Law firms respond to security risks in client data (LTN, 7 July 2014) – In February 2013, Joe Patrice wrote in Above The Law that law firms were the “ soft underbelly of American cybersecurity .” Today, it is safe to say that many law firms across the U.S., Canada and Europe take exception to that characterization. Why? In part due to the efforts of individual firms to adopt ISO 27001 security standards or implement more robust security programs, including information security education. Also in February 2013 the former special agent in charge of cyber and special operations with the FBI’s New York office, Mary Galligan, stated “ We have hundreds of law firms that we see increasingly being targeted by hackers .” There isn’t one single law firm CIO or IT director who doesn’t understand the weight of these statements. Many large law firms have actively engaged in internal and external initiatives to fight security threats. * * * Law firm clients in the financial services industry heavily scrutinize their outside counsel with vendor security audits. Governed by the Office of the Comptroller of Currency and the Federal Financial Institutions Examination Council in compliance with the Gramm-Leach-Bliley Act, all law firms who have financial institution clients are required to respond to a comprehensive security audit. The audit process is detailed, and in many cases includes questionnaires with several hundred questions, on-site interviews and or on-site physical security assessments covering everything from hard-copy file security to data center security.
Provided by MIRLN.
Image courtesy of FreeDigitalPhotos.net/Stuart Miles.