Wednesday, April 25, 2012

Law Firm Information Security: More Firms Taking Note of Very Real Threats

From the National Law Journal comes another detailed update on information security threats and challenges specifically facing law firms: "In the Tablet Age, Law Firms Face New IT Threats":
  • "We have seen over the last three years an increase in the targeting of law firms," said Trent Teyema, assistant special agent in charge of cybercrimes in the FBI's Washington field office. "As client companies become targets, their security becomes stronger. Softer targets to go after are law firms."
  • Says Stewart Baker,  partner at Steptoe & Johnson and former assistant secretary for policy at the U.S. Department of Homeland Security: "There is every reason to believe that foreign governments are breaking into American law firm networks."
  • Some firms are afraid to go on the record: "Several top law firms declined to comment for this story, as many felt that doing so would make them a target."
As the article describes in greater detail, firm size matters not -- big and small firm alike face very real and active threats:
  • As Carlos Rodriguez, network manager at Nexsen Pruet and vice president of the Server and Operations Peer Group with the International Legal Technology Association (ILTA) notes: " is a problem that plagues the entire firms need to band together to push back. His association, he said, has brought together firms that share information to help improve data security."
  • And at Hogan Lovells, director of information security Jeffrey Lolley describes the executive-level importance placed on information risk management via a: "dedicated information security organization, staffed with experts in information security, data protection, and privacy. The activity of the organization, and the security program as a whole, is guided by an executive governance body charged with protecting stakeholder information and securing the technology enterprise." He notes a common driver increasingly motivating law firms: "clients want to hear about our security practices and how we protect our data."
  • "At Steptoe, Baker said that the firm has a client that audits the security of the firm's network services annually to ensure that it meets the client's own standards. Ultimately, Baker said, the key to securing data is "eternal vigilance and willingness to accept inconvenience."

No comments:

Post a Comment