How an ISO 27001 certified law firm manages the risk of data breaches

In 2016 ByrneWallace became the first large firm in Ireland to have ISO 27001 certification. Firms with ISO 27001 certification must have a totally comprehensive system of security measures that extend beyond just IT.

Now, of course, the firm has to ensure it complies with the GDPR as well as. Part of ByrneWallace’s security strategy is to manage the risk of email data breaches – one of the most common cybersecurity threats a firm faces.

Human error like emailing the wrong person or attaching the wrong file consistently appears as the leading source of data breaches according to reports from the ICO.

Information in attachments could also cause an inadvertent data breach. Document metadata is often hidden information that can reveal a person’s identity and so must be cleaned from attachments to ensure it is protected from accidental disclosure.

“Metadata was always something that was discussed and always something on our radar,” explained John Kelly, Head of IT at ByrneWallace. “And then, with ISO 27001 and the GDPR in effect, we decided to actively do something about the potential it had to cause an accidental data breach.”

Read the ByrneWallace case study to learn how the firm is using metadata management and email recipient checking as a double defense against email data breaches.

See the full case study above.