Peer to Peer Magazine

8 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SUMMER 2017 BEST PRACTICES Preparing for the Future of Law Firm Security Mobile Device Management Advanced mobile device management (MDM) solutions provide two critical advancements for those that utilize personal devices (i.e., devices not issued by the firm). Application controls allow a law firm's IT department or managed services provider to control specific applications on mobile devices. Firm-managed email, document management, time and billing, and litigation support solutions tend to provide access via mobile applications. When a relationship was terminated in the past, the only option was to destroy the contents of the entire device. MDM solutions allow only firm-managed applications and data to be centrally administered and removed from devices. This is accomplished without negatively affecting the remaining applications and data on the device. Penetration Testing The most brilliant, well-intentioned information technology experts are human. Employing a third-party penetration testing firm with experience and tools provides tremendous value. A report is provided with initial remediation recommendations, and repeated testing continues over a contractual period. Physical Media The management and administration of physical media are areas of information technology security frequently forgoen. Tracking chain of custody, from the time received through destruction, should be used when transporting client information between law firm locations and/or law firms and third parties. Physical media should be sealed securely in nontransparent packaging. Business Continuity Plans Law firms approach business continuity in highly varied ways. Technology solutions must ensure the recovery of services during a time of business interruption. These plans must be tested and approved on a periodic basis, but not less than annually. Validation of successful transitions, data integrity and performance are all critical. Incident Management and Response In the event of an incident, is your firm prepared for the next steps? Firm personnel should know procedures for reporting incidents that could affect a firm's operations or disrupt or diminish the quality of services provided. Developing provisions in advance for notifying some or all clients of suspected or confirmed security breaches will likely save your firm from potential embarrassment or worse: client losses! Exceed Expectations Advancements in law firm cybersecurity are exceeding client-created demands for compliance. Now, law firms need to implement those solutions. Law firms that fail to implement information security protections to the same degree as other businesses will lose clients, productivity, respect and money. Ensuring a successful future requires law firms to catch up to current strategies and remain at the cuing edge of cybersecurity technology. P2P 3 SECURITY TIPS TO APPLY NOW These practical initiatives will set your firm on the path to data security right away: Password Security: Password complexity and protection have gone to a new level with two-factor authentication. Requiring users to confirm their identities using a second means is a must for every law firm seeking to capitalize on information security advances. Also, consider implementing software that generates complex passwords and stores them for use under a single sign-in. Endpoint Security: Antivirus software is no longer enough. Dated definitions and virus signatures cannot keep up with today's hackers. Deploy advanced endpoint protection solutions to identify and block suspicious behavior before it becomes an information security nightmare. Training: Up-to-date, thorough information security training is key to keeping clients' data secure. User behaviors, protocols and awareness of lines of attack will be most effective in countering cyber threats in the years to come. Many well- known data transfer tools that are not specific to securing client data are, in fact, not secure. 1 2 3

• Cover