When people think of “cybercrime,” they imagine a hacker finding an exploit in an unsecured system and taking advantage for their own gain. While this is a growing concern in the legal world, it isn’t the only security threat that firms must consider. A 2015 Data Breach Investigation Report by Verizon found that 20.6 percent of all data breaches are caused by individuals inside the industry, whether accidentally or intentionally. These breaches can be notoriously hard to detect, given that internal data leaks are less obvious with immediate consequences less than hacker access. IT security has traditionally been challenging for legal firms—clear corporate policies must be implemented to protect privileged information from both hackers and illicit employee actions.
1. Increase Awareness
The first step in decreasing incidence of cybercrime both within an organization and without involves increasing awareness. Companies must create a corporate culture of transparency and honesty with their employees, and train them in data handling practices. Employees should know what to do if they detect a security issue, with clear policies in place for the assessment and removal of emerging threats.
2. Detection/Data Loss Software
Implementing software to monitor data transfer is another method of preventing data loss. Legal firms can optimize their IT security with programs that track detection points of data transfer to highlight potential vulnerabilities. If a breach occurs, these programs offer hard evidence and digital trails for investigators to follow.
3. Implement Warnings
A simple way to increase data security is to let employees know that their actions are being tracked. Employees are much less likely to engage in illicit or illegal behaviors when they know that their computers are subject to searching. This deterrent can be powerful, particularly when employees understand the weaknesses of their business’s IT infrastructure.
4. Monitor Communication
Proper tracking of employee behaviors is necessary to prevent internal losses of information. Forensic analysis of employee communication and behaviors provides visibility into the exchange of information across digital platforms and offers insight into suspicious behaviors in a breach. Investigators can monitor key variables when data is compromised to identify trends and establish the source of information loss.
IT security in the legal world is a never-ending battle. Legal firms must realize that they are vulnerable internally and externally, and take the precautions to keep client data safe.
Written by Desh Urs
As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.
Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.