or confirming names of people he had seen for years but never formally met. And even though everyone knew who he was, he was introducing himself by name and welcoming each person back into the station, including those who had never left. Then he would ask how they were doing, about their families, what their role at the station entailed, and for recommendations on how to work together better.

I learned that the people he met were initially confused, and then thunderstruck followed by charmed. Finally, they were amazed to be asked to contribute recommendations and delighted when some of their ideas became realities.

As a result, this strong station would become stronger. Now, it is mighty.

Best of all, the CEO made more friends than he could ever imagine.

Leadership Now

Leaders lead from the front. Granted, everyone including leadership and management is exhausted and battle-scarred after coping with and adapting to how we have lived and worked for the last couple of years.

However, now, when people are grappling with some hard decisions about if, when, and how they will work is exactly why leaders with influence and compassion need to find uniquely personal ways to welcome them back.

If, as one lone individual, my CEO friend could do this for hundreds of employees after a divisive and bruising strike, then leaders at law firms and legal services entities can do the same for members of their organizations who have shared the experience of working through a global pandemic.

Yes, this may be a big ask, but it matters greatly especially in terms of reputation management. Thoughtfulness and kind gestures count, and realize enormous returns of faith and goodwill.

Prospective and current clients, potential laterals, referrers, and other contacts will be watching closely to gauge how your people and new work styles are received. Done well and welcomed warmly, they will hear about it from your ambassadors who will now also be your friends – and you will have more of them than you can ever begin to imagine.

Did you know that a hacker tries to steal data from a business once every 39 seconds?  Moreover, 60% of small businesses will close down within 6 months if a cyber attack succeeds. These numbers must ring a bell in the minds of organizational leaders and business owners to indicate just how vulnerable their businesses are to cyber attacks.

What is a data breach? And how does a data breach take place?

As defined by TechTarget, a data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.

Let's dive deeper into how a cyber attack is planned and how the data breach occurs:

• The first phase of a cyber attack is the research phase (active and/or passive footprinting techniques), in which the attacker studies the target, identifying weak points in the system, network or people that can be exploited.

• Once the attacker has found a weakness, the second phase starts. The attacker may launch a network-based attack, which implies the attacker is using a weakness in the infrastructure to initiate a breach. The attacker could also choose to launch a social attack, which implies using social engineering tactics such as malicious (e.g. phishing) email that tricks the recipient into entering personal data or even an attachment that executes malware when downloaded.

• The final phase of the attack is the exfiltration stage, which implies that data is extracted from the network once the attacker has successfully entered the network. This data may then be used for further targeting the network for more attacks.
  
  

The cost of data breaches

An IBM report put the cost of a breach in 2021 at $4.24 million on average. Sounds like a lot? Remember that the cost adds up quickly when calculating all the factors such as lost employee productivity, ransoms, recovery time, marketing, fines, and penalties associated with a breach. Moreover, the expense of a data breach is not just a monetary issue. It also significantly impacts future business since customers are usually hesitant to work with firms that have experienced a data breach.

What can organizations do to protect themselves from cyber threats?

Employee training

Experts agree that employee training is the first line of defence. Most of the time, it is employees who unintentionally initiate the majority of data breaches. If users are provided with adequate training to recognize malicious emails and malevolent behaviours, many attacks can be prevented altogether or at least caught quickly.

Proactive security measures

The average attack in 2021 has been going on for just under six months. Many of these breaches are traceable within a day or two of the attackers being in the network. Cybersecurity has many facets and requires a multi-layered approach. The more layers you implement, the more you reduce your risk of being breached.

Zero-trust model for hybrid work environments

IT departments must "always verify" and authenticate individual users before granting access to networks using multi-factor authentication (MFA). Some forms of MFA will use AI to automatically check for suspicious actions, such as a user logging into an account on a different type of machine or a connection request from an unusual or unexpected location. Other types of MFA will force authentication on every logon.

Work with an experienced third-party cybersecurity provider

You need the expertise of a specialized cybersecurity service provider or employee to implement a layered approach to data protection. User training, multi-factor authentication, firewalls, anti-malware software, application white-listing, geo-fencing, SOC, SIEM and numerous back-end controls help provide layers of protection. Network security needs constant evaluation as new threats and vulnerabilities emerge, and new protection must be applied.

Best practices organizations should adopt to protect against attacks 

• Provide clear cyber security guidelines to employees, train them to recognize social engineering attempts, and enforce a series of actions to be taken immediately after a cyber threat is identified.
• Schedule periodic security audits and regularly monitor all systems in the organization's network.
• Keep network patches and software applications updated regularly to prevent attackers from exploiting vulnerabilities in unpatched or outdated software.
• Enforce multi-factor authentication on all logins accessible outside your local network.
• Deploy a firewall and follow security best practices in creating your access rules for ports that need to be opened.
• Deploy Intrusion Detection/Prevention system to analyze network traffic and respond to exploits.
• Implement a Data Loss Prevention (DLP) system to identify, monitor, and automatically protect sensitive data in your organization.
• Deploy an EDR solution for advanced threat detection, investigation capabilities, and automated response to threats.
• Create an effective incident response plan. When a data breach occurs, prevent chaos from creeping in by defining the protocols to be followed: This includes designating the person to be informed immediately of the breach and prescribing what information employees must provide to the security teams to help tackle the breach effectively. The plan must also clearly state the steps to mitigate the risk and stop data exfiltration from the network immediately and contain the damage.

