Legal Tech: Establishing, Collecting, and Analyzing Metrics for Success
Liza Pestillos‑Ocat
As legal tech vendors, we’re often asked, “What’s the ROI on your software?” Our response is familia(...)
Generative AI in litigation: Turning talk into transformation
Opus 2
In recent years, generative AI (GenAI) has captured the legal industry's attention, moving from buzz(...)
In a time when full-scale attacks and small scrimmages were the rules of the day, it was vital for a medieval castle defense system to take all possibilities into account. Law firms would do well to follow this model. Just as castles in medieval times protected themselves with rings of defenses-the moat, outer wall, internal wall, and the last place of refuge, the tower-law firms today need to build rings of defenses that give them multiple opportunities to prevent harm if their firewall gets breached.
The first ring of defense-controlling the desktop
More often than not, breaches to the firewall happen because of an act by an employee. We're all familiar with a number of well-publicized acts of malfeasance, but many breaches are inadvertently caused by something far more mundane:
The culture of law firms, where partners have significant sway, make them particularly vulnerable to spear phishing, where an email appears to come from someone you trust.
Minimize the number of super-users
In the name of providing the best customer service for their lawyers, most firms have created too many super-users (in other words, users who have access to all of the content in the document management system). For example, for the sake of convenience, many firms unnecessarily give superuser privileges to their document processing center, their records management department, and “night floaters.” In addition, the firm's “weekend warriors” want to be able to review case files, and many of those case files hold sensitive information. However, if just one super-user account gets broken into, hackers have access to most of the content in the firm. The problem has reached critical mass: law firms must limit super-user access to DMS content. It's time to map privileges to what is needed to perform your job.
How about help desk and IT access?
The firm also needs to strictly limit the information available to the help desk and local office IT support staff to what is required to perform their jobs. For example, while this class of users may need access to profile information in documents stored in the firm's document management system, they don't need access to the actual content of the documents. In parallel, the law firm needs to limit the functions of the help desk and IT support staff, for example, by allowing them to view document security but not change document security.
Prepare for ISO27001 certification
The same internal controls that defend against hacking are the same controls that will satisfy clients' requirements for better security and privacy. Limiting access is inherent in security certifications, such as ISO 27001. When law firms can demonstrate that degree of security, it reassures the client and resolves a major pain point for the law firm, who no longer needs to assign resources to respond to exhaustive security audits.
Copyright © 2023 Legal IT Professionals. All Rights Reserved.
We offer organizers of legal IT seminars, events and conferences a unique marketing and promotion opportunity. Legal IT Professionals has been selected official media partner for many events.
