Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1542659
32 REQUIRE MULTIFACTOR AUTHENTICATION EVERYWHERE Passwords are among the most easily compromised protections, and breaches using stolen credentials are among the most expensive to remediate. MFA adds another layer of protection against password- based incursions. Law Firms Deploy MFA on all document and case management systems, communication tools, and any platform that supports remote access. Legal Departments Work with corporate IT to ensure MFA is enforced across legal tool sets, third-party logins (for vendors or outside counsel), and SaaS platforms, old and new. Taking advantage of single sign-on (SSO) in tools or with service providers that support it will simplify staff authentication and give you more direct control over who can access external systems. Action Steps Apply MFA universally for every employee, partner, business unit, and critical vendor account. Engage users. Use mobile authenticators, push notifications, or biometric options. Explore the feasibility of passkeys, which eliminate passwords and further reduce your exposure to security risks. Communicate your MFA posture to business leaders, clients, and stakeholders. Highlighting MFA as a default, not an exception, signals your seriousness around cybersecurity and can differentiate your legal department or firm in pitches and proposals. ELEVATE WITH RATINGS, AI GUARDRAILS, AND HUMAN TRAINING Just as credit scores are used to gauge risk, legal teams should require up-to-date security ratings for any company with access to their data. Tools like SecurityScorecard and Bitsight provide objective, actionable vendor scores based on data breaches, patching cadence, network hygiene, and more. It is also essential to set clear AI and data governance standards. The adoption of GenAI is transforming both legal work and associated risks. A staggering 60% of breaches are due to human error, not software failure, which is why it's crucial to treat security training and testing as a continuous process. The strongest legal operations create a culture where everyone, from junior admin to senior partner, proactively learns and tests their cyber awareness. 7 6