Monday, April 2, 2012

Information Security -- Are Law Firms "The Weakest Link"?

A month ago we noted bold opinions from Rupert Collins at LSN in the UK: "Why information security has now become a costly issue for law firms." Now comes a similarly-focused (and provocative) article from Jeff Brandt, former law firm CIO and present editor of the PinHawk Law Technology Daily Digest.

He just published: "When Good Enough Isn't: A spotlight on Law Firm Security," an excellent survey of several information risk and security challenges facing the industry:
  • "As the rest of the world and industries tighten their security, it places law firms in the unenviable position of being viewed as the weakest link."
  • "Unfortunately, for far too many law firms, security *is* an afterthought. Law firm culture and attorney convenience undercut and compromise security. Some firms don’t truly understand what needs to be done. They make half hearted attempts; get some good enough policies and such in place and cross security off their ToDo list."
  • "Why are law firms considered the weak link? Because even something as simple as enhanced network passwords requires intense partner debate and discussion rather than simple acceptance."
  • "I won’t argue the point that IT needs to be more flexible and responsive to users’ needs, but IT is still responsible for the electronic business control. Some seem to have forgotten this fact. As a colleague recently said to me, 'And the first time there is a breach or loss of data caused by these mobile/consumer devices, what will you say to your client? To your insurance broker? To the NY Times?'"
See the complete text for his recommendations for getting your firm into the minority he believes "seem to get the importance of security, who have the right attitude and who are truly doing enough," and some interesting reader insight in the comments section.

No comments:

Post a Comment