The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/139453
best practices Security Rules in the New Legal Enterprise by Ben Weiss of Infusive Solutions With a variety of pressures leading law firms of all sizes to digitize their sensitive data, information security has never been a more important topic in the industry — and for good reason. According to Sharon Nelson, Esq., President of Sensei Enterprises, an information security company specializing in legal, law firms often are seen as the "soft underbelly" that can be penetrated by cyberhackers for access to clients' valuable financial information or to obtain business intelligence. Another risk stems from domestic hacktivist groups like Anonymous, an organization that's proven willing to access legal databases and release attorney-client-privileged information to the public when it's felt a firm has engaged in unethical practices. The group infamously went after the law firm Puckett & Faraj in early 2012. As a result, clients are on high alert that the legal industry is a popular theatre of war in cyberbattle. Many have engaged third-party auditors to determine the level of safety a given firm might provide before deciding where to take their business. 14 Peer to Peer To address these issues, law firms have recognized the need to hire dedicated information security staff with securityrelated certifications or to train existing staff to take on security responsibilities. Are you and your organization following suit? InfoSec at Larger Firms At midsize and larger firms with the budget to sustain dedicated security professionals, there has been a flurry of hiring for titles such as information security specialist, manager/director of information security, chief information security officer and a wide assortment of other variations. And while there is inconsistency in the number of staff being hired and the exact responsibilities associated with these specific titles, perhaps due to location, size and types of clients serviced, these emerging information security roles share common skill sets. "Most firms will seek talent with a good understanding of how to balance the introduction of security safeguards while ensuring the agility, usability and flexibility firm operations