Last September, the 2015 ILTA/InsideLegal Technology Purchasing Survey which was released during ILTACON in Las Vegas stated that security management was the largest challenge facing legal IT departments that took part in the survey. This was the first time in eight years that email management didn’t come in first place in that category. For anyone who’s paid attention to the news headlines this past year, this shift should come as no great surprise. Cybersecurity threats are definitely making the headlines—and can be challenging to tackle head-on.
In a November 2015 editorial, Legaltech News interviewed Fox Rothschild’s Chief Privacy Officer Mark McCreary on his thoughts on the legal industry’s current handling of cybersecurity threats. McCreary’s position as chief privacy officer was added by the firm in September 2015 as a result of client data concerns.
Overall, McCreary feels that there will never be a “perfect recipe” to cover and protect against every single cybersecurity threat that exists. The goal, he says, “is to be as secure as possible and never assume the job is done. Defenses and threats are constantly changing, and I believe the goal is to stay constantly vigilant”. On the same topic, he also feels law firms which treat cybersecurity as a team effort and not as a task of an individual generally have a better grasp on strong security measures.
He additionally believes that larger firms are taking cybersecurity more seriously than smaller firms, largely due to the fact that large firms often feel more pressure when they respond to an incident and receive publicity. Smaller to mid-tier firms are at a higher risk as a result, however. “The small and mid-tier firms, where the expenditure of capital and dedication of resources that is required is more material, are at much greater risk,” McCreary says. “Some of these firms are in a disastrous state. Others know that they must do more, but the leaders do not appreciate the risk and often will only deal with the issues in a reactive manner.”
The idea that law firms tend to deal with cybersecurity issues in a reactive manner isn’t too surprising, especially after all of the security breach headlines we saw in 2015. Firms are starting to prioritize cybersecurity as we hear more about these major breaches, but oftentimes those efforts come too late. The good news is that the more IT and legal professionals talk about cybersecurity threats and how to protect their firms against them, the easier it will become to share and develop new ideas that can make it simpler for all of us to protect our businesses, employees, and clientele.
Finally, McCreary strongly believes that cybersecurity efforts and firm infrastructures are only going to get better within the next three to five years. “I believe as firms move more and more resources online and off of servers, an appropriate amount of attention will be paid to security of that data when at rest with a vendor,” he says. “Vendors will need to continue to create both robust and secure systems, and the vendors that have the best offerings will be rewarded by those firms who value data security.”
We can see evidence of cybersecurity efforts increasing on an industry-wide level when we look at some of the notable security-related appointments and changes that happened in the second half of 2015. Most notably, we saw major changes at Venable, K2 Intelligence, Seyfarth Shaw, Goodwin Procter, and LexisNexis. Increased cybersecurity efforts often begin with new appointees and roles, personnel adjustments, and new security teams that are created to meet the challenges directly. 2016 will undoubtedly see similar major happenings at law firms both large and small across the nation.
As the legal industry starts to tackle the challenges cybersecurity presents, 2016 will likely become a year where many new cybersecurity ideas are shared and set into motion. Along with new ideas, of course, new challenges will also arise as the industry continues to advance. To help your firm stay ahead of these challenges in 2016 and beyond, get in touch with LOGICFORCE today to see how we can help your team arise to the numerous—but surmountable—challenges of cybersecurity.