This document discusses why information security is now a business-critical function for law firms. It notes that law firms now rely heavily on information systems and electronic data, but this increased use of technology also brings greater risks. The document outlines five reasons why law firms need to make information security a priority: 1) the sensitive nature of legal information, 2) the large amounts of valuable data law firms store, 3) reliance on trusted information systems for business functions, 4) the widespread adoption of various systems and technologies, and 5) growing compliance requirements regarding data protection. It stresses that law firms must understand the security threats and risks in order to adequately protect their systems and client data.
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
The Compliancy Group offers FREE HIPAA education with industry experts from across the industry. This months webinar with Axis Technology focuses on Health IT and the challenges that come with it. Register for our upcoming webinars at www.compliancy-group.com/webinar
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
Invited speaker: "Growing Trend of Finding Regulatory and Tort Liability for Cyber Security Breaches ”
with Mark W. Ishman, J.D., Masters in Law in Information Technology and Privacy Law
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
Cyber-attacks designed for financial gain are on the rise, targeting proprietary information including customer and financial information. With over 127 million records exposed in 2007 in the US alone, attacks are becoming increasingly more sophisticated. Learn more about best practices to protect the cardholder data environment and achieve PCI compliance.
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
Reports of data security breaches conjure up images of anonymous computer hackers sitting in a darkened room,
fingers flying over a key board in an effort to hack into a computer system to find valuable information to exploit.
Not long ago, most of us considered these breaches to be infrequent and likely targeted at information much more
commercially unique than the average consumer data stored by most businesses.
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
The Compliancy Group offers FREE HIPAA education with industry experts from across the industry. This months webinar with Axis Technology focuses on Health IT and the challenges that come with it. Register for our upcoming webinars at www.compliancy-group.com/webinar
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
Invited speaker: "Growing Trend of Finding Regulatory and Tort Liability for Cyber Security Breaches ”
with Mark W. Ishman, J.D., Masters in Law in Information Technology and Privacy Law
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
Cyber-attacks designed for financial gain are on the rise, targeting proprietary information including customer and financial information. With over 127 million records exposed in 2007 in the US alone, attacks are becoming increasingly more sophisticated. Learn more about best practices to protect the cardholder data environment and achieve PCI compliance.
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
Reports of data security breaches conjure up images of anonymous computer hackers sitting in a darkened room,
fingers flying over a key board in an effort to hack into a computer system to find valuable information to exploit.
Not long ago, most of us considered these breaches to be infrequent and likely targeted at information much more
commercially unique than the average consumer data stored by most businesses.
HIPAA Security Trends and Future ExpectationsPYA, P.C.
PYA Principal Barry Mathis, a former CIO, CTO, senior IT audit manager, and IT risk management consultant, presented at teh TSCPA Health Care Conference. His presentation, “HIPAA Security Trends and Future Expectations” will focuses on:
- Current HIPAA enforcement activities and future developments.
- Case studies that highlight the changing HIPAA landscape.
- Cyber threats that impact covered entities and business associates.
Cyber crimes are growing rapidly and cyber liability insurance is the safest way for companies to stay harmless. Information security is expected by all the customers and loss of these information could cost a company loyal customers and financial crisis.
Personally Identifiable Information ProtectionPECB
“If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business. Each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests.” These words were spoken two weeks ago by the American president Barack Obama, who urged Congress to pass a series of cybersecurity and privacy laws that will protect even more the data privacy of customers and children in schools. Once again the data Privacy and Regulation topic became newspaper headlines.
Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.
Does your organization take credit card information? Do you store personal information on your staff, clients or donors. Raffa can help you avoid the pitfalls and penalties that can come from storing these privacy related items in unsecured ways.
PCI DSS, the Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to essentially any merchant that has a Merchant ID (MID).
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who provides treatment, payment and operations in healthcare, and anyone with access to patient information and provides support in treatment, payment or operations.
