How an ISO 27001 certified law firm manages the risk of data breaches