Cyber Security services from LOGICFORCE protect the data and reputation of law firms while ensuring they are compliant with the security requirements of their corporate clients. Our approach to cyber security provides peace of mind to firms that they have taken every step possible to secure the data attorneys have an ethical duty to protect.
Our services also give corporate shareholders the assurances they need, knowing that their executives have been diligent when entrusting their most sensitive company information to their law firm partners.
Our services are designed to detect and prevent both internal and external breaches at law firms.
Who Needs This?
Law firm leaders and their corporate clients who want the peace of mind that comes from sophisticated cyber security defenses.
WHY LAW FIRMS NEED A CYBER SECURITY PARTNER
Every law firm knows that they need cyber security. What may not be as clear, is that you need a cyber security partner. Here are the core reasons that you should no longer attempt to manage cyber security on your own:
- You risk an existential threat to your firm if you take no action or the wrong action.
- ABA Model Rules require you to protect client confidentiality.
- Many corporations, especially in regulated industries, will require you to pass a security audit as a condition of doing business with them.
- Your clients’ data is the new favorite target of hackers.
- Statistics prove that your firm is most likely out of compliance with your own information governance policies and just as importantly, those of your clients’.
- Your biggest threat may be internal, not external.
- The security threat landscape is constantly evolving.
- You have a very real market opportunity to build a substantial practice around cyber security right now.
- You need the right technology and the right team.
YOU RISK AN EXISTENTIAL THREAT IF YOU TAKE NO ACTION OR THE WRONG ACTION
Law firm hacks have become very public stories. The Panama Papers, a name that has come to describe the leak of more than 11 million private corporate documents from the law firm Mossack Fonseca, is just one such example. The fall-out for law firms from these types of hacks cannot be overstated. You do not want to be the next Mossack Fonseca. This is not the only example.
- The ABA Cyber Security Handbook tells of a UK law firm that was breached by hackers in 2010. Because of the hack, the firm ceased operations and the owners were hit with hefty fines.
- The Ponemon Institute’s report on the cost of cyber security breaches indicates that the average cost per breach was $2.4 million dollars over a 24-month period for organizations who were profiled in the study. This is what it cost corporations to address the breach. If that were to happen to one of your clients because your firm was hacked, whom do you think they would be looking to for financial remedy? What would the financial impact be to your law firm?
- In 2013, the U.S. Department of Health and Human Services issued an “omnibus rule” that increased the potential fees for HIPAA security violations to $1.5 million per incident.
If you take no action to shore up your defenses, or if you take the wrong action, the results could be financially devastating. This is why you need a partner who has their thumb on the pulse of the necessary security protocols and technologies for law firms. The financial risks are simply too high for your firm to try to manage cyber security alone.
ABA MODEL RULES REQUIRE YOU TO PROTECT CLIENT CONFIDENTIALITY
ABA Model Rules of Professional Conduct, Rule 1.6: Confidentiality of Information, section (c) states: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The ABA Cyber Security Handbook states: “law firms and lawyers… are increasingly required to know and understand data security and how it potentially affects their clients… Ignorance of the risk is no longer an option or excuse.”
The Handbook also goes on to acknowledge that most lawyers and law firms “lack an instinct for cyber security.” If there are no excuses and if you find your firm lacks the necessary instincts for cyber security, what should you do? Don’t go it alone. Work with a partner who understands your risks and will help you greatly reduce them.
MANY CORPORATIONS, ESPECIALLY IN REGULATED INDUSTRIES, WILL REQUIRE YOU TO PASS A SECURITY AUDIT AS A CONDITION OF DOING BUSINESS WITH THEM
If you have not yet experienced this, it is likely coming. Many corporations will use a security audit as a litmus test to determine which firm they can trust with their data. Corporations are accountable to their shareholders and, in regulated industries, are required by law to protect their confidential information. The risks to them of violating these regulations are quite severe. The regulations could include SOX, HIPAA, FINRA, HITECH, FDIC, Gramm Leach Bliley and others, depending on their industry.
Some security audits require law firms to respond to probing technical questions and to provide extensive documentation, which can grow to be as much as 100 pages, often taking weeks to reply to. Should your law firm encounter a major opportunity with an existing or prospective client but you had to pass an extensive security audit, could you do it in time? Would you even pass? How many resources would you have to expend and at what cost? Partnering with LOGICFORCE guarantees you’ll be prepared and pass all client security audits.
YOUR CLIENTS’ DATA IS THE NEW FAVORITE TARGET OF HACKERS
Think about it, for just a moment, from the standpoint of a hacker. If you had to choose between hacking a corporation with big IT budgets and high security standards or a law firm with much lower security budgets and standards, compared to the corporation, which would you choose? Hackers will take the path of least resistance and target law firms. This is, in fact, happening right now.
The other thing you should know is that the kind of client data most law firms acquire through the eDiscovery process makes them a prime target for hackers. Corporations wouldn’t pay a law firm to review data that is inconsequential. Whether it’s intellectual property, a smoking gun statement in an email, confidential business plans, client lists or transaction records, the data acquired through eDiscovery is inherently valuable to you and your clients and prized by hackers.
