The roadmap to successful information governance - Part 2
Antony Wells
Engaging stakeholders with effective tactics
In part 1 of our series on building a business case, C(...)
What Every Corporate Legal Department Should Know Before Implementing a GenAI Solution
Jitendra Gupta
Generative AI can be a powerful tool for automating routine yet important tasks, allowing corporate (...)
In a time when full-scale attacks and small scrimmages were the rules of the day, it was vital for a medieval castle defense system to take all possibilities into account. Law firms would do well to follow this model. Just as castles in medieval times protected themselves with rings of defenses-the moat, outer wall, internal wall, and the last place of refuge, the tower-law firms today need to build rings of defenses that give them multiple opportunities to prevent harm if their firewall gets breached.
The first ring of defense-controlling the desktop
More often than not, breaches to the firewall happen because of an act by an employee. We're all familiar with a number of well-publicized acts of malfeasance, but many breaches are inadvertently caused by something far more mundane:
The culture of law firms, where partners have significant sway, make them particularly vulnerable to spear phishing, where an email appears to come from someone you trust.
Minimize the number of super-users
In the name of providing the best customer service for their lawyers, most firms have created too many super-users (in other words, users who have access to all of the content in the document management system). For example, for the sake of convenience, many firms unnecessarily give superuser privileges to their document processing center, their records management department, and “night floaters.” In addition, the firm's “weekend warriors” want to be able to review case files, and many of those case files hold sensitive information. However, if just one super-user account gets broken into, hackers have access to most of the content in the firm. The problem has reached critical mass: law firms must limit super-user access to DMS content. It's time to map privileges to what is needed to perform your job.
How about help desk and IT access?
The firm also needs to strictly limit the information available to the help desk and local office IT support staff to what is required to perform their jobs. For example, while this class of users may need access to profile information in documents stored in the firm's document management system, they don't need access to the actual content of the documents. In parallel, the law firm needs to limit the functions of the help desk and IT support staff, for example, by allowing them to view document security but not change document security.
Prepare for ISO27001 certification
The same internal controls that defend against hacking are the same controls that will satisfy clients' requirements for better security and privacy. Limiting access is inherent in security certifications, such as ISO 27001. When law firms can demonstrate that degree of security, it reassures the client and resolves a major pain point for the law firm, who no longer needs to assign resources to respond to exhaustive security audits.
Copyright © 2023 Legal IT Professionals. All Rights Reserved.
We offer organizers of legal IT seminars, events and conferences a unique marketing and promotion opportunity. Legal IT Professionals has been selected official media partner for many events.