After a mass exodus from offices, returning to work is proving to be more complicated than anticipated. Not only is the Delta variant thriving across the country, but as vaccination rates stay stagnant, employees are reluctant to head back into the office.

At the beginning of the pandemic, employers were encouraging remote work, saying that they supported the model full-time. Yet, after a year of successfully working remotely, companies are changing their opinion—much to the chagrin of their employees. Recent data from Forbes shows that 52% of want a hybrid work model, preferring to choose where they work have no interest in returning to the office at all.

For companies, these statistics are staggering. But even more worrisome is that noted that they would change jobs for a place that offered flexible and remote working options. This would require employers to find new ways to retain talent and encourage them back into the office. Many companies look towards health and wellness benefits to improve work-life balance and employee wellbeing, while simultaneously improving the work environment. These can range from extended health and medical benefits to gym memberships.

As we look at returning to the office, though, the physical space plays a key role in encouraging in-person work and improving employee wellness.

Focus on Safety and Cleanliness

The pandemic was a wake-up call to take cleanliness seriously and to treat communicable diseases as serious threats. In fact, protective measures for COVID-19—including masks and social distancing—helped in making the 2020/2021 flu season quite mild. The reason for this is simple: good hygiene and sanitation habits help limit the spread of all germs, not just for one specific virus. This has caused many people to rethink how we were treating cleanliness and sanitation standards in a shared environment.

To mitigate employees’ concerns when returning to a shared office space, it’s important that employers and building owners focus on improving cleaning and sanitation methods. This could involve a more frequent cleaning and deep clean schedule, focusing on sanitizing desks, shared tables, and other office features daily. It could also mean enhancing the options available to keep people safe.

Touchless doors, hand wash stations and sanitation systems can reduce the spread of germs and improve people’s comfort when navigating the space. Even something as simple as having more hand sanitizer in public spaces, such as conference rooms, can make a huge difference. Small investments in solutions that reduce touchpoints can go a long way to improving feelings of health and wellness.

Related: COVID-19: Are Building Managers Measuring the Right Air Quality Parameters?

Improved Air Quality

As much as people panicked over high-touch areas, the real culprit for spreading the virus was poor air quality and ventilation in enclosed spaces. Many office buildings don’t have the luxury of windows that open or outdoor workspaces, which means that most of the eight-hour workday is spent breathing in recycled air. But as employees reconsider their work environment, improving air quality can help everyone feel safer when they return to the office. And since most organizations are still working from home, this provides the perfect opportunity to upgrade existing HVAC systems with supplemental filtration.

High-efficiency particulate air (HEPA) filter systems are becoming a necessity in high density buildings. HEPA filters remove airborne particles including dust, pollen, volatile organic chemicals (VOCs), mold, allergens, viruses, odors (like formaldehyde and smoke), bio-aerosols, nitrous oxide and many other pollutants that contaminate the inside air of workplaces.

Adding ultraviolet germicidal irradiation (UVGI) makes the treatment more effective against viruses and other pathogens. Similar to the UV surface- sanitizing devices you may have seen during the pandemic, these air filtration systems use UV-C light to neutralize organisms small enough to otherwise slip past the filter. UV-C light is capable of irradiating and destroying the nucleic acids in these microorganisms, rendering them unable to function or reproduce. Adding these to existing office spaces can signal to tenants and employees that their health is being taken seriously.

    Related: IAQ Gets an Upgrade During COVID-19

Flexible Working Spaces

The past year and a half has shown employers and employees that remote work isn’t just possible, it’s highly productive. That’s why employers need a convincing reason to encourage employees to return to the office. The easiest way to do this is to promote collaboration and communication through flexible spaces.

Over the past year, the term “Zoom fatigue” has been felt by everyone working from home. Spontaneous interaction, innovation, communication and collaboration were a vital part of the work experience before the pandemic and is something that can be hard to recreate in a remote environment. When considering the physical space of the office, look for ways to facilitate this spontaneity.

Make shared spaces, boardrooms and social gathering places a central part of the office design to improve the mental health of employees. Balance this with quiet spaces where employees can complete their work and be productive individually. Perks such as workout spaces, activity rooms, and food and drinks were once reserved for technology companies, but to encourage employees back to the office, these will likely become commonplace and necessary. Flexible space, collaborative areas and social hubs are key to new office designs.

Be Considerate

When finalizing a back-to-work strategy, start by looking at what will resonate with your employees. Even before the pandemic hit, health and wellness in the workplaces was becoming a priority. For many, this includes basic health and wellness items such as clean air—in fact, a 2019 survey showed that temperature and air quality were four times more important to employees than having gym facilities.

It also has proven to improve employee productivity, which should make it a necessity to employers. Employees feel heard and feel safe, which means that employers need to consider health and wellness investments that will make employees thrive in the post-COVID work environment.