Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Information Governance: Law Firms' Cybersecurity Weak Spot

By Ian Raine
April 02, 2017

With the Panama Paper incident and other noteworthy recent law firm security breaches top of mind (see, “Hackers Breach Law Firms,” Wall Street Journal (March 29, 2016)), law firms in the U.S. and around the world are increasingly concerned about being hacked by cybercriminals (see, “Cyberattack Exposes Law Firms' Weak Spots,” Wall Street Journal (Dec. 29, 2016). In response, many firms have significantly upgraded their perimeter security systems to ensure that only authorized and authenticated users can access their systems. Yet perimeter security is only one part of a comprehensive legal data security strategy and by itself leaves open a weak spot — attackers who, using phishing or other methods, are able to bypass strong perimeter security systems, and once inside find themselves able to access a firm's emails, documents and other work product.

But law firms do not just have to live with this weakness. With a strong information governance strategy, law firms can restrict access to sensitive work product to employees who need this information, and also quickly and accurately identify potential attacks that have bypassed perimeter security systems. Such successful law firm information governance strategies secure work product on a need-to-know basis so that all users do not have broad access to information that is not immediately relevant to their business purpose. They also encrypt and protect work product using multiple authentication mechanisms, so that if any employee is compromised, access is still not easily provided to the hacker. Finally, they can detect threats and identify attacks, helping law firms stop attackers from securing client information, and enabling them to alert clients when their information has (or has not) been compromised by an attack.

Law firms can implement such a strong information governance strategy by following six basic steps:

  1. Educate and train users;
  2. Store work product in governed locations;
  3. Use strict security models;
  4. Share files in a secure fashion;
  5. Develop and enforce data retention policies; and
  6. Use information governance analytics.

By following these six steps, law firms will be able to implement a strong information governance strategy that, in combination with strong perimeter security systems, allows them to not only fend off most cyber attackers, but also prevent or at least limit any damage from attackers that do find a way through their perimeter security systems.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Removing Restrictive Covenants In New York Image

In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?

Fresh Filings Image

Notable recent court filings in entertainment law.