Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

CybersecurityCybersecurity Law & StrategyFeaturesInformation Governance and ComplianceLJN NewslettersTechnology Media and Telecom

Information Governance: Law Firms' Cybersecurity Weak Spot

By Ian Raine
April 02, 2017

With the Panama Paper incident and other noteworthy recent law firm security breaches top of mind (see, “Hackers Breach Law Firms,” Wall Street Journal (March 29, 2016)), law firms in the U.S. and around the world are increasingly concerned about being hacked by cybercriminals (see, “Cyberattack Exposes Law Firms' Weak Spots,” Wall Street Journal (Dec. 29, 2016). In response, many firms have significantly upgraded their perimeter security systems to ensure that only authorized and authenticated users can access their systems. Yet perimeter security is only one part of a comprehensive legal data security strategy and by itself leaves open a weak spot — attackers who, using phishing or other methods, are able to bypass strong perimeter security systems, and once inside find themselves able to access a firm's emails, documents and other work product.

But law firms do not just have to live with this weakness. With a strong information governance strategy, law firms can restrict access to sensitive work product to employees who need this information, and also quickly and accurately identify potential attacks that have bypassed perimeter security systems. Such successful law firm information governance strategies secure work product on a need-to-know basis so that all users do not have broad access to information that is not immediately relevant to their business purpose. They also encrypt and protect work product using multiple authentication mechanisms, so that if any employee is compromised, access is still not easily provided to the hacker. Finally, they can detect threats and identify attacks, helping law firms stop attackers from securing client information, and enabling them to alert clients when their information has (or has not) been compromised by an attack.

Read These Next
The DOJ's Corporate Enforcement Policy: One Year Later Image

The DOJ's Criminal Division issued three declinations since the issuance of the revised CEP a year ago. Review of these cases gives insight into DOJ's implementation of the new policy in practice.

The DOJ's New Parameters for Evaluating Corporate Compliance Programs Image

The parameters set forth in the DOJ's memorandum have implications not only for the government's evaluation of compliance programs in the context of criminal charging decisions, but also for how defense counsel structure their conference-room advocacy seeking declinations or lesser sanctions in both criminal and civil investigations.

Use of Deferred Prosecution Agreements In White Collar Investigations Image

This article discusses the practical and policy reasons for the use of DPAs and NPAs in white-collar criminal investigations, and considers the NDAA's new reporting provision and its relationship with other efforts to enhance transparency in DOJ decision-making.

Bankruptcy Sales: Finding a Diamond In the Rough Image

There is no efficient market for the sale of bankruptcy assets. Inefficient markets yield a transactional drag, potentially dampening the ability of debtors and trustees to maximize value for creditors. This article identifies ways in which investors may more easily discover bankruptcy asset sales.

A Lawyer's System for Active Reading Image

Active reading comprises many daily tasks lawyers engage in, including highlighting, annotating, note taking, comparing and searching texts. It demands more than flipping or turning pages.