Law firms can’t seem to get away from cyberattacks. Data breaches have led to millions of leaked attorney-client privileged documents alongside sizable, long-term losses related to data recovery and reactive security measures. The threat level is high and the ensuing reputational damage following a breach is immeasurable. It’s clear that among all the landscape shifts across the legal industry, effective data security is a chief driver in determining which firms lead as others are left behind. Here are five questions to answer about your law firm’s security risk:
- What does the cybersecurity landscape look like for multinational law firms? The legal industry as a whole faces relatively high risk for data breaches. Even in the face of these threats, firms have been unable or unwilling to invest in the proper data governance framework required to secure sensitive data and meet increasingly demanding compliance requirements. A plurality of firms — as high as 80% — fail at basic security protocol, such as two-factor authentication, USB, email and laptop encryption, as well as intrusion detection and prevention systems. Are you taking the baseline precautions to protect your firm? Are you taking the appropriate steps to address your biggest vulnerabilities? Stray away from the reactive approach and focus on avoiding data security breaches before they are able to arise.
- What do you know about your data? Assessing your current unstructured data and overall network environments should be number one in your litany of data security priorities. What data exists within file shares? How is the data structured? Is the data stale or active? Who owns the data? Who has access to the data? Where is access non-secure or non-standard? What are the policies for governing the data? If you aren’t able to answer these questions either in-house or alongside a trusted security partner, you may be at high risk.
- What are your highest data security threats? Determine what your biggest vulnerabilities are and where they lie. There are a number of evolving threats, internal and external, that law firms need to evaluate. Email systems, vast unstructured data, employees and human error, cross-border exchanges of personal data, ransomware, malware, and wiperware are just some of the highest threats facing law firms today. You won’t have a bottomless well of resources to protect against every potential threat, so you need to take stock of your biggest vulnerabilities and make realistic prioritizations of what you can protect against.
- Have you defined Identity and Privileged Access Management protocols? Determine your data access structure and where permissions should be managed. This will involve proposing owners for all data, how access is granted and what policies, procedures and reporting is in place so that you can audit all of the required information regularly. Managing the people that have the keys to the castle is vital, so having security around how Privileged Access is granted and managed will reduce risks.
- How much of your data is on a C-Drive vs. a Document Management System (DMS)? Legal data systems are complex and document-intensive, involving both digital and paper-based information that are often improperly managed, displaced, and even housed on flawed or unsecure networks. Law firms face a dual conflict: the need for confidential files and sensitive information to be readily accessible and searchable, as well as a proper security apparatus to keep their managed data secure and compliant. Your Document Management System (DMS) is a cog in your law firm’s greater data security wheel, yet users often store copies and original versions of work on their laptops and desktop computers (C-Drive) instead of in the DMS where it belongs.
Ready for more? We’re partnering with ILTA’s LegalSec Roadshow for a deep dive on data governance. Meet with our President and Founder, Rita Gurevich and learn how to Implement Data Governance – Across File Servers, Computers and your DMS. Register Today >>