The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/900970
12 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | FALL 2017 BEST PRACTICES Developing a Two-Level Approach to IT Security Developing a Two-Level Approach to IT Security A security breach can cause numerous unfavorable liabilities for a business. Many firms are taking preventive measures, but what about reactive processes? To stay ahead of the curve, it's time to develop a two-level approach to information security. What the Data Says Disruption in trust is the most detrimental result of a security breach, according to a March 2017 IDG Research study. While the loss of sensitive data and the time it takes to resolve a security incident are high-impact considerations for IT managers and executive leaders, 64 percent of study respondents were most concerned with losing people's confidence aer a security breach. According to an October 2016 ALM poll of legal IT professionals, a conscientious 69 percent of respondents identified data security as their top challenge. This is an excellent level of awareness, but it raises the question, what are reasonable approaches for legal data stewardship? In the legal industry, where sensitive client data is abundant, clients aren't the only ones driving greater aention to data security. Regulators and auditing bodies are upping the ante on how financial services, health care and legal organizations store and secure their confidential data. Fiy-one percent of ALM respondents claimed increasing pressuring from auditors regarding IT data protection. Confronted with this perfect storm of pressures from clients and regulators, 65 percent of IDG Research study respondents named reinforcement of identity and management controls as one of their top five data protection priorities in the next year, and nearly the same percentage (62 percent) conduct regular maintenance on their cybersecurity measures. However, while businesses are concerned with cybersecurity enforecement, they miss an encompassing approach to threat preparedness — the inclusion of reactive measures. Fiy-nine percent of IDG Research respondents said they are prioritizing a proactive/preventive security approach, but only 41 percent are prioritizing reactive measures. Emphasizing one approach over the other can leave firms open for data disasters since it could result in having no way of restoring compromised data if a breach occurs. Contingency planning in the form of both proactive and reactive measures for data duplication and data restoration by Derek Brost