The legal world’s reliance on technology increases, and with it comes greater and more varied risks to the sensitive information entrusted to legal counsel. To stay ahead of this trend, law firms attempt to obtain new certifications in pursuit of satisfying clients concerned about inadequate cybersecurity.
New Security Standards
This increased focus on cybersecurity compliance comes in the ISO 27001 certification, which can be acquired by any business that meets the required international security standards. While certain firms like JP Morgan Chase and Goldman Sachs require more stringent cybersecurity standards, ISO 27001 has been adopted by dozens of firms, becoming the baseline for data security in the legal world.
Despite the necessity of increased regulation of information security for both small and large firms, ISO 27001 compliance is difficult to meet. Businesses that wish to obtain this certification must undergo a lengthy auditing process that entails an assessment of which policies are in place, what level of control businesses have over their cybersecurity, past incidents of data breaches, how employees are trained, and general knowledge of government regulations.
Part of the certification process involves increased accountability by legal firms. Documentation is key for certification renewal, as companies must prove that they have complied with necessary regulations. The cost is significant for smaller firms concerned about their bottom line— Kathryn Hume, a primary consultant at an ISO-certification firm, estimates the cost of a three-year certification to exceed $30,000 for larger firms. While established and profitable businesses have no issue with these types of fees, smaller firms find the cost of certification prohibitive.
Despite the costs, the strict requirements speak to the greater need for organization and responsibility by firms upgrading their security standards.
ISO 27001 compliance is not a mandatory certification, but many banks and businesses are turning a sharper eye toward cybersecurity adherence for the clients they partner with.
Investing more heavily in cybersecurity is a decision that firms must weigh. While cost is a factor, cybersecurity compliance is about more than paying for a certification. Good data security involves a deeper understanding of the technology-related risks that legal firms face and knowing how to implement the infrastructure to safeguard themselves.
Written by Desh Urs
Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.
As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.
Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.