Wednesday, February 22, 2012

Clients Advised to Ask Tougher Questions About Law Firm Information Security

Law firm information security and information risk management is definitely in the zeitgeist. Corporate Counsel magazine just published an article advising clients to take greater interest in how outside counsel treat their sensitive information. "Securing Corporate Data in a Law Office's Computer Network" --
  • "It’s an issue that should be getting the attention of in-house counsel, especially as they share sensitive--and potentially valuable--data with outside counsel."
  • Digital risk consultancy Stroz Friedberg notes: “We’re advising law firms to segregate that data, and put much more security around that data."
  • "'The disparity in the levels of security we’re seeing is startling.' Some law firms have a very strong culture of security, at or beyond that of their corporate clients. Others continue to prioritize the convenience of a flat, open network over the security of a network with more barriers."
  • Echoing, similar comments published by the UK's Legal Support Network, Friedberg notes: “The issue ends up being that the lawyers are so oriented to the convenient use of computers. It presents real challenges to pervasively establish a culture of security, because convenience has to be subjugated to secure computer use.”
The article presents an extensive list of "Twelve Security Questions That Corporations Should Ask Their Law Firms," which includes:
  • Does the firm log access to its clients’ files, so who touched what file can be reconstructed?
  • Does the firm use secure enclaves, where highly sensitive data receives higher levels of security protection and monitoring?
  • Does the firm have state-of-the-art intrusion detection, session-recording, log-aggregation, and enterprise forensic tools?

No comments:

Post a Comment