P2P

38 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S P R I N G 2 0 2 1 when data is at rest, or simply residing in your system, as well as when it's in transit, or moving from one location to another. Equally important, you must know who has access to the encryption keys at all times. • Physical Security Controls. While many cybersecurity efforts tend to focus on security within systems, it's important not to forget the physical security of your facilities and who has access to them. The geolocation of your data centers is important, as it can play a key role in whether, when, and how your data needs to be migrated, opening it to further security and compliance risks. • Patch Management and Regular Vulnerability Scanning. A crucial aspect of security is always knowing what systems are connected to your network and ensuring that they're up-to-date. Regular vulnerability scanning will identify those systems for you, as well as any potential vulnerabilities in them. Patch management identifies and installs any patches that may be missing, ensuring that your devices and systems are proactively updated to the most current security standards. • Network Architecture and Boundary Protections. Preventing attacks requires knowing your systems and networks inside and out. Your network architecture is the physical components of your technology stack and how they are configured, organized, and interconnected. Boundary protections are processes for monitoring and controlling communications at the external boundaries of the network to prevent untrusted actors and systems from infiltrating. • Audit Logs. Spotting anomalies in networks and systems requires keeping detailed records of all activity. Audit logs are a critical way to collect information on security incidents in order to analyze them, reverse engineer the attack to identify vulnerabilities, and determine whether changes need to be made going forward. They're also useful for spotting overall operating trends and establishing baselines that assist with auditing and analysis. • Proactive Security Monitoring with AI Behavior-Based Protection. Proactive security monitoring is crucial to detecting threats before they wreak havoc on your systems. Behavior-based security measures that incorporate advanced AI and machine learning are designed to proactively monitor all activities in order to identify anomalies and deviations from normal patterns and offer a protective response as soon as they are detected. • Third-Party Audits and Penetration Tests. Cybersecurity threats are not limited to hackers trying to access your own systems. Most law firms work with a number of third party vendors, including cloud providers, which present alternate routes of access to firm systems. Firms should regularly audit those third parties to ensure that their security measures meet firm standards. This should include running penetration tests, through which the firm simulates attacks to test if the third party's defenses are sufficient to notice and prevent it. • Backups and Other Resilience Planning. In the event of an attack, your firm needs to have a plan for recovering both data and applications. This requires having backups in place, but your strategy should go even further. IT resilience planning involves implementing tools and applications that will automatically take the necessary steps to protect your data and systems as soon as an issue arises, before backups are even necessary. • Auditing, Training, and Planning. Aside from the specific tools and measures outlined above, your firm needs to be dedicated to preventing cybersecurity threats on all fronts. This includes performing regular cybersecurity audits of your own networks and systems, requiring employees to undergo regular training in security best practices, and revising your overall incident response plan as the cybersecurity threat continues to evolve. Business Continuity and Disaster Recovery While taking every possible step to prevent an attack is critical, attackers will continue to change F E A T U R E S

• Cover