Law Firms Respond to Security Risks in Client Data

After being dubbed the "soft underbelly of American cybersecurity," law firms embrace robust security programs.

, Legaltech News


After being dubbed the "soft underbelly of American cybersecurity," law firms embrace robust security programs.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Continue to Lexis Advance®

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

What's being said

  • Geraldine Hunt

    Every industry, company size and sector must embrace robust security programs. Over the past three or four years the profile of the cyber attackers has changed. Previously when people used to write worms and viruses, they would typically want to make names for themselves, they were seekers of notoriety. They would release worms and viruses that would cause lots of traffic, crash lots of servers until some patch was deployed, and the game would be over.
    The big shift that‘s occurred over the past three years is a results of significantly increasing volume of commerce that is now transacted on the Internet. As more businesses make more and more money from ecommerce, the cybercriminals want to get their share. The motivation now for the vast majority of cyber attacks is money.

    Anti-spam and email security solutions (www.spamtitan.com) are now essentials pieces in any IT toolbox. There are many excellent on premises anti-spam and spam filtering solutions available, however managing these on-site presents an additional burden for the IT staff, as their consistent smooth operation is dependent on many factors outside their control. We are seeing a lot of companies looking at cloud email security so they can avail of the very latest filtering technology managed by experts. We published a new blog post today on this if you are interested in hearing more

  • Judi Flournoy

    Ms. deWitte,
    Thank you for your post. You are correct, the cost of an individual breach in 2013 in the U.S. was cited as $5.4 million and $4.8 for Germany. I appreciate your keen eye. With respect to ISO 27001, it is a good guideline for applying a more effective securtiy program.

  • James

    Interesting article, security tops the list of concerns for any organization. It is important for organizations to have a basic understanding of all types of threats and make sure their systems keep customer information secure. I work for McGladrey and there‘s a whitepaper on our site that discusses a few points here that may interest readers, it offers very good information on common security concerns for business and ways to mitigate them. @ "Two common Web application attacks illustrate security concerns" http://bit.ly/1c0f35M

  • Paula deWitte

    The statement by the author, "In May 2013, Symantec Corp. and Ponemon Institute presented their report, 2013 Cost of Data Breach: Global Analysis, which revealed the total cost of data breaches in the U.S. amounted to $5.4 million—and in Germany, $4.8 million." is a bit misleading. $5,4 million is the cost of remediation of a single data breach, not the total cost of data breaches.

    Secondly, ISO 27001 is not the way to go. It is not an independent 3rd party assessment, but instead by the author‘s own words relies on self answered questionnaires, physical on-site interviews and on-site physical security assessments. Would you recommend to your clients to have their accounting audited in-house?

    The U.S. law is based on the NIST standards which are very process and detailed oriented. ISO 27001 is more of a philosophy and is EXPENSIVE. NIST standards are free -- well, paid for by the U.S. taxpayer. As one conference attendee told me in Europe--management likes ISO standards because they give you a certificate to hang on the wall. Well that certainly keeps you secure!

    I work in oil and gas. The Houston Chronicle reports that energy assets are more likely to be breached than banks. Not b/c of lack of cyber security, but b/c of the goodies that await cyber criminals as evidenced by the incursions of the Russians. Yet, I continue to see nothing in MSAs or contracts about mitigating cyber security liability.

  • Paul Kunas

    Excellent summary of the issue at hand. Maturing security and making sound decisions based on risk is important. Influencing culture is key to success. Client expectations are key to both.

Comments are not moderated. To report offensive comments, click here.

Preparing comment abuse report for Article #1202662139978

Thank you!

This article's comments will be reviewed.