YOUR FIRM IS ALMOST ASSUREDLY OUT OF COMPLIANCE WITH YOUR OWN INFORMATION GOVERNANCE POLICIES
At LOGICFORCE, we conduct technology and business assessments of law firms on a regular basis. Through our Synthesis E-IT Secure™ offering, we analyze how law firms actually operate, their day-to-day practices. Here is what we’ve discovered. 100% of the law firms assessed by our experts, were not in compliance with their own information governance policies or those of their clients. Not one.
Information governance policies can become shelf-ware, a set of documents placed in a binder and stored on a shelf to collect dust. Or they can become a vital strategic defense system against internal and external threats. How the information governance policies are implemented, monitored, enforced and validated – proof that they are being followed operationally – is the difference between shelf-ware or a strategic defense system. Which do you want for your law firm?
Many law firms do not understand or have the resources to operationalize security standards by instituting monitoring systems, alerts, standard operating procedures and training into everyday practices. It requires a security mind-set, not just an IT operations mind-set, to achieve this outcome.
YOUR BIGGEST THREAT MAY BE INTERNAL, NOT EXTERNAL
When most people think of security threats, they often picture an off-shore hacker in an underground bunker surrounded by walls of computer systems. While there are certainly threats from off-shore entities, and we certainly protect against these, the biggest threat to your data security might be just down the hall from you.
We’re not referring primarily to rogue employees who want to steal your private data. They are certainly a concern. But in our experience, that’s not where the most common security breaches stem from for law firms. Here are some examples:
- A lawyer takes a laptop with sensitive client data on a trip and logs onto public WIFI in a coffee shop, airport, airplane, hotel and at a conference. All of these public networks expose the data on that laptop to confidentiality breaches.
- A paralegal backs up client files on a thumb drive and puts the drive in a briefcase which subsequently comes up missing.
- An employee emails her login credentials for a cloud-based application to her home computer so she can login and do work over the weekend. Her good intentions expose the law firm’s entire client list to a highly insecure webmail system. She acted in good faith, but the results could be disastrous.
- An associate prints out hundreds of pages to review overnight and leaves the documents in a public area. The intentions were good, but due to inefficient remote access, the staff member resorted to a more error prone process.
All of these potential security breaches can be avoided with the proper training and monitoring tools that alert someone who is in a position to take corrective action. We know how to train staff, monitor systems and data to take corrective actions that greatly reduce your security risks.
THE SECURITY THREAT LANDSCAPE IS CONSTANTLY EVOLVING
The security threats that the legal industry faces today are different from the threats we saw just a few years ago. The threats that law firms will face next year and the year after will be new, innovative and more secretive. Why? Hackers are constantly evolving their strategies and technologies because security systems and the security industry are evolving to stay ahead of them.
What does this mean for you? If you approach to security is to rely on internal IT staff who also carry responsibility for day-to-day operations at your firm, it is highly unlikely that they will have the time, resources or focus to stay abreast of the emerging threat landscape and deploy the tools and protocols that are necessary to keep your firm secure. This is why you need LOGICFORCE. We spend the time and energy to stay ahead of threats, evaluate new technologies and identify best-practices to share with our clients.
WE CAN HELP YOUR FIRM BUILD A CYBER SECURITY PRACTICE
The AMLAW 250 has recognized a market opportunity that many law firms are just now starting to understand. A high percentage of AMLAW 250 firms now offer cyber security services to their corporate clients. These services usually consist of information governance policy review and revision with a set of recommendations to enhance cyber security.
The inherent weakness of these services is that less than 5% of AMLAW 250 firms have any actual experience in cyber security and have little or no technological expertise to implement the changes to the systems they recommend. This leaves the door wide open for a firm with a better approach – your firm.
LOGICFORCE partners with law firms like yours to deliver cyber security services to your clients. These services deliver much greater value to clients than the AMLAW 250 approach because the offering includes both an assessment and implementation of the recommendations.
Usually our law firm’s attorneys secure an information governance consulting engagement, which produces a set of recommendations. Our cyber experts then implement the technology and safeguards in alignment with the recommendations to ensure compliance. We can also provide guidance to law firms who do not have a cyber security practice today about how to create such a practice.
By partnering with LOGICFORCE as your cyber security technology provider, you can realize several benefits. First, you are providing a service as a true business partner which is something every GC is clamoring for! Second, this makes your lawyers and firm more innovative, oftentimes leading to other opportunities with the client. Ultimately these services lead to greater client loyalty and decreased downward pressure on fees for other services.
YOU NEED THE RIGHT TECHNOLOGY AND THE RIGHT TEAM
Cyber security for law firms requires a host of technology systems and a team who knows how to configure and monitor those systems and then take appropriate action when breaches are detected. Gartner’s 2017 Magic Quadrant identifies these areas as critical to cyber security success:
- Monitored or managed firewalls and multifunction firewalls, or unified threat management (UTM) technology
- Monitored or managed intrusion detection and intrusion prevention systems (IDPS)
- Managed or monitored security gateways for web and email traffic
- Monitoring and/or management of advanced threat defense technologies, or the provision of those capabilities as a service
- Security analysis and reporting of events collected from IT infrastructure logs
- Reporting associated with monitored/managed devices and incident response
- Managed vulnerability scanning of networks, servers, databases or applications
- Monitoring or management of customer-deployed security information and event management (SIEM) technologies
How much of this technology do you have at your law firm today? How trained are your IT people in these systems and in the process of using the technologies to prevent breaches? If you can’t answer these questions with confidence, you need LOGICFORCE.