At the most recent Securing The Law Firm Summit [http://www.securingthelawfirm.com/event/stlfjan15] in London, I, along with many of our delegates, came to a Big Realisation around who will actually get the blame if there is a security SNAFU at a law firm.
First, let me set the scene. Gathered in the room were 100 individuals responsible for the information risk and security capability at the world's largest (and most profitable) law firms.
These people are the security custodians of the secrets and strategies of global capitalism. They act as business custodians to any fortune mega-brand you can think of. The data these experts sit on is, without doubt, the fulcrum of the international business machine.
Yes - it is serious stuff. So serious, in fact, that the intelligence teams from the UK and US have people devoted to law firms and their role as part of the Critical National Infrastructure! As we listened to expert after expert discuss the particularities of security within the law firm, we all starting wondering about situations like:
-How much of this super-sensitive business intelligence has already walked out the door of a law firm and into another state? China perhaps? Or Iran?
-Why do we never hear of any catastrophic breaches at law firms like we do when it happens at well-known brands such as Sony?
In other words, when the 'big one' finally hits - or gets reported - it will not only cause the relationship melt-down between the client and the law firm, but who exactly will get the blame?
Let's gamify this question a little. Will it be...
1. Contestant Number 1: The Managing Partner of The Law Firm, who runs a very successful international business, is universally loved by employees and clients alike, and is hugely qualified in lawyering?
2. Contestant No 2: The Fortune 500 client who has been a client of the law firm since forever?
3. Contestant No 3: The one responsible for information security at the law firm, who sits in the small office down the corridor?
I bet you can guess who I would put my money on.
But blame games aside, the point is this: the security conversation - as it pertains to law firms - must begin to involve stakeholders as much as the security professionals employed by the firms.
The client must be as confident about the law firm's security policies, processes and technology as they are the firm's legal prowess. And while Managing Principles at the law firm may well be expert at addressing legal risk, the firm must become expert in mitigating the security risk of their clients. By placing more emphasis on addressing the clients' security needs (not just legal risk), legal firms will by default begin to mature their own security posture.
Learn more about our exclusive IT security events
To attend, sponsor or simply learn more, check out all of our events at http://www.akjassociates.com/
-Keith Blackwell-Rose
AKJ Associates
Tags: Securing the Law Firm conference Law Legal summit events responsibility
