While the use of technology within the legal industry and how it can contribute to the faster and cheaper delivery of legal services is never far from the minds of law firm leaders, one perceived downside — the growing specter of risk — also is not far from their thoughts.
“The use of technology and the business processes that go on in a law firm are in some ways a little bit more unique than in the average company,” says Nicholas Barone, a Director in the Consulting Services Group of EisnerAmper, adding that this unique situation makes law firms more vulnerable to hackers intent on exploiting and stealing law firm data.
Barone will be moderating a panel to more fully discuss this critical issue at the 15th Annual Law Firm COO & CFO Forum, presented by Thomson Reuters’ Legal Executive Institute. The Forum, a national summit for law firm officers and their peers, will be held October 26-28 at the New York Downtown Marriott.
Barone’s panel, entitled The Price of Progress: Law Firm Technology, Global Actors & the Evolving Face of Risk, will focus on risk as a major downside to the technological adoption that law firms are aggressively pursuing. The panel, which will close out the Forum on Oct. 28, will also offer an update on best practices and regulatory recommendations surrounding law firm data privacy and risk.
Nicholas Barone, of EisnerAmper
In addition to Barone acting as moderator, the panel will also feature a presentation by Brian L. Levine, Senior Counsel & National CHIP Coordinator at the U.S. Department of Justice; and discussion with panelists Zachary K. Goldman, Executive Director of the NYU Center on Law & Security and an Adjunct Professor of Law at the NYU School of Law; and Robert K. Knake, the Whitney Shepardson Senior Fellow on the Council on Foreign Relations and former Director of Cybersecurity Policy for the National Security Council.
In an interview with Legal Executive Institute, Barone described how law firms’ unique partnership model can make it difficult for a firm to properly invest in a data security and protection strategy. “Allocation of the cost of technology is really one issue I see that drives inconsistency in law firms,” he says. “While security should be practiced across the board, the truth is that it’s tough sometimes to get law firms to fully buy-in, across the firm, for the purchase of security technology, because it comes out of the pockets of the partners.”
The partnership model makes it difficult for law firms to implement what Barone calls a “layered security architecture” that’s required to detect and prevent intrusion, mostly because of the way law firms allocate cost. “The truth is that law firms get hacked not because they’re not secure, but because they have vulnerabilities,” he explains. “That’s what makes them unique and that’s why law firms get breached.”
Barone said there are several best practices a firm can strive for to better protect itself from data intrusion, and many of these will be more thoroughly discussed at the Forum panel. First, law firms are going to have to realize they must create more levels of security, especially those containing a higher-level degree of authentication because they’re sharing and giving access to their network to other parties.
“The truth is that law firms get hacked not because they’re not secure, but because they have vulnerabilities. That’s what makes them unique and that’s why law firms get breached.”
Second, firms need to further reduce the amount of data stored in file-sharing and in e-mail systems. “For example, some firms are reducing the storage space for attorneys to store their e-mail in order to start dissuading them from utilizing e-mail systems as an archive.”
Another best practice Barone described was the implementation of new types of smarter technology to access the firm’s network — often based on the address system of the Internet provider — and eliminating the traditional, and often riskier, username and password method. Additionally, firms are re-examining the amount of historical paper records they have stored, which are often digitized and thus, also at risk.
“What many law firms are doing is kind of like what we call ‘playing zone defense’,” Barone notes. “They’re recognizing their various practices and are trying to steer those practices towards certain higher levels of internal security and higher levels of internal application storage.”
Indeed, he says he hope attendees of the Forum panel will come away with a better sense of the risk their firms face in an increasingly technological — and increasingly at-risk — legal industry. “I would like attendees to see the importance of one, the identification of risk; and two, identifications of challenges within the law firm as it tries to mitigate those risks.”
“And finally, I’d like them to become an advocate of best practices with their firm around areas of data security and intrusion prevention.”
The post COO & CFO Forum Preview: Data Privacy & Risk Protection Within a Law Firm Business Model appeared first on Legal Executive Institute.