The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA BEST PRACTICES 14 Now is the time for law firms to get their defenses and data protection strategies in line. Fortunately, firms need not break the bank to secure their systems. VALUABLE DATA THAT'S VULNERABLE The data available in a law firm's paper and digital files are valuable beyond measure. Some might be difficult or impossible to replace. Individuals and corporate clients entrust their legal team with sensitive and confidential data, including medical information which might be protected under HIPAA, matters concerning intellectual property, employment or labor disputes, political alliances, victim statements, witness identities and more. As employers and business entities, law firms manage another level of data: They house personal, benefit and financial information belonging to their partners, associates and employees. Their own financial data — tax records and other business documents — are also stored within their systems. Exposure of these sensitive data can be incredibly damaging to the firm and to individual employees, partners and associates. Technology and information security are outside a law firm's core business functions, so many firms are unable or unwilling to allocate resources for dedicated staff with specialized training in such areas as network security, perimeter defense, Web application security, endpoint security and mobile security. Smaller practices often have little in their budgets for data protection measures or resources, and baseline steps like timely application of updates and patches might fall by the wayside. Law firms are expected to have a robust online presence, but websites are too often left unsecured. This makes them vulnerable to attacks, whether by a hacker looking for specific information or by opportunistic malware that infects the system because of weak or outdated security. And outside vendors that aren't properly vetted and monitored can have system access, creating a pathway for hackers to gain entry to internal systems that house your most critical data. THE CONSEQUENCES Information is an asset, and if it is not properly managed, valuable pieces of that asset can be lost or stolen. Data breaches can often result in lawsuits filed by victims whose sensitive data were exposed. Responding to a data breach can require forensic analysis, malware detection and removal, evidence collection and analysis. Depending on the nature of the breach, new hardware or software may be required to repair the network and prevent the event from recurring. Backlash from clients can be severe. Harm to a firm's reputation is likely to occur if key data aren't protected. Measurable and significant impacts to revenue have been seen with the Target breach. A similar situation would likely devastate a law firm. About the Author Deena Coffman is the Chief Executive Officer of IDT911 Consulting. She has broad experience providing guidance to clients on technology, data privacy and security, electronic discovery, and advanced search and data analytics. Prior to joining IDT, she established the data analytics practice at Kroll when she held the position of chief operating officer for the cybersecurity and information assurance practice. Deena has authored articles for a variety of national publications, presented at international conferences and has been an invited guest to comment on security topics for world and national news programs. Contact her at dcoffman@idt911.com. Thwarting Vicious Cyberattacks When we hear of a data breach, it's easy to assume it's in the retail or financial sector. Those are the targeted industries that have grabbed news headlines lately, but thieves would love to get their hands on the information held inside a law firm. Secure sensitive information without wasting time or money by implementing protective measures for data that don't require it.