Cyber SecurityLaw firms are starting to see clients auditing their security practices, controls and technology.   Many clients that are concerned about data security audit their law firm’s information technology services and infrastructure. Some firms struggle to comply with client expectations.  Client audits vary from a couple of pages to detailed service contracts.   Clients are starting to realize that their weakest security link just may be their law firm.

Here are the 6 items that Law Firms need to be concerned with:

1.       Two Factor Authentication

As law firms utilize mobile devices and remote access with increasing frequency, Two Factor Authentication (2FA) has become mandatory. Some clients require mandatory controls to ensure that two factors of authentication are employed. With two factors of authentication in place and all Active Directory accounts are restricted; the law firm immediately experiences a dramatic increase in security.


2.       Encryption

Common practice with on-premises servers is to default operating systems and file systems not to encrypt data. While best practices have recently employed the same in transit data encryption using Secure Socket Layer (SSL for encrypting data at rest.


3.       Data Loss Prevention

Data Loss Prevention (DLP) controls eliminate risk associated with data being accidentally or deliberately disclosed, typically via email or removal media. With cell phones and USB thumb drives common systems must be employed to deliberately monitor outbound email activity and to lock down user access to USB ports/keys, remote or external hard disks and other removable media.


4.       Vulnerability Scans


Technology environments are constantly changing. Processes associated with adding and removing hardware, applications require law firm networks to constantly adapt. New opportunities for security vulnerabilities continually arise. Ongoing, recurring vulnerability scans and even ethical hacks employed by third-party specialists to discover open ports, applications and potential threats before they become a problem are critical.


5.       Backup & Disaster Recovery


Backup and disaster recovery processes are required to protect law firms from data loss. Without them, a natural or manmade disaster could cause a law firm to lose client information. Cloud data storage helps prevent the loss of data that could result from relying upon on-premises backups. It can speed recovery from security breaches by allowing instant remote access to replicated applications and data.


6.       Security Awareness Training


With humans as your weakest link, key security procedures may be forgotten and bypassed, or change controls misunderstood. This has the potential to lead to a security breach. Law firm staff should be trained about the firm’s security practices and expectations in protecting firm and client data from unauthorized disclosure.

Clients that for example deal with medical information demand that law firms employ appropriate security practices to protect their HIPPA data, confidentiality and relationship.  Without the appropriate controls these clients will just move on to another law firm that provides the data security they require.

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2013
  • 2011

View Mobile Version