Mark Stevens, Digital Guardian, Legaltech News
These steps will help your firm comply with
increasingly complex requirements while protecting sensitive client data from
cybercriminals
Over the last decade, it has become increasingly apparent that law firms are one of the hottest targets for cybercriminals seeking to benefit from sensitive client data. Just this year, data breaches like those at Cravath Swaine & Moore, Weil Gotshal & Manges, and Mossack Fonseca have demonstrated that most firms do not have basic cybersecurity controls in place for detecting and mitigating data breaches.
The cases above are somewhat extreme, but they
demonstrate the seriousness of the threat of cybercrime to law firms. The
following steps will help your firm comply with such requirements while
protecting sensitive client data from cybercriminals.
1. Identify Where Sensitive Data is at Risk: Prepare for clients to ask about your security
posture by conducting a comprehensive review of your firm's environment. This
will help to identify gaps where confidential client data, including
information stored on mobile devices, could be at risk. There are many services
that can help with this assessment and provide an understanding of where
exactly sensitive client data is being stored by your firm, as well as how it's
being used.
2. Move Beyond the Traditional Network Security
Focus: While network
protection tools are necessary, they cannot be the primary line of defense. To
truly keep its data safe, a firm must employ a multi-layered approach to
cybersecurity focusing on data protection. This protects both the network and
the data. It also protects from both outsider and insider threats. Finally, it
prepares the firm to counter each stage of a cyberattack.
3. Focus on Securing the Crown Jewels: Ensuring that security travels with the
data is critical to preventing cybercriminals from accessing the information,
regardless of where it's stored. Solutions that focus on data protection are
useful in helping law firms classify data, apply a usage policy for that
information, and enforce it. These solutions are a necessity for firms seeking
to protect client data in the rapidly-evolving threat landscape.
If a law firm makes it just a little harder to
steal sensitive information, or renders the data useless once outside the
network, cybercriminals will move to the next easiest target. Analyst firms
agree that data protection must be the focus for law firms as cybercriminals
begin targeting client data specifically. Particularly as data continues to be
accessed on more interconnected devices than ever before, adequate protection
needs to be a focus of every law firm's security approach.
4. Consider Managed Security Providers: If your firm is looking to avoid
implementing advanced data protection solutions on its own, consider hiring a
managed security provider (MSP). Small firms may benefit from this option, as
MSPs require fewer financial and personnel resources. This is particularly
relevant in today's IT talent shortage, as an MSP can free those workers to
concentrate on other initiatives.
5. Go Beyond with Positive Social Engineering: Employee security awareness is a critical
component to protecting client data. The key to employee security training is
to go beyond slideware and annual refreshers. Prompting functionalities in
technology make it easy to help employees self-correct data use issues. For
example, a customer recently reported an 85 percent decrease in data use policy
violations after six months of using real-time, pop-up dialogue box prompts.
Often, a simple reminder of what corporate policy is, and how they can adhere
to it, is all employees need to make a change in their behavior.
No comments:
Post a Comment