Come learn the basics of these industry regulations, including:
-Who it applies to
-Requirements for compliance
-Penalties for noncompliance
Leading Practices in Information Security & PrivacyDonny Shimamoto
Many not-for-profits are operating in an environment in which there is a tremendous amount of electronic documents, communications, and confidential data sits on computers and networks that are connected to the Internet. Privacy and security threats are also increasing, putting Internet communications and computer data at risk at an alarming rate. At the same time, laws and regulations with significant penalties have been passed or are being passed by states, the Federal government, and industry groups (e.g. PCI DSS) increasing the consequences of data breaches and privacy violations.
Whether you’re an executive director, program manager, or IT manager, this non-technical presentation will help you learn about the threats, requirements, and leading practices related to information security you need to help protect your donors and constituents.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2021/
Understand Risk in Communications and Data BreachJon Gatrell
Secure communications whether you are sending a confidential message or a file with sensitive or proprietary information is necessary for users. IT needs to ensure that confidential business information is safe from data breaches and the negative effects a breach can have on your business’s reputation. Additionally, most businesses must comply with federal and industry regulations. You must maintain compliance with all mandates whether corporate, federal or industry-specific.
Rapid7 Report: Data Breaches in the Government SectorRapid7
Rapid7, the leading provider of security risk intelligence solutions, analyzed data collected and categorized by the Privacy Rights Clearinghouse Chronology of Data Breaches. Using this data, the company outlined patterns for government data breaches, including year, month, location and breach type patterns. This information and tips for protecting infrastructure can ensure that government IT environments stay protected against malicious attacks and unintended disclosure.
According to Analysts, the Higher Education sector is the most breached of any industry. This white paper outlines key reasons why universities are more affected by security issues and how they can better prepare themselves to address IT security and vulnerability management challenges.
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry,
visit http://www.thisisreallaw.com.
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
Protected Harbor's 2022 Legal Services Data Breach Trend Report is a comprehensive analysis of the evolving cybersecurity landscape in the legal industry. This report offers valuable insights into emerging trends, challenges, and opportunities that legal professionals and firms may encounter in the year ahead. Through in-depth research and expert analysis, it sheds light on the impact of technological advancements, changing regulations, and client expectations on legal services. Stay ahead of the curve with this indispensable guide to the future of legal services.
HIPAA Security Trends and Future ExpectationsPYA, P.C.
PYA Principal Barry Mathis, a former CIO, CTO, senior IT audit manager, and IT risk management consultant, presented at teh TSCPA Health Care Conference. His presentation, “HIPAA Security Trends and Future Expectations” will focuses on:
- Current HIPAA enforcement activities and future developments.
- Case studies that highlight the changing HIPAA landscape.
- Cyber threats that impact covered entities and business associates.
Cyber crimes are growing rapidly and cyber liability insurance is the safest way for companies to stay harmless. Information security is expected by all the customers and loss of these information could cost a company loyal customers and financial crisis.
Personally Identifiable Information ProtectionPECB
“If we’re going to be connected, then we need to be protected. As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business. Each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests.” These words were spoken two weeks ago by the American president Barack Obama, who urged Congress to pass a series of cybersecurity and privacy laws that will protect even more the data privacy of customers and children in schools. Once again the data Privacy and Regulation topic became newspaper headlines.
Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.
Does your organization take credit card information? Do you store personal information on your staff, clients or donors. Raffa can help you avoid the pitfalls and penalties that can come from storing these privacy related items in unsecured ways.
PCI DSS, the Payment Card Industry Data Security Standard is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This applies to essentially any merchant that has a Merchant ID (MID).
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed. This includes anyone who provides treatment, payment and operations in healthcare, and anyone with access to patient information and provides support in treatment, payment or operations.
Come learn the basics of these industry regulations, including:
-Who it applies to
-Requirements for compliance
-Penalties for noncompliance
Leading Practices in Information Security & PrivacyDonny Shimamoto
Many not-for-profits are operating in an environment in which there is a tremendous amount of electronic documents, communications, and confidential data sits on computers and networks that are connected to the Internet. Privacy and security threats are also increasing, putting Internet communications and computer data at risk at an alarming rate. At the same time, laws and regulations with significant penalties have been passed or are being passed by states, the Federal government, and industry groups (e.g. PCI DSS) increasing the consequences of data breaches and privacy violations.
Whether you’re an executive director, program manager, or IT manager, this non-technical presentation will help you learn about the threats, requirements, and leading practices related to information security you need to help protect your donors and constituents.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2021/
Understand Risk in Communications and Data BreachJon Gatrell
Secure communications whether you are sending a confidential message or a file with sensitive or proprietary information is necessary for users. IT needs to ensure that confidential business information is safe from data breaches and the negative effects a breach can have on your business’s reputation. Additionally, most businesses must comply with federal and industry regulations. You must maintain compliance with all mandates whether corporate, federal or industry-specific.
Rapid7 Report: Data Breaches in the Government SectorRapid7
Rapid7, the leading provider of security risk intelligence solutions, analyzed data collected and categorized by the Privacy Rights Clearinghouse Chronology of Data Breaches. Using this data, the company outlined patterns for government data breaches, including year, month, location and breach type patterns. This information and tips for protecting infrastructure can ensure that government IT environments stay protected against malicious attacks and unintended disclosure.
According to Analysts, the Higher Education sector is the most breached of any industry. This white paper outlines key reasons why universities are more affected by security issues and how they can better prepare themselves to address IT security and vulnerability management challenges.
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry,
visit http://www.thisisreallaw.com.
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
Protected Harbor's 2022 Legal Services Data Breach Trend Report is a comprehensive analysis of the evolving cybersecurity landscape in the legal industry. This report offers valuable insights into emerging trends, challenges, and opportunities that legal professionals and firms may encounter in the year ahead. Through in-depth research and expert analysis, it sheds light on the impact of technological advancements, changing regulations, and client expectations on legal services. Stay ahead of the curve with this indispensable guide to the future of legal services.
This white paper examines the need for strong authentication and explores the return on investment that can be realized in order to help organizations move toward more effective security.
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
Part of the webinar series: CORPORATE & REGULATORY COMPLIANCE BOOTCAMP 2022 - PART I
See more at https://www.financialpoise.com/webinars/
PYA Principal Barry Mathis presented “Hot Topics in Privacy and Security,” at the Florida Hospital Association's 14th Annual Health Care Corporate Compliance Education Retreat.
The presentation explored:
• Changes in the privacy and security ecosystem.
• Emerging technology risks and hot topics.
• What happens to hacked data.
• How to best protect data.
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues.
Data Privacy, Data Security, and Data Protection are three terms that are commonly renowned these days, as the entire internet is based on data and to make sure that nobody uses it negatively awareness of these three terms is crucial. In this blog, we will understand more about security and its importance in data privacy.
Similar to Law_Firm_Info_Security_Report_June2011 (1) (20)
1. 5 Reasons
why
Information Security is now a
Business-Critical Function for Law Firms
Valuable insights into the importance and challenges of securing information systems in law firms
EXECUTIVE INSIGHT SERIES REPORT SPONSORED BY
2. 2 Copyright 2011 NorthPage Research LLC www.northpage.com
About this Report
Information Security is a business-critical function for modern law firms.
Through the insights in this report, lawyers and law firm executives will gain a better understanding of the threats, risks and realities challenging today’s technology-enabled law firms.
This report seeks to help law firms of any size to ensure continued success and growth through reliable, productive and secure information systems. Understanding the threats posed by the widespread adoption of technology is a business-critical imperative for law firms.
NorthPage Research produces independent publications and online guides to help business decision makers
3. 3 Copyright 2011 NorthPage Research LLC www.northpage.com
5 Reasons Why Information Security is Now a Business-Critical Function for Law Firms
Danger By Design: The Unique Role Of Information In Law Firms
Does your law firm protect and secure confidential information to the levels required by law, professional codes and ethics?
The Law Firm Information Gold Mine
Do you know everything you are obligated to know about when, where and how information is created, communicated and stored by your firm? Do you know how accessible that information is to those with malicious intent?
