HBR Consulting discusses implementing a layered defense for cybersecurity
This article was originally written by Laurie Fischer, managing director at HBR Consulting.
Earlier this year, Legal IT Professionals featured an article co-authored by my colleague James Britt and me that provides a list of cybersecurity best practices global law firms should prioritize in 2017. More specifically, we discussed specific steps law firms can take to address gaps that previously provided hackers with easy access to sensitive data.
As we point out in the article, larger law firms with a global presence are increasingly vulnerable to cyberattacks, jeopardizing sensitive client information and the firm’s public reputation. “Security experts note that law firms are at least three years behind data security standards, and are reluctant to adopt (or invest in) technology solutions. Although law firms are entrusted with volumes of confidential information, most have limited or no document security policies in place,” we noted. Last year’s massive cyberattack on law firm Mossack Fonseca and the subsequent Panama Papers further demonstrate the urgent need for global firms to prioritize improvements in cybersecurity technology tools and internal processes.
To strengthen cybersecurity measures, IT professionals at law firms should adopt a unified approach by:
- Establishing a holistic view of governance that include steps on how to prevent, detect and respond to possible data breaches, and what role employees will play in the all of these processes.
- Creating a layered defense system that includes tactics like establishing data storage controls, filtering the information going in and out of a law firm, two-step authentication and file encryption.
- Training employees on best practices for safeguarding their work and any new cybersecurity policy initiatives.
- Developing a comprehensive breach response plan that includes an immediate assessment of the size and scope of a breach and establishing a formal communication plan for notifying internal and external clients and stakeholders.
While information security was once considered solely the responsibility of IT departments, global law firms must start treating security as a wider initiative by involving leadership and end users. Firms that invest in cybersecurity now will not only mitigate risks in the near-term but also see increased value for clients, shareholders and internal stakeholders.
READ THE FULL ARTICLE