Workshare whitepaper: Four data security measures law firms can’t afford to ignore
The first half of 2017 saw an incredible number of cybersecurity breaches across the world, and they were big ones. However, you don’t need us to tell you data security is an issue and one that needs to be handled with some urgency. The regulatory demands; the facts; and the news stories speak for themselves.
As many commentators attest, it’s not about if a firm will be the victim of a data loss event, but when that event will occur. Therefore the questions law firms need to ask are:
Are we adequately protecting the data we process and that we are responsible for?
Can we accurately monitor and track where and to whom company information is being sent?
Will we be able to report on a data loss event should one occur?
According to the 3rd annual American LegalNet, Inc. (ALN) Risk Management Survey*, conducted at ILTACON 2017, when the legal IT professionals interviewed were asked: “Who bears overall responsibility for your firm’s risk management function?” 29% gave the most popular answer – “Don’t know”. If law firms and the teams within them aren’t clear who is responsible for risk management, the chances of effectively managing it are obviously slim.
When it comes to complying with outside counsel guidelines, and protecting personal and confidential data, your average law firm has a massive job on their hands. As law firms deal almost exclusively in confidential client data, the exposure to accidental or malicious data loss is high. This risk is compounded by the fact that responsibility is often unclear and detecting data loss events or data breaches is extremely hard.
Each client and matter has its own security protocol. What’s considered acceptable in terms of sharing information and with whom that information can be shared varies from matter to matter and client to client. It also depends in what region of the world the data is being transferred. Most commercial solutions that successfully protect firms in other industries have blind spots when applied to the legal industry – they simply aren’t flexible or sensitive enough for these nuances.
So, how do law firms stay on the right side of an ethical wall; meet outside counsel guidelines and the security expectations of their clients, as well as prevent data loss from occurring?
This paper explores four practical ways to deal with data security.