Trusted Information Systems Are The Lifeblood Of The Modern Law Firm
What level of priority does the ensuring of trusted and secure information systems have in your firm? Are you taking the steps necessary to make certain your information systems remain a business accelerator and not a source of liability and loss?
Information Systems Sprawl in Law Firms
Do you have visibility into and control of your firm’s information systems footprint? Are your security controls consistently implemented across the organization? What are the levels of information security risk, exposure and vulnerability your firm faces?
Information Security Impacts Law Firm Compliance
Is your firm storing, encrypting, securing and protecting its confidential data in adherence with the growing number of related laws and regulations?
4. 4 Copyright 2011 NorthPage Research LLC www.northpage.com
EXECUTIVE SUMMARY
Information systems have become business-critical assets for modern law firms. Traditionally, law firms relied on the instincts, creativity and knowledge of the firm’s practitioners. That reliance has now been materially advanced by the adoption of firm-wide systems, devices, applications and networks. Today, virtually every function in the modern law firm is impacted greatly by the implementation and utilization of information systems.
In conjunction with the dramatic gains realized by the technology- enabling of law firms, equally dramatic risks and vulnerabilities have arisen. Technology-based capabilities, particularly when combined with prolonged economic downturns, create environments ripe for attack and compromise by malicious hackers as well as espionage by opportunistic employees and competitors.
Given the expanding information security threat landscape, technology- enabled law firms must understand these threats, vulnerabilities and risks and aggressively secure their systems and data.
5. 5 Copyright 2011 NorthPage Research LLC www.northpage.com
DANGER BY DESIGN: THE UNIQUE ROLE OF INFORMATION IN LAW FIRMS
The unique nature of legal information creates elevated levels of information security risk. In contrast with most industries, lawyers' work- products are typically comprised of sensitive and highly confidential data.
LAW FIRMS’ BURDEN TO SECURE INFORMATION
By law, professional codes and ethics, lawyers are duty-bound to secure electronic information. Law firms are similarly required to proactively protect their client’s electronic information.
The American Bar Association's Model Rules of Professional Conduct provide the following guidance on preserving the confidentiality of information:
A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer's supervision. When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients.
MALPRACTICE AND INFORMATION SECURITY
Information security has major malpractice implications for law firms. Law firms and lawyers must account for malpractice liabilities ranging from information security negligence to inadvertent breaches of client confidentiality. Failure to do so can result in tort, breach of fiduciary duty or breach of contract claims.
Does your law firm’s management and its protection and of secure and confidential information rise to the levels required by law, professional codes and ethics?
LAW FIRM REALITY
6. 6 Copyright 2011 NorthPage Research LLC www.northpage.com
THE LAW FIRM INFORMATION GOLD MINE
Law firms electronically create, handle and store vast quantities of highly- valuable information. Much of this information is of great value to hackers, current and former employees and competitors.
LEGAL INFORMATION EXPLOSION
The typical law firm’s information assets double every six months. Information assets are defined as the operating and confidential or privileged information produced, communicated or stored by a law firm.
Today, more than 90 percent of legal information exists in digital form. Accelerating the growth of the legal data footprint are the copying, sharing and distributing of information assets across multiple systems, applications, devices and groups of users. The increased development and use of multiple data formats further increases the quantity of information assets to be managed and secured by law firms. Common formats and data requiring protection include word processing documents, spreadsheets, databases, email messages, text messages, digital images, audio, video, website content, proprietary applications and social networking information.
INFORMATION RETENTION
Few law firms implement effective electronic information retention and deletion policies. Such policies ensure that firms retain only what is required for business or legal reasons. Well managed policies also constrain the confidential data explosion while reducing the levels of information systems risk.
LAW FIRM REALITY
7. 7 Copyright 2011 NorthPage Research LLC www.northpage.com
LEGAL INFORMATION GOLD MINE
The information assets created, communicated and stored by law firms represent an information gold mine for hackers. According to the 2009 Data Breach Investigations Report from Verizon, most data breaches originate from external sources with 91 percent of all compromised records linked to organized criminal groups.
