Form a Phalanx: Law Firm Lessons on Managing Cyber Security through Talent and Culture

The 5th Annual Law Firm CFO/CIO/COO Forum

As law firms continue to appreciate the significance of creating an understanding surrounding security and risks, this starts with a sharp focus on talent and culture.  The first component that the panel discussed during the Data Privacy, Security & the Globalized Law Firm CFO/CIO/COO Forum, surrounded protection and prevention methods.

Protection and Prevention

Barry Strauss, COO, Elegrity; Curt Cunningham, CIO, Fragomen; Michael Lewis, CIO, Hogan Lovells; Ramound Umerley, CDPO, Pitney Bowes had a very engaging discussion about how firms can best protect their data.  In the beginning stages firms should prioritize their assets.  What documents, emails, IP, databases, software, and services are most important?  As new data arrives, the firm should exam the process.  How is data stored, transmitted and deleted?  The process for each aspect needs to be examined carefully.  The firm has to be mindful of both structured and unstructured data and in addition, understand and follow the rules for national and international compliance of this information.

Several of the panelist suggested that every firm should conduct its own network penetration tests.   Michael Lewis, of Hogan Lovells recommended firm’s design phishing emails to see which employees are actually clicking on those links.  Another aspect he mentioned was to review data retention policies.  Are these policies industry standard?  Michael Lewis also advocated that firms take a baseline network traffic reports from all offices.  Once established, that can be compared to any unusual traffic on your network setting off alerts to anomalies and a possible compromise.

Some other protection and prevention methods:

  • Use encryption everywhere that you can; email, documents, databases, SAN
  • Web Application Vulnerability Testing
  • Mobile Device Management – separate data on their BYOB
  • ISO certification and accreditations

Incident Response

Another critical aspect of firm culture is incident response.  The panel discussed the need to have a cross functional team in place for when the cyber-attack occurs.  This group should include many of the following groups; Communications, HR, BD, HR, Managing Partner, IT, Audit, and Info Security.  A suggestion that hit a cord with the audience was accessibility to your vendors.  That is the ability to contact a vendor no matter what time of day or night.  Get the phone number to a real person who is accountable.  They emphasized that this should be negotiated and arranged in the contract.  Lastly, once an issue is complete conduct a retrospective of the attack and defined learnings for the next event.

In an age where law firms are clearly in the sights of cyber criminals there is a need to act. Law firms are aligning their understanding of security and risks directly with the need for a sharp focus on internal talent and culture.  Protection, prevention, and incident response methods are a major component of safeguarding the firm’s assets.  The panel closed with their three most important take-aways;  prepare technologically, educate your staff, and create clear processes.

Advertisements
About Joseph Raczynski (87 Articles)
Joseph Raczynski Legal Technologist/Futurist Joseph is an innovator and early adopter of all things computer related.  His primary bent is around the future of law and legal technology. He also focuses on several fields including machine learning, mobile, security, cryptocurrency, and robotics (drone technology). Joseph founded wapUcom, LLP, consulting with companies in web and wireless development.  As a side project DC WiFi was created to help create a web of open wireless WiFi access points across cities and educate people about wireless security. Currently he is with Thomson Reuters Legal managing a team of Technical Client Managers for both the Large Law and Government divisions.  Joseph serves the top law firms in the world consulting on legal trends and customizing Thomson Reuters legal technology solutions for enhanced workflows. He graduated from Providence College with a BA in Economics and Sociology and holds a Masters in eCommerce and MBA from the University of Maryland, University College. You can connect with Joseph at JoeTechnologist.com or JosephRaczynski.com or @joerazz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: