Angie Singer Keating, CISA, CIPP, CISM, CRIS
Once again, and at the risk of angering some of our best clients
(attorneys), I’m going to get on my soap box about law firms and
security. This story is an excellent example of why it is so
important for law firms to have solid network security validated with
third-party audits, as well as sound incident response plans for when
things go wrong…note I didn’t say “if”, but when. For years now,
I’ve been preaching that e-discovery data is a treasure trove of
extremely sensitive and in some cases, highly regulated data. It has
been my experience in working with small law firms as well as very
large ones that the internal data security posture of many of them is
not nearly as robust as it needs to be. Good lawyers are busy
practicing law. Internal IT staff at many law firms are stretched to
the limit in terms of financial and human resources. Add to this
reality the fact that many law firms are now outsourcing storage of
e-discovery production data to the cloud and it seems to me that this
is just the tip of a very large data breach iceberg that toward which
many firms may be heading. Will your firm go down like the Titanic
when there is a breach? Have you done regular third-party audits of
your IT security? Did you do robust due diligence on your data
storage provider? If asking these questions makes you nervous, it’s
time for some help from a trusted data security risk management
partner.
Reclamere RSS Feed