Law Firm Information Assets
High-value law firm information assets of great interest to hackers include: Pending litigation Details on new patents and products Intellectual property Client Information Computer generated forensic recreations and simulations Trade secrets Confidential and Privileged information Identity Information Personal information Source data
Do you know everything you are obligated to know about when, where and how information is created, communicated and stored by your firm? Do you know how accessible that information is to those with malicious intent?
Who is Behind Data Breaches?
74% resulted from external sources
20% were caused by insiders
32% implicated business partners
39% involved multiple parties
* Verizon 2009 Data Breach Investigations Report
8. 8 Copyright 2011 NorthPage Research LLC www.northpage.com
TRUSTED INFORMATION SYSTEMS ARE THE LIFEBLOOD OF THE MODERN LAW FIRM
THE IMPACT OF INFORMATION SYSTEMS ON LAW FIRMS
The impact of information systems on the legal profession is profound and growing. Technology-enabled law firms dramatically enhance their practices by: Providing increased levels of service to clients Recognizing substantial operating efficiencies and improved firm-wide productivity gains Reducing costs Developing and maintaining competitive advantage
The impact of leveraging information systems for law firms is extensive: Increased revenue Improved client satisfaction Increased referrals Improved profit
INFORMATION SYSTEMS RISK
The business and economic benefits provided by the successful implementation and adoption of information systems create new risks and vulnerabilities that potentially compromise law firms’ continued successful operation and existence.
LAW FIRM REALITY
9. 9 Copyright 2011 NorthPage Research LLC www.northpage.com
A law firm’s near-absolute reliance on information systems introduces business-critical financial, regulatory, operational and market risks related to the compromise of systems and data. Everyday examples of law firms’ reliance on information and potential information systems exposure include: Clients receiving and paying invoices through electronic billing and payment systems Lawyers producing, reviewing and communicating confidential and privileged information with their “Smartphones” Lawyers, staff and experts creating and presenting computer generated forensic recreations and simulations Clients and lawyers sharing confidential documents via email Administrative staff backing up servers and systems to portable media Offshore legal services firms providing research and document processing services
The aggressive adoption of information systems by law firms and the rapid growth in the numbers and types of users, systems, devices, applications and access points has resulted in unprecedented information systems risks and vulnerabilities.
What level of priority does the ensuring of trusted and secure information systems have in your firm? Are you taking the steps necessary to make certain your information systems remain a business accelerator and not a source of liability and loss?
10. 10 Copyright 2011 NorthPage Research LLC www.northpage.com
INFORMATION SYSTEMS SPRAWL IN LAW FIRMS
The build-out and use of information system components in law firms continues to grow with the adoption and deployment of new systems, applications, network access points and devices. The levels of a law firm’s information security risk, exposure and vulnerability grow exponentially in relation to the adoption and usage of technology.
An example of the dramatic adoption of information systems by lawyers and law firms is the complete “virtualization” of law offices by a significant number of lawyers. According to the ABA’s 2010 Legal Technology Survey Report, 14% of lawyers reported that they ran a virtual law office, working with clients over the Internet and rarely meeting them in person.
LAW FIRM REALITY
11. 11 Copyright 2011 NorthPage Research LLC www.northpage.com
INFORMATION SYSTEMS VULNERABILITY
Hackers need only a single vulnerability point to successfully access a law firm’s systems and data. According to the 2009 Data Breach Investigations Report by Verizon, 98 percent of all records breached included at least one of these attributes: the attacker exploited a mistake committed by a user in the targeted organization the attacker hacked into the network the attacker installed malware on a system to collect data
Systems
At the heart of the law firm information system operation is the system infrastructure. From expansion of capabilities to system maintenance, including updates, upgrades and patches, the systems component sets the foundation for information system security. These components include: Communication and data transfer Operating systems and databases Security hardware and software Servers Storage
How do Breaches Occur?
