Five reasons to build your law firm’s IT security framework on NIST standards
Law firms are daily targets for cybercrime and targeted data breaches. Criminals are keenly aware thatlaw firms can be a “back door” to valuable confidential data, such as trade secrets, intellectual propertyand financial information related to potential business deals. In fact, 23 percent of law firms reportedthat they have been the victim of a data breach at some point, according to the ABA’s 2018 LegalTechnology Survey Report. Meanwhile, corporate clients are ramping up due diligence efforts to ensure their outside law firms are protecting their information with comprehensive information security controls. They also want to be assured their firms can quickly and easily respond to all possible compliance items or requests.
This two-pronged challenge — the need to protect the firm’s IT systems from cybercriminals and theneed to respond to client demands for information security — is a daily battle for any law firm CIOor CISO. There are a number of compliance standards and data security certifications available to help law firm CIOs develop their IT security posture. These standards, such as ISO 27001 or COBIT, provideimportant frameworks for guiding your firm’s IT workflow and instilling confidence in your IT systems— but they are not as robust or granular regarding overall sound information security. And since eachlaw firm has its own culture, size, personnel, scope of work and organizational complexity, most firmstypically want to modify their IT processes to meet their unique needs, rather than forcing themselvesinto “one size fits all” workflows.
This white paper discusses several reasons why law firms should consider building their IT securityprogram on the framework laid out in the National Institute of Standards and Technology (NIST)Cybersecurity Framework. The NIST framework provides law firms with a valuable paradigm for building their IT systems and developing their unique approach to information security.
Download the PDF above to read the full white paper
