vulnerability. This has to be done with care as a pen test
performed recklessly can cause system or network damage
through buffer overflows, Denial of Service attacks (DoS) and
misconfiguration of systems.
The tests should be repeated at minimum annually, though
the shortest reasonable frequency would be best. The tests
should also be repeated after any changes to the firewall or
other major systems. The test should encompass not only the
firewall but any services that pass through the firewall, and any
other outside-facing systems.
Two-factor authentication is
recommended highly for law
firms of all sizes.
REMEDIATE CAREFULLY
The end result of a security audit or pen test will be a remediation
plan. The IT department should not blindly accept recommended
changes without carefully reviewing the changes first considering
possible adverse effects on other systems and the end users.
Recommendations, especially those generated from automated
systems, could easily bring down entire systems. End-user training
and advance notice will pay off as well.
MORE TO COME
The time is now to start a discussion about security within your
firm. This topic is likely to remain on the radar well after this year
ends. With careful planning and preparation, recent advances
in security technology, a holistic approach and the right people
involved, your firm can secure your client's data without breaking
the bank or frustrating your attorneys.
ILTA's LegalSEC® initiative needs you!
Help provide the legal community with guidelines for risk-based
information security programs that are achievable, measurable
and mature. Volunteer for the LegalSEC Council today!
86
Peer to Peer
Visit www.iltanet.org/legalseccouncil