67% were aided by significant errors in security
64% resulted from hacking
38% utilized malware
22% involved privilege misuse
9% occurred via physical attacks
* Verizon 2009 Data Breach Investigations Report
12. 12 Copyright 2011 NorthPage Research LLC www.northpage.com
Legal Applications
As digital collaboration becomes the norm between law firms and clients, the number and types of applications used and the amount of application usage continues to grow. Popular and potentially vulnerable law firm applications include: Case Management Client Relationship Management Docketing and calendaring Document Management / Enterprise Content Management E-Discovery Electronic Billing Electronic evidence Email Financial Management Knowledge Management and Enterprise Search Library and on-line research Litigation Support Office Suites (word processing, spreadsheets, presentation) Portals, Extranets and Collaboration Systems Records management Time entry and billing
13. 13 Copyright 2011 NorthPage Research LLC www.northpage.com
Access
Remote and distributed resources require system access for collaboration, communication and application access. The dramatic growth in the types of access and the volume of access requests provides an especially acute information security risk for law firms. Intranets & Extranets Local and Wide Area Networking Remote Access SharePoint Servers Wireless Access
Devices
As devices such as laptops, “Smartphones” and flash drives proliferate, and allow lawyers and staff to carry thousands of pages of legal documents, the corresponding security risks perpetually grow. Desktop Computers Laptops Mobile devices including Smartphones Portable Memory (Flash Drives) and Media (CDs DVDs) Printers, Scanners and Copiers Voicemail Employee home computers and mobile devices
It takes only one compromised system, application, network access point or device to create a business- critical issue and liability for a law firm.
Do you have visibility into and control of your firm’s information systems footprint? Are your security controls consistently implemented across the organization? What are the levels of information security risk, exposure and vulnerability your firm faces?
14. 14 Copyright 2011 NorthPage Research LLC www.northpage.com
INFORMATION SECURITY IMPACTS LAW FIRM COMPLIANCE
Complying with government and legal industry regulations is a major concern and challenge for law firms. The distributed nature of law firm information systems increasingly adds to the compliance challenges.
Web of Compliance
Compliance with state and federal law places increased importance on a law firm’s information security function and practices. Currently, 46 states have or are enacting data breach notification legislation. Federal law prescribes multiple information security requirements. An example of a federal law dictating information security is the HITECH provisions of the American Recovery and Reinvestment Act of 2009. Lawyers need to be aware of the potential implications for their clients and for the practice of law relating to these compliance requirements.
Information Systems Compliance
Increasingly, law firms are bound by law and regulation to store, backup, encrypt, secure and protect their confidential data. Law firms have to demonstrate an information security policy that proves they have the proper range of steps and measures in place. If these policies are not adhered to, regulators reserve the right to prosecute.
The retention, migration, and destruction of client information are critical to achieving and maintaining compliance for law firms. Lawyers and law firms must reasonably provide and account for the retention, migration, and destruction of client information in accordance with legal agreements, ethical standards, regulations and laws.
Is your firm storing, encrypting, securing and protecting its confidential data in adherence with the growing number of related laws and regulations?
LAW FIRM REALITY
15. 15 Copyright 2011 NorthPage Research LLC www.northpage.com
WORKS CITED
Brian L. Whisler, Baker & McKenzie. May 18, 2010. Corporate Espionage and Global Security: Protecting Your Business Interests. <http://www.buyusa.gov/nyc/bakerpresentation.ppt>
