The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
63 WWW.ILTANET.ORG of the CIA triad as "confidentiality" and "integrity." In response, we've designed systems to be redundant to make sure we have no single points of failure that might make our data unavailable or put us at an increased risk. Another thing is encryption. I read a survey recently from the American Bar Association that said viruses are still more prevalent at law firms than the reported use of encryption. I hope that's not the case, but I have found it is difficult to get people to remember to encrypt their USB drives and use the best file-transfer methods. I can't stress enough how important it is that all staff, especially those exchanging confidential information, use encryption all the time. What security-related exposure keeps you awake at night? Peter: I think I'm with the majority in fearing a phone call from a user who says, "I think I clicked on something I shouldn't have, and now I can't see anything on my screen." That's the kind of thing that scares you to death because you don't know what they've clicked on. You do your best to guide users, but sometimes they still click malicious links. The only way to combat this is to do as much security awareness training as possible. Butch: Many things keep me up, but I focus on maintaining compliance with the ISO 27000 series. We have implemented solutions that are logging everything, and we have increased our firewall exposure on the outside — multiple firewalls and extra layers. We're taking precautions to prevent any potential breaches. David B.: A big one for me is viruses. I know viruses have been around for years and might seem like old news in the security world, but they're becoming much more sophisticated. We have multiple systems just to protect against viruses. We monitor viruses as they enter our systems; but, as much as we protect against viruses, there are still zero-day attacks that no virus definitions can protect against. David R.: I'd like to note that I'm speaking generally and not about what my firm does. One thing that keeps me up is the thought of a successful hacking attack where someone gets into a law firm, gets control of all the information, access to everything, and sometimes stays undetected for long periods of time. Examples presented at security conferences stick with me. Jon: As far as exposure goes, single points of failure are always a concern, as "availability" is just as important a part About the Author Peter Mills is the Director of Information Technology at Fasken Martineau DuMoulin LLP. He is passionate about IT security and business continuity and enjoys speaking about it at every opportunity. Peter has over 20 years of experience in information technology and is a member of ILTA's LegalSEC Council. Contact him at pmills@fasken.com. About the Author Dave Ries is a member in the Pittsburgh, PA office of Clark Hill PLC, where he practices in the areas of environmental, technology and data protection law and litigation. Contact Dave at dries@clarkhill.com. About the Author David Bustle is the Director of Technology at Buchalter Nemer. His responsibilities include managing the firm's technology infrastructure and leveraging technology in both assisting the operational management and strategic development of the firm. David has worked in the technology field for almost 20 years. Contact him at dbustle@buchalter.com. About the Author James (Butch) Spencer is a Network Engineer at Jackson Kelly PLLC. He is an IT security expert with extensive practical experience in information management systems, security, networking, virtualization, optimization, e-business and programming. Butch is currently a member of numerous groups delving into and debating on the security and control of the Internet of Things (IoT). Contact him at jespencer@jacksonkelly.com. About the Author Jon Washburn has spent the last 20 years in IT, championing security in the legal profession for over 10 years. He is the National Manager of Technical Operations and Information Management for Stoel Rives, where he acts as the firm's security officer and manages the IT infrastructure and records management functions. Contact Jon at jon.washburn@stoel.com.