Monday, January 28, 2013

More on Law Firm Information Security -- The Threats are Real, Are You Really Ready?

Hildebrandt highlights a recent PricewaterhouseCoopers white paper, which alerts: "Notice to law firms: Hackers want your secrets" --
  • “There is no question that law firms are among the companies being targeted by cyber criminals,” says Shane Sims, a director in PwC’s Forensic Services group."
  • "Mary Galligan, head of the cyber division in the New York City office of the FBI, agrees: 'As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.'"
  • "Privacy and confidentiality are bedrock qualities for law firms. But the consequences of a security breach are obvious and painful: The theft of client information could be devastating to a firm’s reputation, which is their most important asset," says David Gaulin, co-leader of PwC’s Law Firm Services.
  • “Many law firms are moving to strengthen their defenses,” adds Gaulin.
The report notes the challenge that "...information sharing has been 'socialized,' meaning that people communicate information 'liberally and indiscriminately' across networks..." And it offers prudent advice including investing in user training, virus and spam protection, firewalls and defined incident response plans.

And, at the same time, it touches on issues we explored in a story last week -- the tension between the demand for frictionless internal access to information with the need to control, secure and manage sensitive material. In response to this tension, more firms are talking about creating a "hybrid" approach to internal information security to limit exposure to breaches or accidents.

The PwC report emphasizes this message as well, noting that firms should take a proactive view to limiting exposure and: "Run an analysis program that detects unusual behaviors, activities, or programs in the system."

No comments:

Post a Comment