The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
ask the expert LegalSEC has the chance of being the best thing ever to happen to law firm security. What technologies are you exploring to deal with security threats? Jeff: We've implemented next-generation firewalls, network-based malware protection systems, SIEM solutions and vulnerability management solutions. Next up are Web application firewalls to help secure both the internal and public-facing websites. The biggest investment we're making in security is not in technology, but rather in processes and procedures. And we're taking the plunge into ISO 27001 by certifying our data centers. Brian: We are discovering methods of monitoring and performing audits that represent a moment in time. We are focusing on providing ongoing education and putting time and energy in managed services, project management, ITIL v3 and looking at various GRC tools, such as LockPath and Manage & Measure. Matt: All kinds of software — desktop security, antimalware, antivirus and antiphishing — have evolved, and we try to offer the latest and greatest for our end-users' devices. Firewalls have changed quite a bit, and we've tried to keep up with that. Like Brian, we are doing a great deal more monitoring, which doesn't necessarily allow us to be proactive with particular events, but it does let us see trends over time. We are also learning and talking to other firms and industries about security and how to monitor and deal with the latest threats. Annette: We're always looking for ways we can improve the security of our property assets and information. To list just a few, we recently invested in substantially improving our firewalls, in network security encryption of mobile devices and email encryption, and, as I mentioned earlier, we're now being ISO 27001 certified. We've installed Good Technology Enterprise Server to provide security for confidential information on our personal mobile devices, which allows us to wipe lost devices remotely. In terms of physical security, we also have cameras recording everyone entering secure areas and a triple-check system for contractors accessing our data centers. Tom: We're developing a mobile device management solution to be able to apply a consistent security posture across all our devices. We're investigating large file-transfer solutions to replace Dropbox, which our clients seem to love regardless of its security issues. _________________________________________________________ How will ILTA's LegalSEC initiative help law firms and legal departments? Tom: LegalSEC will help firms develop a security initiative to tie all parts of the firm's business lines. Not only is it going to provide security templates and guidelines for IT, it will help provide education for staff, attorneys and business partners to address ongoing security needs. We ultimately want to see LegalSEC become the go-to standard for law firms and legal departments when implementing security standards. Brian: Getting started is difficult; it's about that first step. What path can I afford to invest time and money in? How do I steer away from roadblocks, and how can I get the team on board? LegalSEC will be successful because it is built on the same objectives as ILTA — peer-managed, peer-grown. It will bring together people in the same spot, or a few steps ahead or behind on the same path. LegalSEC will help us all discuss, share, initiate and adopt. Annette: Since LegalSEC will be consulting with law firms, the standards and best practices that come out of that are going to be tailored to our specific needs. I think that's great because, although we have standards like the ISO we can look to, these have a broader application designed to cover a wide range of organizations that are in different and varied industries. To have something that looks at best practices for law firms' specific issues will be very useful. Jeff: Much like ISO 27001 helps lay a framework of IT security within an organization, LegalSEC will help deliver standards that are focused specifically on the needs of the legal profession. The goal 114 Peer to Peer