M. Peter Adler, Pepper Hamilton LLP. 2008. A Unified Approach to Security Compliance. <http://www.pepperlaw.com/pdfs/DieboldFinal_adlerp0408.ppt>
Kevin Woo, Law.com. September 16, 2009. Data Loss Prevention Systems at Your Firm. <http://www.law.com/jsp/lawtechnologynews/PubArticleLTNC.jsp?id=1202433814819&Data_Loss_Prevention_Systems_at_Your_Firm>
Alejandro Martínez-Cabrera, San Francisco Chronicle. March 20, 2010. Law Firms are Lucrative Targets of Cyberscams. <http://www.sfgate.com/cgi- bin/article.cgi?f=/c/a/2010/03/19/BU3E1CIIGE.DTL>
Kristi L. VanderLaan, Goodman Allen & Filetti, PLLC. February 12, 2010. Legal Practice in a HITECH Environment: An Overview of the HITECH Act and its Affect on Lawyers as Business Associates. <http://www.primerus.com/news/resources_business/legal-practice-in-a-hitech- environment-an-overview-of-the-hitech-act-and-its-affect-on-lawyers-as- business-associates/>
V. Dion Haynes, Washington Post. March 9, 2009. Recession Sends Lawyers Home. <http://www.washingtonpost.com/wp- dyn/content/article/2009/03/08/AR2009030801549.html>
Jim Calloway, Oklahoma Bar Association, July 28, 2010. Why You Need to Switch to Digital Client Files Now. <http://lawyersusaonline.com/blog/2010/07/28/why-you-need-to-switch-to- digital-client-files-now/>
David Collins, US Department of Justice. 2005. DOJ Litigation Case Management System (LCMS). <https://collab.core.gov/adl/en- US/9488/File/5766/Industry%20Day%20Brief%20Full%20Final%20(2).ppt>
Microsoft Corporation. 2005. Trends Reshaping Law Firms. <https://msdb.ru/Downloads/Dynamics/industries/profservices/expertmark/Law%20Firm%20Prospect%20Presentation%20-%20Large%20Firms.ppt>
William E. Olson, DeMars, Gordon, Olson, & Zalewski. Law Firm Management Technology for Home Offices & Small Law Firms. <http://demarsgordon.com/LawFirmManagementTechnologyIssues.PPT>
Karnika Seth, Seth Associates. July 2007. Legal Process Outsourcing in India- An Insight into The Growing Industry. <http://www.sethassociates.com/wp- content/uploads/legal%20process%20outsourcing%20in%20India- %20An%20insight%20into%20the%20growing%20Industry.ppt>
Susan Freund, Larrimer Associates, Inc. November 19, 2009. Privacy and Information Security: Laws and Regulations.
16. 16 Copyright 2011 NorthPage Research LLC www.northpage.com
Sara Anne Hook, ARMA. Date. Ethics and E-discovery: Where the Rubber Meets the Rules. <http://armaindy.org/Resources/Documents/Session%203%20- %20Sara%20Hook%20Ethics%20and%20E-discovery.ppt>
John T. Lambert, The University of Southern Mississippi. 2008. Attorneys and Their Use of Technology. <http://www.alliedacademies.org/Publications/Papers/EE%20Vol%2013%202008%20p%2083-99.pdf>
C. Matthew Curtin and Lee T. Ayres, Interhack. 2009. Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry. <http://web.interhack.com/publications/interhack-breach-taxonomy.pdf>
Verizon. 2009. 2009 Data Breach Investigations Report. <http://www.verizonbusiness.com/resources/security/reports/2009_databreach_ rp.pdf>
Catherine Sanders Reach, American Bar Association. 2008. Dangerous Curves Ahead: The Crossroads of Ethics and Technology. <http://www.abanet.org/tech/ltrc/presentations/arkbarethicstech.pdf>
Brinig, B. & Gladson, E., 2000. Developing and Managing a Litigation Services Practice. San Diego, CA: Harcourt Professional Publishing.
Lambert, J.. 2006. Economic and Management Factors Affecting The Adoption of Presentation Technology by Law Firms. <http://libraryds.grenoble- em.com/FR/PUBLICATIONS/Pages/theses.aspx>
Ed. Paulus R. Wayleith, Data Security: Laws and Safeguards. Nova Science Publishers, 2008.
Kevin P. Cronin and Ronald N. Weikers. Data Security and Privacy Law : Combating Cyberthreats. Thomson/West, 2002.
Kimberly Kiefer et al. Information Security : A Legal, Business, and Technical Handbook. American Bar Association, 2004.
U.S. Government Accountability Office. Personal Identifiable Information and Data Breaches. Nova Science Publishers, 2009.
TERMS AND CONDITIONS
While the information is based on best available resources, NorthPage Research LLC disclaims all warranties as to the accuracy, completeness or adequacy of such information. NorthPage Research LLC shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. Opinions reflect judgment at the time and are subject to change. All trademarks appearing in this report are trademarks of their respective owners.