Blog Posts

Practical Advice on Data Security for Law Firms and NYT

The New York Times once again put cyber security on the front page. While the article “Law Firms are Pressed on Security for Data” highlighted that corporate clients are threatening to withhold legal work from firms that fail to adequately address data security risks, it left one fundamental question unanswered. “What can a law firm do to effectively manage data security risks?”

The “simplistic” answer is to just conduct some basic vulnerability scans and then invest in technology that purports to provide protection from the bad guys lurking just outside your firewall. Unfortunately, the path to meaningful security improvement is not quite that straightforward. As a starting point, there are three basic questions that a firm should ask when it defines its cyber risk profile:

  1. What data assets should we be trying to protect (including both client data and sensitive firm information)?
  2. What are the most realistic threats to those critical assets (including insider threats and accidental loss)?
  3. How vulnerable are we to those specific threats?

It is only after answering these three questions, can a firm can tackle the all-important final question: “How can we best invest our limited security budget to maximize our defenses against the highest priority threats and minimize enterprise risk?”

Read how to answer all of these questions in our recent article on FindLaw.