Thursday, March 3, 2016

Law Firm Information Security: Making News, Changing Client Strategies

via Bloomberg BNA, come two stories highlighting information security. First, on the subject of threats facing law firms (and client concerns): "Verizon GC: Law Firms Are Prime Targets for Hackers" --
  • “Verizon General Counsel Craig Silliman said that he thinks law firms are prime targets for hackers. ‘Firms have to make sure they are not a weak link in the company’s overall cyber security profile, which at its most basic level means their standards for protecting data need to be at least equivalent to those of the companies they represent,’ Silliman said.”
  • “’Law firms hold a lot of sensitive documents about their clients. They are not just potential, but likely, targets for those looking to find sensitive information. We think it’s very important that law firms look at the threat environment and make sure their systems are up to standard. It’s something we’re in a regular conversation with our main law firms about. I think most large companies are talking to their law firms about this, so it’s important that the law firms be aware of their systems, be aware of the communications, be aware of the sensitivity of what they have, and make sure that they aren’t a vector for attack into the company’s intellectual property.’”
  • “'law firms are really most interesting, because they hold a lot of information about intellectual property, about potential mergers and acquisitions, things like that. It’s important to understand the nature of the potential threat that you face, and what it is about you as the law firm that’s most interesting to a potential bad guy...'”
Next, an interesting review of how firms are partnering with clients to address information security challenges, offering a combination of legal and technical expertise: "Latest Qualification for Cyber Security? No Law Degree" --
  • “Jeff Lolley joined Hogan Lovells in 2010 to help oversee the firm’s internal security issues. Even though he’s not a lawyer, during the past two years, Lolley gradually assumed a new role, helping the firm’s clients respond to a data breach, or with training and awareness on cyber issues. Now, he leads a unit of non-lawyers at Hogan Lovells that work alongside the firm’s partners in the Cyber Security Solutions practice group. And his title has grown from chief information security officer to also include managing principal of cyber risk services.”
  • “Lolley is not an isolated example: Across the country, law firms increasingly are turning to non-lawyers to help build their cyber security practice groups. Based on interviews with lawyers in this field, at least a half-dozen law firms including Hogan Lovells, Venable, Seyfarth Shaw, DLA Piper and others, are using non-lawyers, often professionals with deep backgrounds in technology and technical expertise, to complement the lawyers focused on data security and privacy.”

No comments:

Post a Comment