Law Departments and Cyber Security: Addressing the Scary Stuff

By Joseph Raczynski

Law firm security bears one of the softest underbellies within the world of professional services. This alarm was sounded during an ILTA panel discussion surrounding security with Michael Russell of Liberty Mutual, Brian Donato of Vorys Sater, and Natalie Fedyuk of KPMG.  The consensus from the group was that law firms have more possible exposure to threats due to their complicated handling of highly sensitive data that crosses the spectrum of (PII) Personally Identifiable Information.

According to the panel, a recent investigation called the Mandiant Report cited one of the largest threats to law firms outside of the United States is China.  The evidence supports that the Chinese Army is attacking law firms because of their traditionally low levels of security and their highly sensitive information.  In one example a law firm had been attacked and the email addresses released of military officers who were being investigated for atrocities in Afghanistan.

With countless successful breaches occurring, the panel focused on how to create better safeguards.


  • Manage Vendors: Do a risk assessment of your vendors. Make a security part of the RFP process so that there are tactical steps to support a management strategy.
  • Governance: while security software is important it is a small part of the whole. Make sure a process is in place to govern all aspects of data flow, access, audits, and compliance.

Establish informational audits for internal personnel and vendors which include the following:

  • Input/Intake
  • Issue Questionnaire
  • Conduct Review
  • Complete Questionnaire and Report
  • QA Review
  • Issue Questionnaire and Report
  • Closing meeting with Vendor

Ultimately all firms should seek out best practices to protect themselves.  They recommended beginning this process by adopting and enforcing a security controls framework.  The LegalSEC “Top Ten” was considered the place to start for implementing proper controls as well as audits.

Ultimately to eclipse the mounting threat of cyber assault on law firms, the panel stressed several salient points.  They stated that creating a very thorough risk assessment for all parties, and establishing a governance process was most important.  They also highlighted that diligently seeking out best practices for data destruction, incident response, and considering a cyber-insurance policy, just in case everything else fails was invaluable.

About Joseph Raczynski (167 Articles)
Joseph Raczynski Technologist/Futurist Joseph is an innovator and early adopter of all things computer related. His primary focus is around the future of technology, and speaks globally about Legal Technology, Cybersecurity, Blockchain, Artificial Intelligence, Cryptocurrency, and Robotics (drone technology). He also writes about the future of technology as it impacts the crossroads of our personal and professional lives, especially in the legal sector. Under the umbrella of Thomson Reuters, The Hearing a Legal Podcast, Joseph hosts a podcast with a technology focus. He also serves as a mentor with the Columbia | IBM Blockchain Accelerator and guest lecturer at Fordham University School of Law, as well as a Cybersecurity Committee Member at the University of South Florida. Joseph founded wapUcom, LLP, consulting with companies in web and wireless development. As a side project DC WiFi was created to help create a web of open wireless WiFi access points across cities and educate people about wireless security. Currently Joseph is with Thomson Reuters Legal managing a team of Technologists for both the Large Law, Corporate, and Government divisions in the US. Joseph serves the top law firms in the world consulting on legal trends and customizing Thomson Reuters legal technology solutions for enhanced workflows. He graduated from Providence College with a BA in Economics and Sociology and holds a Masters in eCommerce and MBA from the University of Maryland, Global Campus. You can connect with Joseph at or or onTwitter @joerazz

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: