SlideShare a Scribd company logo

Law_Firm_Info_Security_Report_June2011 (1)

Aspiration Software LLC
Aspiration Software LLC

This document discusses why information security is now a business-critical function for law firms. It notes that law firms now rely heavily on information systems and electronic data, but this increased use of technology also brings greater risks. The document outlines five reasons why law firms need to make information security a priority: 1) the sensitive nature of legal information, 2) the large amounts of valuable data law firms store, 3) reliance on trusted information systems for business functions, 4) the widespread adoption of various systems and technologies, and 5) growing compliance requirements regarding data protection. It stresses that law firms must understand the security threats and risks in order to adequately protect their systems and client data.

1 of 16
Download to read offline
5 Reasons why Information Security is now a Business-Critical Function for Law Firms Valuable insights into the importance and challenges of securing information systems in law firms EXECUTIVE INSIGHT SERIES REPORT SPONSORED BY
2 Copyright 2011 NorthPage Research LLC  www.northpage.com About this Report Information Security is a business-critical function for modern law firms. Through the insights in this report, lawyers and law firm executives will gain a better understanding of the threats, risks and realities challenging today’s technology-enabled law firms. This report seeks to help law firms of any size to ensure continued success and growth through reliable, productive and secure information systems. Understanding the threats posed by the widespread adoption of technology is a business-critical imperative for law firms. NorthPage Research produces independent publications and online guides to help business decision makers
3 Copyright 2011 NorthPage Research LLC  www.northpage.com 5 Reasons Why Information Security is Now a Business-Critical Function for Law Firms  Danger By Design: The Unique Role Of Information In Law Firms Does your law firm protect and secure confidential information to the levels required by law, professional codes and ethics?  The Law Firm Information Gold Mine Do you know everything you are obligated to know about when, where and how information is created, communicated and stored by your firm? Do you know how accessible that information is to those with malicious intent?  Trusted Information Systems Are The Lifeblood Of The Modern Law Firm What level of priority does the ensuring of trusted and secure information systems have in your firm? Are you taking the steps necessary to make certain your information systems remain a business accelerator and not a source of liability and loss?  Information Systems Sprawl in Law Firms Do you have visibility into and control of your firm’s information systems footprint? Are your security controls consistently implemented across the organization? What are the levels of information security risk, exposure and vulnerability your firm faces?  Information Security Impacts Law Firm Compliance Is your firm storing, encrypting, securing and protecting its confidential data in adherence with the growing number of related laws and regulations?
4 Copyright 2011 NorthPage Research LLC  www.northpage.com EXECUTIVE SUMMARY Information systems have become business-critical assets for modern law firms. Traditionally, law firms relied on the instincts, creativity and knowledge of the firm’s practitioners. That reliance has now been materially advanced by the adoption of firm-wide systems, devices, applications and networks. Today, virtually every function in the modern law firm is impacted greatly by the implementation and utilization of information systems. In conjunction with the dramatic gains realized by the technology- enabling of law firms, equally dramatic risks and vulnerabilities have arisen. Technology-based capabilities, particularly when combined with prolonged economic downturns, create environments ripe for attack and compromise by malicious hackers as well as espionage by opportunistic employees and competitors. Given the expanding information security threat landscape, technology- enabled law firms must understand these threats, vulnerabilities and risks and aggressively secure their systems and data.
5 Copyright 2011 NorthPage Research LLC  www.northpage.com DANGER BY DESIGN: THE UNIQUE ROLE OF INFORMATION IN LAW FIRMS The unique nature of legal information creates elevated levels of information security risk. In contrast with most industries, lawyers' work- products are typically comprised of sensitive and highly confidential data. LAW FIRMS’ BURDEN TO SECURE INFORMATION By law, professional codes and ethics, lawyers are duty-bound to secure electronic information. Law firms are similarly required to proactively protect their client’s electronic information. The American Bar Association's Model Rules of Professional Conduct provide the following guidance on preserving the confidentiality of information: A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer's supervision. When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. MALPRACTICE AND INFORMATION SECURITY Information security has major malpractice implications for law firms. Law firms and lawyers must account for malpractice liabilities ranging from information security negligence to inadvertent breaches of client confidentiality. Failure to do so can result in tort, breach of fiduciary duty or breach of contract claims. Does your law firm’s management and its protection and of secure and confidential information rise to the levels required by law, professional codes and ethics? LAW FIRM REALITY
6 Copyright 2011 NorthPage Research LLC  www.northpage.com THE LAW FIRM INFORMATION GOLD MINE Law firms electronically create, handle and store vast quantities of highly- valuable information. Much of this information is of great value to hackers, current and former employees and competitors. LEGAL INFORMATION EXPLOSION The typical law firm’s information assets double every six months. Information assets are defined as the operating and confidential or privileged information produced, communicated or stored by a law firm. Today, more than 90 percent of legal information exists in digital form. Accelerating the growth of the legal data footprint are the copying, sharing and distributing of information assets across multiple systems, applications, devices and groups of users. The increased development and use of multiple data formats further increases the quantity of information assets to be managed and secured by law firms. Common formats and data requiring protection include word processing documents, spreadsheets, databases, email messages, text messages, digital images, audio, video, website content, proprietary applications and social networking information. INFORMATION RETENTION Few law firms implement effective electronic information retention and deletion policies. Such policies ensure that firms retain only what is required for business or legal reasons. Well managed policies also constrain the confidential data explosion while reducing the levels of information systems risk. LAW FIRM REALITY
7 Copyright 2011 NorthPage Research LLC  www.northpage.com LEGAL INFORMATION GOLD MINE The information assets created, communicated and stored by law firms represent an information gold mine for hackers. According to the 2009 Data Breach Investigations Report from Verizon, most data breaches originate from external sources with 91 percent of all compromised records linked to organized criminal groups. Law Firm Information Assets High-value law firm information assets of great interest to hackers include: Pending litigation Details on new patents and products Intellectual property Client Information Computer generated forensic recreations and simulations Trade secrets Confidential and Privileged information Identity Information Personal information Source data Do you know everything you are obligated to know about when, where and how information is created, communicated and stored by your firm? Do you know how accessible that information is to those with malicious intent? Who is Behind Data Breaches? 74% resulted from external sources 20% were caused by insiders 32% implicated business partners 39% involved multiple parties * Verizon 2009 Data Breach Investigations Report
8 Copyright 2011 NorthPage Research LLC  www.northpage.com TRUSTED INFORMATION SYSTEMS ARE THE LIFEBLOOD OF THE MODERN LAW FIRM THE IMPACT OF INFORMATION SYSTEMS ON LAW FIRMS The impact of information systems on the legal profession is profound and growing. Technology-enabled law firms dramatically enhance their practices by: Providing increased levels of service to clients Recognizing substantial operating efficiencies and improved firm-wide productivity gains Reducing costs Developing and maintaining competitive advantage The impact of leveraging information systems for law firms is extensive: Increased revenue Improved client satisfaction Increased referrals Improved profit INFORMATION SYSTEMS RISK The business and economic benefits provided by the successful implementation and adoption of information systems create new risks and vulnerabilities that potentially compromise law firms’ continued successful operation and existence. LAW FIRM REALITY
9 Copyright 2011 NorthPage Research LLC  www.northpage.com A law firm’s near-absolute reliance on information systems introduces business-critical financial, regulatory, operational and market risks related to the compromise of systems and data. Everyday examples of law firms’ reliance on information and potential information systems exposure include: Clients receiving and paying invoices through electronic billing and payment systems Lawyers producing, reviewing and communicating confidential and privileged information with their “Smartphones” Lawyers, staff and experts creating and presenting computer generated forensic recreations and simulations Clients and lawyers sharing confidential documents via email Administrative staff backing up servers and systems to portable media Offshore legal services firms providing research and document processing services The aggressive adoption of information systems by law firms and the rapid growth in the numbers and types of users, systems, devices, applications and access points has resulted in unprecedented information systems risks and vulnerabilities. What level of priority does the ensuring of trusted and secure information systems have in your firm? Are you taking the steps necessary to make certain your information systems remain a business accelerator and not a source of liability and loss?
10 Copyright 2011 NorthPage Research LLC  www.northpage.com INFORMATION SYSTEMS SPRAWL IN LAW FIRMS The build-out and use of information system components in law firms continues to grow with the adoption and deployment of new systems, applications, network access points and devices. The levels of a law firm’s information security risk, exposure and vulnerability grow exponentially in relation to the adoption and usage of technology. An example of the dramatic adoption of information systems by lawyers and law firms is the complete “virtualization” of law offices by a significant number of lawyers. According to the ABA’s 2010 Legal Technology Survey Report, 14% of lawyers reported that they ran a virtual law office, working with clients over the Internet and rarely meeting them in person. LAW FIRM REALITY
11 Copyright 2011 NorthPage Research LLC  www.northpage.com INFORMATION SYSTEMS VULNERABILITY Hackers need only a single vulnerability point to successfully access a law firm’s systems and data. According to the 2009 Data Breach Investigations Report by Verizon, 98 percent of all records breached included at least one of these attributes: the attacker exploited a mistake committed by a user in the targeted organization the attacker hacked into the network the attacker installed malware on a system to collect data Systems At the heart of the law firm information system operation is the system infrastructure. From expansion of capabilities to system maintenance, including updates, upgrades and patches, the systems component sets the foundation for information system security. These components include: Communication and data transfer Operating systems and databases Security hardware and software Servers Storage How do Breaches Occur? 67% were aided by significant errors in security 64% resulted from hacking 38% utilized malware 22% involved privilege misuse 9% occurred via physical attacks * Verizon 2009 Data Breach Investigations Report
12 Copyright 2011 NorthPage Research LLC  www.northpage.com Legal Applications As digital collaboration becomes the norm between law firms and clients, the number and types of applications used and the amount of application usage continues to grow. Popular and potentially vulnerable law firm applications include: Case Management Client Relationship Management Docketing and calendaring Document Management / Enterprise Content Management E-Discovery Electronic Billing Electronic evidence Email Financial Management Knowledge Management and Enterprise Search Library and on-line research Litigation Support Office Suites (word processing, spreadsheets, presentation) Portals, Extranets and Collaboration Systems Records management Time entry and billing
13 Copyright 2011 NorthPage Research LLC  www.northpage.com Access Remote and distributed resources require system access for collaboration, communication and application access. The dramatic growth in the types of access and the volume of access requests provides an especially acute information security risk for law firms. Intranets & Extranets Local and Wide Area Networking Remote Access SharePoint Servers Wireless Access Devices As devices such as laptops, “Smartphones” and flash drives proliferate, and allow lawyers and staff to carry thousands of pages of legal documents, the corresponding security risks perpetually grow. Desktop Computers Laptops Mobile devices including Smartphones Portable Memory (Flash Drives) and Media (CDs DVDs) Printers, Scanners and Copiers Voicemail Employee home computers and mobile devices It takes only one compromised system, application, network access point or device to create a business- critical issue and liability for a law firm. Do you have visibility into and control of your firm’s information systems footprint? Are your security controls consistently implemented across the organization? What are the levels of information security risk, exposure and vulnerability your firm faces?
14 Copyright 2011 NorthPage Research LLC  www.northpage.com INFORMATION SECURITY IMPACTS LAW FIRM COMPLIANCE Complying with government and legal industry regulations is a major concern and challenge for law firms. The distributed nature of law firm information systems increasingly adds to the compliance challenges. Web of Compliance Compliance with state and federal law places increased importance on a law firm’s information security function and practices. Currently, 46 states have or are enacting data breach notification legislation. Federal law prescribes multiple information security requirements. An example of a federal law dictating information security is the HITECH provisions of the American Recovery and Reinvestment Act of 2009. Lawyers need to be aware of the potential implications for their clients and for the practice of law relating to these compliance requirements. Information Systems Compliance Increasingly, law firms are bound by law and regulation to store, backup, encrypt, secure and protect their confidential data. Law firms have to demonstrate an information security policy that proves they have the proper range of steps and measures in place. If these policies are not adhered to, regulators reserve the right to prosecute. The retention, migration, and destruction of client information are critical to achieving and maintaining compliance for law firms. Lawyers and law firms must reasonably provide and account for the retention, migration, and destruction of client information in accordance with legal agreements, ethical standards, regulations and laws. Is your firm storing, encrypting, securing and protecting its confidential data in adherence with the growing number of related laws and regulations? LAW FIRM REALITY
15 Copyright 2011 NorthPage Research LLC  www.northpage.com WORKS CITED Brian L. Whisler, Baker & McKenzie. May 18, 2010. Corporate Espionage and Global Security: Protecting Your Business Interests. <http://www.buyusa.gov/nyc/bakerpresentation.ppt> M. Peter Adler, Pepper Hamilton LLP. 2008. A Unified Approach to Security Compliance. <http://www.pepperlaw.com/pdfs/DieboldFinal_adlerp0408.ppt> Kevin Woo, Law.com. September 16, 2009. Data Loss Prevention Systems at Your Firm. <http://www.law.com/jsp/lawtechnologynews/PubArticleLTNC.jsp?id=1202433814819&Data_Loss_Prevention_Systems_at_Your_Firm> Alejandro Martínez-Cabrera, San Francisco Chronicle. March 20, 2010. Law Firms are Lucrative Targets of Cyberscams. <http://www.sfgate.com/cgi- bin/article.cgi?f=/c/a/2010/03/19/BU3E1CIIGE.DTL> Kristi L. VanderLaan, Goodman Allen & Filetti, PLLC. February 12, 2010. Legal Practice in a HITECH Environment: An Overview of the HITECH Act and its Affect on Lawyers as Business Associates. <http://www.primerus.com/news/resources_business/legal-practice-in-a-hitech- environment-an-overview-of-the-hitech-act-and-its-affect-on-lawyers-as- business-associates/> V. Dion Haynes, Washington Post. March 9, 2009. Recession Sends Lawyers Home. <http://www.washingtonpost.com/wp- dyn/content/article/2009/03/08/AR2009030801549.html> Jim Calloway, Oklahoma Bar Association, July 28, 2010. Why You Need to Switch to Digital Client Files Now. <http://lawyersusaonline.com/blog/2010/07/28/why-you-need-to-switch-to- digital-client-files-now/> David Collins, US Department of Justice. 2005. DOJ Litigation Case Management System (LCMS). <https://collab.core.gov/adl/en- US/9488/File/5766/Industry%20Day%20Brief%20Full%20Final%20(2).ppt> Microsoft Corporation. 2005. Trends Reshaping Law Firms. <https://msdb.ru/Downloads/Dynamics/industries/profservices/expertmark/Law%20Firm%20Prospect%20Presentation%20-%20Large%20Firms.ppt> William E. Olson, DeMars, Gordon, Olson, & Zalewski. Law Firm Management Technology for Home Offices & Small Law Firms. <http://demarsgordon.com/LawFirmManagementTechnologyIssues.PPT> Karnika Seth, Seth Associates. July 2007. Legal Process Outsourcing in India- An Insight into The Growing Industry. <http://www.sethassociates.com/wp- content/uploads/legal%20process%20outsourcing%20in%20India- %20An%20insight%20into%20the%20growing%20Industry.ppt> Susan Freund, Larrimer Associates, Inc. November 19, 2009. Privacy and Information Security: Laws and Regulations.
16 Copyright 2011 NorthPage Research LLC  www.northpage.com Sara Anne Hook, ARMA. Date. Ethics and E-discovery: Where the Rubber Meets the Rules. <http://armaindy.org/Resources/Documents/Session%203%20- %20Sara%20Hook%20Ethics%20and%20E-discovery.ppt> John T. Lambert, The University of Southern Mississippi. 2008. Attorneys and Their Use of Technology. <http://www.alliedacademies.org/Publications/Papers/EE%20Vol%2013%202008%20p%2083-99.pdf> C. Matthew Curtin and Lee T. Ayres, Interhack. 2009. Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry. <http://web.interhack.com/publications/interhack-breach-taxonomy.pdf> Verizon. 2009. 2009 Data Breach Investigations Report. <http://www.verizonbusiness.com/resources/security/reports/2009_databreach_ rp.pdf> Catherine Sanders Reach, American Bar Association. 2008. Dangerous Curves Ahead: The Crossroads of Ethics and Technology. <http://www.abanet.org/tech/ltrc/presentations/arkbarethicstech.pdf> Brinig, B. & Gladson, E., 2000. Developing and Managing a Litigation Services Practice. San Diego, CA: Harcourt Professional Publishing. Lambert, J.. 2006. Economic and Management Factors Affecting The Adoption of Presentation Technology by Law Firms. <http://libraryds.grenoble- em.com/FR/PUBLICATIONS/Pages/theses.aspx> Ed. Paulus R. Wayleith, Data Security: Laws and Safeguards. Nova Science Publishers, 2008. Kevin P. Cronin and Ronald N. Weikers. Data Security and Privacy Law : Combating Cyberthreats. Thomson/West, 2002. Kimberly Kiefer et al. Information Security : A Legal, Business, and Technical Handbook. American Bar Association, 2004. U.S. Government Accountability Office. Personal Identifiable Information and Data Breaches. Nova Science Publishers, 2009. TERMS AND CONDITIONS While the information is based on best available resources, NorthPage Research LLC disclaims all warranties as to the accuracy, completeness or adequacy of such information. NorthPage Research LLC shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. Opinions reflect judgment at the time and are subject to change. All trademarks appearing in this report are trademarks of their respective owners.

Recommended

The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 

Recommended

The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Cybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryCybercrime and the Healthcare Industry
Cybercrime and the Healthcare IndustryEMC
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
Iso 27001 whitepaper
Iso 27001 whitepaperIso 27001 whitepaper
Iso 27001 whitepaperSyzygal
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
Understand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachUnderstand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachJon Gatrell
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher EducationRapid7
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 

More Related Content

What's hot

Iso 27001 whitepaper
Iso 27001 whitepaperIso 27001 whitepaper
Iso 27001 whitepaperSyzygal
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Understand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachUnderstand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachJon Gatrell
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher EducationRapid7
 

What's hot (20)

Iso 27001 whitepaper
Iso 27001 whitepaperIso 27001 whitepaper
Iso 27001 whitepaper
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future Expectations
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Understand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachUnderstand Risk in Communications and Data Breach
Understand Risk in Communications and Data Breach
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government Sector
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher Education
 

Similar to Law_Firm_Info_Security_Report_June2011 (1)

Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Druva
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 

Similar to Law_Firm_Info_Security_Report_June2011 (1) (20)

Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Accounting
AccountingAccounting
Accounting
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jackson
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 

Law_Firm_Info_Security_Report_June2011 (1)

  • 1. 5 Reasons why Information Security is now a Business-Critical Function for Law Firms Valuable insights into the importance and challenges of securing information systems in law firms EXECUTIVE INSIGHT SERIES REPORT SPONSORED BY
  • 2. 2 Copyright 2011 NorthPage Research LLC  www.northpage.com About this Report Information Security is a business-critical function for modern law firms. Through the insights in this report, lawyers and law firm executives will gain a better understanding of the threats, risks and realities challenging today’s technology-enabled law firms. This report seeks to help law firms of any size to ensure continued success and growth through reliable, productive and secure information systems. Understanding the threats posed by the widespread adoption of technology is a business-critical imperative for law firms. NorthPage Research produces independent publications and online guides to help business decision makers
  • 3. 3 Copyright 2011 NorthPage Research LLC  www.northpage.com 5 Reasons Why Information Security is Now a Business-Critical Function for Law Firms  Danger By Design: The Unique Role Of Information In Law Firms Does your law firm protect and secure confidential information to the levels required by law, professional codes and ethics?  The Law Firm Information Gold Mine Do you know everything you are obligated to know about when, where and how information is created, communicated and stored by your firm? Do you know how accessible that information is to those with malicious intent?  Trusted Information Systems Are The Lifeblood Of The Modern Law Firm What level of priority does the ensuring of trusted and secure information systems have in your firm? Are you taking the steps necessary to make certain your information systems remain a business accelerator and not a source of liability and loss?  Information Systems Sprawl in Law Firms Do you have visibility into and control of your firm’s information systems footprint? Are your security controls consistently implemented across the organization? What are the levels of information security risk, exposure and vulnerability your firm faces?  Information Security Impacts Law Firm Compliance Is your firm storing, encrypting, securing and protecting its confidential data in adherence with the growing number of related laws and regulations?
  • 4. 4 Copyright 2011 NorthPage Research LLC  www.northpage.com EXECUTIVE SUMMARY Information systems have become business-critical assets for modern law firms. Traditionally, law firms relied on the instincts, creativity and knowledge of the firm’s practitioners. That reliance has now been materially advanced by the adoption of firm-wide systems, devices, applications and networks. Today, virtually every function in the modern law firm is impacted greatly by the implementation and utilization of information systems. In conjunction with the dramatic gains realized by the technology- enabling of law firms, equally dramatic risks and vulnerabilities have arisen. Technology-based capabilities, particularly when combined with prolonged economic downturns, create environments ripe for attack and compromise by malicious hackers as well as espionage by opportunistic employees and competitors. Given the expanding information security threat landscape, technology- enabled law firms must understand these threats, vulnerabilities and risks and aggressively secure their systems and data.
  • 5. 5 Copyright 2011 NorthPage Research LLC  www.northpage.com DANGER BY DESIGN: THE UNIQUE ROLE OF INFORMATION IN LAW FIRMS The unique nature of legal information creates elevated levels of information security risk. In contrast with most industries, lawyers' work- products are typically comprised of sensitive and highly confidential data. LAW FIRMS’ BURDEN TO SECURE INFORMATION By law, professional codes and ethics, lawyers are duty-bound to secure electronic information. Law firms are similarly required to proactively protect their client’s electronic information. The American Bar Association's Model Rules of Professional Conduct provide the following guidance on preserving the confidentiality of information: A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer's supervision. When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. MALPRACTICE AND INFORMATION SECURITY Information security has major malpractice implications for law firms. Law firms and lawyers must account for malpractice liabilities ranging from information security negligence to inadvertent breaches of client confidentiality. Failure to do so can result in tort, breach of fiduciary duty or breach of contract claims. Does your law firm’s management and its protection and of secure and confidential information rise to the levels required by law, professional codes and ethics? LAW FIRM REALITY
  • 6. 6 Copyright 2011 NorthPage Research LLC  www.northpage.com THE LAW FIRM INFORMATION GOLD MINE Law firms electronically create, handle and store vast quantities of highly- valuable information. Much of this information is of great value to hackers, current and former employees and competitors. LEGAL INFORMATION EXPLOSION The typical law firm’s information assets double every six months. Information assets are defined as the operating and confidential or privileged information produced, communicated or stored by a law firm. Today, more than 90 percent of legal information exists in digital form. Accelerating the growth of the legal data footprint are the copying, sharing and distributing of information assets across multiple systems, applications, devices and groups of users. The increased development and use of multiple data formats further increases the quantity of information assets to be managed and secured by law firms. Common formats and data requiring protection include word processing documents, spreadsheets, databases, email messages, text messages, digital images, audio, video, website content, proprietary applications and social networking information. INFORMATION RETENTION Few law firms implement effective electronic information retention and deletion policies. Such policies ensure that firms retain only what is required for business or legal reasons. Well managed policies also constrain the confidential data explosion while reducing the levels of information systems risk. LAW FIRM REALITY
  • 7. 7 Copyright 2011 NorthPage Research LLC  www.northpage.com LEGAL INFORMATION GOLD MINE The information assets created, communicated and stored by law firms represent an information gold mine for hackers. According to the 2009 Data Breach Investigations Report from Verizon, most data breaches originate from external sources with 91 percent of all compromised records linked to organized criminal groups. Law Firm Information Assets High-value law firm information assets of great interest to hackers include: Pending litigation Details on new patents and products Intellectual property Client Information Computer generated forensic recreations and simulations Trade secrets Confidential and Privileged information Identity Information Personal information Source data Do you know everything you are obligated to know about when, where and how information is created, communicated and stored by your firm? Do you know how accessible that information is to those with malicious intent? Who is Behind Data Breaches? 74% resulted from external sources 20% were caused by insiders 32% implicated business partners 39% involved multiple parties * Verizon 2009 Data Breach Investigations Report
  • 8. 8 Copyright 2011 NorthPage Research LLC  www.northpage.com TRUSTED INFORMATION SYSTEMS ARE THE LIFEBLOOD OF THE MODERN LAW FIRM THE IMPACT OF INFORMATION SYSTEMS ON LAW FIRMS The impact of information systems on the legal profession is profound and growing. Technology-enabled law firms dramatically enhance their practices by: Providing increased levels of service to clients Recognizing substantial operating efficiencies and improved firm-wide productivity gains Reducing costs Developing and maintaining competitive advantage The impact of leveraging information systems for law firms is extensive: Increased revenue Improved client satisfaction Increased referrals Improved profit INFORMATION SYSTEMS RISK The business and economic benefits provided by the successful implementation and adoption of information systems create new risks and vulnerabilities that potentially compromise law firms’ continued successful operation and existence. LAW FIRM REALITY
  • 9. 9 Copyright 2011 NorthPage Research LLC  www.northpage.com A law firm’s near-absolute reliance on information systems introduces business-critical financial, regulatory, operational and market risks related to the compromise of systems and data. Everyday examples of law firms’ reliance on information and potential information systems exposure include: Clients receiving and paying invoices through electronic billing and payment systems Lawyers producing, reviewing and communicating confidential and privileged information with their “Smartphones” Lawyers, staff and experts creating and presenting computer generated forensic recreations and simulations Clients and lawyers sharing confidential documents via email Administrative staff backing up servers and systems to portable media Offshore legal services firms providing research and document processing services The aggressive adoption of information systems by law firms and the rapid growth in the numbers and types of users, systems, devices, applications and access points has resulted in unprecedented information systems risks and vulnerabilities. What level of priority does the ensuring of trusted and secure information systems have in your firm? Are you taking the steps necessary to make certain your information systems remain a business accelerator and not a source of liability and loss?
  • 10. 10 Copyright 2011 NorthPage Research LLC  www.northpage.com INFORMATION SYSTEMS SPRAWL IN LAW FIRMS The build-out and use of information system components in law firms continues to grow with the adoption and deployment of new systems, applications, network access points and devices. The levels of a law firm’s information security risk, exposure and vulnerability grow exponentially in relation to the adoption and usage of technology. An example of the dramatic adoption of information systems by lawyers and law firms is the complete “virtualization” of law offices by a significant number of lawyers. According to the ABA’s 2010 Legal Technology Survey Report, 14% of lawyers reported that they ran a virtual law office, working with clients over the Internet and rarely meeting them in person. LAW FIRM REALITY
  • 11. 11 Copyright 2011 NorthPage Research LLC  www.northpage.com INFORMATION SYSTEMS VULNERABILITY Hackers need only a single vulnerability point to successfully access a law firm’s systems and data. According to the 2009 Data Breach Investigations Report by Verizon, 98 percent of all records breached included at least one of these attributes: the attacker exploited a mistake committed by a user in the targeted organization the attacker hacked into the network the attacker installed malware on a system to collect data Systems At the heart of the law firm information system operation is the system infrastructure. From expansion of capabilities to system maintenance, including updates, upgrades and patches, the systems component sets the foundation for information system security. These components include: Communication and data transfer Operating systems and databases Security hardware and software Servers Storage How do Breaches Occur? 67% were aided by significant errors in security 64% resulted from hacking 38% utilized malware 22% involved privilege misuse 9% occurred via physical attacks * Verizon 2009 Data Breach Investigations Report
  • 12. 12 Copyright 2011 NorthPage Research LLC  www.northpage.com Legal Applications As digital collaboration becomes the norm between law firms and clients, the number and types of applications used and the amount of application usage continues to grow. Popular and potentially vulnerable law firm applications include: Case Management Client Relationship Management Docketing and calendaring Document Management / Enterprise Content Management E-Discovery Electronic Billing Electronic evidence Email Financial Management Knowledge Management and Enterprise Search Library and on-line research Litigation Support Office Suites (word processing, spreadsheets, presentation) Portals, Extranets and Collaboration Systems Records management Time entry and billing
  • 13. 13 Copyright 2011 NorthPage Research LLC  www.northpage.com Access Remote and distributed resources require system access for collaboration, communication and application access. The dramatic growth in the types of access and the volume of access requests provides an especially acute information security risk for law firms. Intranets & Extranets Local and Wide Area Networking Remote Access SharePoint Servers Wireless Access Devices As devices such as laptops, “Smartphones” and flash drives proliferate, and allow lawyers and staff to carry thousands of pages of legal documents, the corresponding security risks perpetually grow. Desktop Computers Laptops Mobile devices including Smartphones Portable Memory (Flash Drives) and Media (CDs DVDs) Printers, Scanners and Copiers Voicemail Employee home computers and mobile devices It takes only one compromised system, application, network access point or device to create a business- critical issue and liability for a law firm. Do you have visibility into and control of your firm’s information systems footprint? Are your security controls consistently implemented across the organization? What are the levels of information security risk, exposure and vulnerability your firm faces?
