Blog | HBR Consulting

Implementing A Layered Defense to Cybersecurity

Written by Laurie Fischer | Jun 21, 2017 2:38:36 PM

Earlier this year, Legal IT Professionals featured an article co-authored by my colleague James Britt and me that provides a list of cybersecurity best practices global law firms should prioritize in 2017. More specifically, we discussed specific steps law firms can take to address gaps that previously provided hackers with easy access to sensitive data.

As we point out in the article, larger law firms with a global presence are increasingly vulnerable to cyberattacks, jeopardizing sensitive client information and the firm’s public reputation. “Security experts note that law firms are at least three years behind data security standards, and are reluctant to adopt (or invest in) technology solutions. Although law firms are entrusted with volumes of confidential information, most have limited or no document security policies in place,” we noted. Last year’s massive cyberattack on law firm Mossack Fonseca and the subsequent Panama Papers further demonstrate the urgent need for global firms to prioritize improvements in cybersecurity technology tools and internal processes.

To strengthen cybersecurity measures, IT professionals at law firms should adopt a unified approach by:

  • Establishing a holistic view of governance that include steps on how to prevent, detect and respond to possible data breaches, and what role employees will play in the all of these processes.
  • Creating a layered defense system that includes tactics like establishing data storage controls, filtering the information going in and out of a law firm, two-step authentication and file encryption.
  • Training employees on best practices for safeguarding their work and any new cybersecurity policy initiatives.
  • Developing a comprehensive breach response plan that includes an immediate assessment of the size and scope of a breach and establishing a formal communication plan for notifying internal and external clients and stakeholders.

While information security was once considered solely the responsibility of IT departments, global law firms must start treating security as a wider initiative by involving leadership and end users. Firms that invest in cybersecurity now will not only mitigate risks in the near-term but also see increased value for clients, shareholders and internal stakeholders.

To learn more about how law firms can protect their digital assets from outside threats, check out our full Legal IT Professionals article here, or schedule a briefing with me by contacting LFischer@hbrconsulting.com.