It’s becoming harder and harder to practice law!
It’s no secret that the bad guys have figured out that law firms are perfect targets. Legal organizations transfer significant amounts of sensitive data related to their clients and warehouse client-related trade secrets. To practice law in 2017 you need strong technology to organize and find work product and to manage email, but you also must empower attorneys with the ability to work from anywhere, using various devices, from any location. The days of practicing law behind a big desk and traveling with a litigation bag in hand are long gone! The modern law office is located down the street at Starbucks, and attorneys are working on Microsoft Surface Pros and using their iPhones to conduct business in real time.
As the industry changes, clients are asking firms to disclose their security posture, which not only includes their hardware and software products of choice, but also the implementation and practice of security related processes and procedures. By now most firms have already faced the dreaded compliance audit. These assessments are multifaceted, time consuming and driving up the cost of doing business. So, what does a law firm do to prepare themselves to respond affirmatively and to drive down the cost? It all starts with assessing your current systems including your security processes and policies, and then re-aligning where you find shortcomings. For example, under our monthly Managed Services Program (MSP) we define for our clients the “Adaptive Way”, a compilation of security products, processes and policies which we have assembled after working with hundreds of law firms of all sizes. Some alignment efforts are simple and can be performed at no additional cost under MSP. For example, we help firms recognize that complex passwords which requires a minimum length, upper and lower case letters and a special symbol are a core requirement. Implementing best practices such as more frequent password changes and not re-using the same password are inconvenient but help the firm to answer yes to many of the compliance questions. As we align further we can then suggest leading tools and processes for the more difficult shortages such as two factor authentication, encryption of data at rest, mobile device management, and how best to securely transfer data with clients. As you can see, the remediation to becoming compliant is a process, and it’s not something that a firm can correct rapidly. By working with an experienced legal IT provider, law firms can glean the knowledge of every changing legal security regulations and begin to shift their IT shortcomings from “I don’t know” to “Yes, we are compliant”.