  • 14. 14 Copyright 2011 NorthPage Research LLC  www.northpage.com INFORMATION SECURITY IMPACTS LAW FIRM COMPLIANCE Complying with government and legal industry regulations is a major concern and challenge for law firms. The distributed nature of law firm information systems increasingly adds to the compliance challenges. Web of Compliance Compliance with state and federal law places increased importance on a law firm’s information security function and practices. Currently, 46 states have or are enacting data breach notification legislation. Federal law prescribes multiple information security requirements. An example of a federal law dictating information security is the HITECH provisions of the American Recovery and Reinvestment Act of 2009. Lawyers need to be aware of the potential implications for their clients and for the practice of law relating to these compliance requirements. Information Systems Compliance Increasingly, law firms are bound by law and regulation to store, backup, encrypt, secure and protect their confidential data. Law firms have to demonstrate an information security policy that proves they have the proper range of steps and measures in place. If these policies are not adhered to, regulators reserve the right to prosecute. The retention, migration, and destruction of client information are critical to achieving and maintaining compliance for law firms. Lawyers and law firms must reasonably provide and account for the retention, migration, and destruction of client information in accordance with legal agreements, ethical standards, regulations and laws. Is your firm storing, encrypting, securing and protecting its confidential data in adherence with the growing number of related laws and regulations? LAW FIRM REALITY
  • 15. 15 Copyright 2011 NorthPage Research LLC  www.northpage.com WORKS CITED Brian L. Whisler, Baker & McKenzie. May 18, 2010. Corporate Espionage and Global Security: Protecting Your Business Interests. <http://www.buyusa.gov/nyc/bakerpresentation.ppt> M. Peter Adler, Pepper Hamilton LLP. 2008. A Unified Approach to Security Compliance. <http://www.pepperlaw.com/pdfs/DieboldFinal_adlerp0408.ppt> Kevin Woo, Law.com. September 16, 2009. Data Loss Prevention Systems at Your Firm. <http://www.law.com/jsp/lawtechnologynews/PubArticleLTNC.jsp?id=1202433814819&Data_Loss_Prevention_Systems_at_Your_Firm> Alejandro Martínez-Cabrera, San Francisco Chronicle. March 20, 2010. Law Firms are Lucrative Targets of Cyberscams. <http://www.sfgate.com/cgi- bin/article.cgi?f=/c/a/2010/03/19/BU3E1CIIGE.DTL> Kristi L. VanderLaan, Goodman Allen & Filetti, PLLC. February 12, 2010. Legal Practice in a HITECH Environment: An Overview of the HITECH Act and its Affect on Lawyers as Business Associates. <http://www.primerus.com/news/resources_business/legal-practice-in-a-hitech- environment-an-overview-of-the-hitech-act-and-its-affect-on-lawyers-as- business-associates/> V. Dion Haynes, Washington Post. March 9, 2009. Recession Sends Lawyers Home. <http://www.washingtonpost.com/wp- dyn/content/article/2009/03/08/AR2009030801549.html> Jim Calloway, Oklahoma Bar Association, July 28, 2010. Why You Need to Switch to Digital Client Files Now. <http://lawyersusaonline.com/blog/2010/07/28/why-you-need-to-switch-to- digital-client-files-now/> David Collins, US Department of Justice. 2005. DOJ Litigation Case Management System (LCMS). <https://collab.core.gov/adl/en- US/9488/File/5766/Industry%20Day%20Brief%20Full%20Final%20(2).ppt> Microsoft Corporation. 2005. Trends Reshaping Law Firms. <https://msdb.ru/Downloads/Dynamics/industries/profservices/expertmark/Law%20Firm%20Prospect%20Presentation%20-%20Large%20Firms.ppt> William E. Olson, DeMars, Gordon, Olson, & Zalewski. Law Firm Management Technology for Home Offices & Small Law Firms. <http://demarsgordon.com/LawFirmManagementTechnologyIssues.PPT> Karnika Seth, Seth Associates. July 2007. Legal Process Outsourcing in India- An Insight into The Growing Industry. <http://www.sethassociates.com/wp- content/uploads/legal%20process%20outsourcing%20in%20India- %20An%20insight%20into%20the%20growing%20Industry.ppt> Susan Freund, Larrimer Associates, Inc. November 19, 2009. Privacy and Information Security: Laws and Regulations.
  • 16. 16 Copyright 2011 NorthPage Research LLC  www.northpage.com Sara Anne Hook, ARMA. Date. Ethics and E-discovery: Where the Rubber Meets the Rules. <http://armaindy.org/Resources/Documents/Session%203%20- %20Sara%20Hook%20Ethics%20and%20E-discovery.ppt> John T. Lambert, The University of Southern Mississippi. 2008. Attorneys and Their Use of Technology. <http://www.alliedacademies.org/Publications/Papers/EE%20Vol%2013%202008%20p%2083-99.pdf> C. Matthew Curtin and Lee T. Ayres, Interhack. 2009. Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry. <http://web.interhack.com/publications/interhack-breach-taxonomy.pdf> Verizon. 2009. 2009 Data Breach Investigations Report. <http://www.verizonbusiness.com/resources/security/reports/2009_databreach_ rp.pdf> Catherine Sanders Reach, American Bar Association. 2008. Dangerous Curves Ahead: The Crossroads of Ethics and Technology. <http://www.abanet.org/tech/ltrc/presentations/arkbarethicstech.pdf> Brinig, B. & Gladson, E., 2000. Developing and Managing a Litigation Services Practice. San Diego, CA: Harcourt Professional Publishing. Lambert, J.. 2006. Economic and Management Factors Affecting The Adoption of Presentation Technology by Law Firms. <http://libraryds.grenoble- em.com/FR/PUBLICATIONS/Pages/theses.aspx> Ed. Paulus R. Wayleith, Data Security: Laws and Safeguards. Nova Science Publishers, 2008. Kevin P. Cronin and Ronald N. Weikers. Data Security and Privacy Law : Combating Cyberthreats. Thomson/West, 2002. Kimberly Kiefer et al. Information Security : A Legal, Business, and Technical Handbook. American Bar Association, 2004. U.S. Government Accountability Office. Personal Identifiable Information and Data Breaches. Nova Science Publishers, 2009. TERMS AND CONDITIONS While the information is based on best available resources, NorthPage Research LLC disclaims all warranties as to the accuracy, completeness or adequacy of such information. NorthPage Research LLC shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. Opinions reflect judgment at the time and are subject to change. All trademarks appearing in this report are trademarks of their respective owners.