Comment: Pessimistic security – a necessary evil?" --
- "Given the amount of commercially and potentially nationally sensitive and valuable data held by law firms, and given recent security breaches such as the Panama Papers, the question is no longer whether firms are being targeted by hackers but how, and how far they need to go to protect against a leak."
- "While law firms have historically focused on defending their perimeter wall, the wider trend shows that attacks are becoming far more sophisticated, with spear phishing attacks tricking employees into giving away passwords and login details, potentially giving a hacker the internal privileges and access rights of that employee."
- "Says one commentator: 'The concern among large corporations is that law firms don’t have enough complexity in their record access rules and that they have been largely left to do what they want to do. If you are a large enterprise working on a greenfield project and you know it might attract negative publicity, particularly following the Panama Paper leaks, you want to know that your law firm has better security.'"
- "The result is that a number of firms, particularly those from the United States, are looking at significantly limiting file access within the firm. Pessimistic security flips the normal ‘optimistic’ approach of law firms on its head, with staff only able to open files where they have explicit rights. If a user has different and potentially conflicting permissions, the default position adopted will be the most restrictive."
- "This complex exercise in damage limitation – one already adopted by a number of accounting organisations – is, for many IT directors, the stuff of nightmares, given the fast pace that law firms work at, often through the night, with major financial drivers to complete work quickly and without technical impediments."
- "That is not to mention the fact that the knowledge capital and precedents by which law firms differentiate themselves and add client value – and in the future are increasingly likely to monetise – also currently involve sharing vast amounts of client information around the firm."