Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1472128
84 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 2 2 security paradigms, Terms of Business, and information management demands. Failure to comply with these requirements risks losing the client. The external environment has also become significantly more hazardous. Cyber-criminality represents a growing threat for all organizations, but law firms have achieved the dubious distinction of being particularly vulnerable to hacking or extortion. Security breaches can be costly. On the upside, if a breach only stalls business as usual and dents productivity, a firm can shake it off. But on the downside, a breach can be expensive if outages are prolonged, ransoms need to be paid, and additional cyber expertise and security provisions need to be procured. And on the catastrophic side, reputational damage from a breach could strike a fatal blow to a firm – think the Panama Papers. Firms are also moving headlong into the Cloud. Cloud-based computing as an IT strategy can decrease some risks, but it does add some new dimensions of complication. For instance, firms should be aware of the regulatory requirements of the jurisdictions in which their information is held. Likewise, new collaboration channels such as MS Teams, Windows 365 and social media must be considered a part of the IG framework. What happens in Las Vegas doesn't always stay in Las Vegas without fully managing how information is governed. As noted, Information Security is the most mature component of an IG posture in most firms, not just because law firms represent fertile ground for hackers, but also because their clients are demanding more robust security controls. In addition, insurance companies are upping their demands to ensure that firms take adequate measures to protect against breaches. These influences have made security just table stakes in the march to develop a robust information security program. The larger IG program can benefit by duplicating the discipline needed to create policies, procedures and enforcement for security and building them into a plan to improve overall IG maturity. The key IG disciplines that improve efficiency and productivity Firms must ensure that information is handled efficiently. Productivity can be undermined by a range of issues including a lack of version control, access and search provisioning, and capabilities around finding and not finding information. Tools and policies around Ethical Walls, document management, Legal Holds, and eDiscovery are critical to ensure that information is managed well and users see what they are supposed to see. Firms need controls on Records and Information Management as part of their IG framework. This will include introducing or enforcing the concept of "approved repositories" and better-managed content that F R O M T H E T E C H S O L U T I O N S C C T "Cloud-based computing as an IT strategy can decrease some risks, but it does add some new dimensions of complication."