The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 40 If you sense any reluctance because users are concerned about being exposed, make the process anonymous or confidential. Set up a mailing list or wiki where employees can post events and lessons learned, and establish positive rewards for participants. Having now created the environment, it is time to introduce any new policies or tooling by putting them into contexts your users will understand. If you start to use white-listing, remind users about compromises from malicious websites. If you are adopting two-factor authentication, share stories of stolen passwords and keyloggers. Remember, getting ready means getting the firm ready to embrace new security, not just getting IT ready to deploy it. PHASE FOUR: INITIATING A HABITUAL CYCLE If you have been listening to your users about benefits and inconveniences, you should begin to see the fruits of your labor. Having instituted reporting and communications programs before implementation, you should see advancement toward greater security. Your job now is to provide consistent and positive feedback that will stabilize your firm's behavioral changes. As you see improvements, acknowledge and share them with users. If all goes well, the cycle will perpetuate itself until it becomes habitual. PHASE FIVE: PROTECTING YOUR GAINS Once you have gone through this process, the consistency of your follow-through will determine your long-term success. New graduates, new staff and attorneys from less savvy firms will require additional support to encourage and maintain the firm's commitment to security. Introduce the security culture at the firm by describing the purpose and expectations of the systems in place, and address any lapses with positive, value-based reasoning. New threats arise continuously and might require new actions, so stay current. If addressing a new threat entails adopting a new behavior, apply these lessons again in a more focused way as you advocate for the new protection. TONING UP The security of client information is critical to all aspects of the attorney-client relationship, and clients that lose confidence in your firm's ability to address the changing security landscape are likely to leave. Adopting actionable cybersecurity awareness is necessary to protecting attorney-client privilege. Once adopted, it should become a natural, logical part of every day, making the underbelly soft no more. If you sense any reluctance because users are concerned about being exposed, make the process anonymous or confidential. FEATURES Complement the Cloud with a Back-Up Security Layer by Mounil Patel of Mimecast As more businesses migrate to cloud platforms like Microsoft Office 365 and Google Apps, consolidating data into a single point-of-access space, they invite greater risks along the way — risks that have left many firms hesitant to migrate to the cloud. If every organization worked on the same security stack, using the same means of protection and sharing their data in the same place, all of their eggs would be in one security basket. Placing the data of thousands of law firms behind just one "lock to pick" is irresistible to hackers, providing relatively easier access to greater amounts of attorney and client data. Should a cybercriminal target just one firm, every firm and every business with that vendor could be victims. This is why adding redundancy to your email security with a second layer of protection has become so necessary for covering backdoors and vulnerabilities. Email security and archiving partners can help outfit your business with a secondary email system that ensures that, even if your primary provider — be it Office 365 or Google Apps — is experiencing downtime, you can utilize that secondary system to continue sending, receiving and reviewing email messages. If a potential spear-phishing attack or malicious email is able to pass through your primary provider's safeguards, you have a secondary system in place to scan and catch it. Having two layers of email service protects business continuity from being disrupted or stopped altogether if a service outage occurs. It also minimizes the possibility of targeted email attacks. It's easy to think a data breach will never happen to you, but you have no control over whether a hacker targets your firm. What you can control is what happens next. Considering that nearly one in four law firms has suffered a data breach, and 77 percent of the biggest firms aren't sure if they've ever undergone a cybersecurity audit, lacking a redundant layer of email security is simply tempting fate.