The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/230349
In addition to being a Senior Consultant in the iManage practice group at Innovative Computing Systems (ICS), Brian Ruthruff currently manages the San Francisco office. He has implemented, managed and supported projects for multinational corporations and Am Law 100 law firms. Brian has been in the information technology field for over 25 years and has held high-level certifications from Microsoft, iManage, Interwoven, Shoretel, Novell and Cisco. Contact him at bruthruff@innovativecomp.com. The threat of cyberattacks is a real problem for law firms, and though the threat is reason enough to enact more stringent security policies, there is another compelling reason — client security requirements. Some believe these threats are not a problem for small firms, but nothing could be further from the truth. In addition, since it is getting increasingly common for the clients of law firms to dictate security requirements, especially in the financial services and banking industries, all firms should make strengthening security policies a priority. Bank of America, for example, explains it this way on their website: "A vital element of our information security program requires oversight of third-party suppliers, which applies to international as well as domestic companies. Contracts with our suppliers who have access to our customers' information require them to substantiate that they meet the strict requirements of our information security program and only use the information for restricted purposes." President Obama's Executive Order in February 2013, "Improving Critical Infrastructure Cybersecurity," puts added pressure on financial institutions to control their contractors and supply chain, including law firms. BE AWARE OF THREATS Law firms face threats from state-sponsored hackers, such as those from China, industrial espionage by clients' competitors and even unskilled individuals who use scripts or programs developed by others to scan for and attack computer systems and networks. Peer to Peer 83