Blog

Konica Minolta Blog

Konica Minolta's blog provides valuable insights from executives and key contributors focusing on IT and cloud services, information management, and enterprise content solutions for your industry and practice. Our unique mix of innovation and expertise provides our readers with technology solutions to help their business run more efficiently. Check back often for updates on timely industry news commentary or subscribe to our RSS feed.  

  • Insights
  • Recent Posts
  • Popular Posts
  • Popular Tags

  • No Rest For The Treasure Trove

    , U.S. Legal Practice Director, All Covered

    Marco Maggio

    U.S. Legal Practice Director
    All Covered


    Marco is the U.S. Director of All Covered’s Legal Practice and is responsible for the strategy, marketing, and education of the national Legal Practice. Marco owns the legal vertical portfolio development & management and holds the vendor relationships for a myriad of best-in-class legal applications. Marco has held sales & marketing executive leadership positions at organizations such as Lanier, Mosaic, Ricoh and Hewlett Packard before joining Konica Minolta. In the past Marco has led sales & support teams for various services into corporate legal departments and law firms such as scanning, indexing, litigation support, litigation copy, facilities management, and legal staff augmentation. Marco holds degrees in industrial engineering, marketing & communication arts. He currently serves on the NYC-ALA Business Partner Advisory Committee and he is also regularly published and speaks at events nationwide specifically for the legal industry on topics such as: cybersecurity, compliance, cloud services, social media marketing, and various other enabling technologies.

     

    legal pic

    As high-profile breaches continue to increase and flood the news every week, so does attention to the growing concern of protecting all types of data. Hackers have discovered that one of the easiest routes to a corporation’s data is through third parties.

    In fact, law firms and accounting firms were labeled a “treasure trove” last year by countless articles and blogs, and the name has apparently stuck. As a result, clients and corporations have started placing an ever-growing list of demands on the firms that have their data to prove it is and will be secure. No longer is it commercially acceptable to tell your clients that their data is safe because your IT department claims it is. This applies to all sizes of firms. It’s the value of the clients’ data — and not attorney count — that drives the need for higher levels of security and attestation.

    This produces a challenge that the U.S. legal community continues to struggle with, and rightly so. It’s not just about being secure anymore; it’s all about being secure in a demonstrable way. The inherent challenge becomes the definition and acceptability of what are commercially “reasonable” efforts for a law firm to protect data? This conundrum has spawned the demand for sound cybersecurity plans and policies and proven attestation strategies to defend and justify controls and practices for law firms. What becomes even more troubling is that firms need to prove their security measures to their clients, to auditors and regulators, insurance companies, law enforcement, and, potentially, to the public. Legislation and industry associations are chiming in, but they have not established a definitive baseline for what is “reasonable” in terms of controls or proof to protect data. Opinions vary greatly when comments are made about taking steps in the right direction with recent legislation such as the Cybersecurity Act of 2015, Cybersecurity Enhancement Act of 2014, National Cybersecurity Protection Act of 2014, and upcoming decision around the Cyber Intelligence Sharing and Protection Act and Data Security and Breach Notification Acts of 2015.

    With all of the attention on this matter, there is still a common misconception that small firms or firms without healthcare or financial service-centric practices do not have a true need to develop a plan or attestation strategy. The fact is, although this is not a finite issue and not all firms require the same levels of attestation, no firm is too small to overlook or adequately address cybersecurity through “reasonable” efforts. Although there will be on average more requirements for evidentiary proof of security and demands placed on medium-sized and large law firms, firms of all sizes should address the issue proactively. Again, the size of the firm becomes somewhat irrelevant as it is based on their client base, practice areas, and the industries that they serve.

    What should you do to prepare for your next attack and/or the next clients request for proof of protection? Advice that I would give to a law firm who is struggling with this mounting challenge or to define “reasonable” effort for their firm would start with a few easy steps:

    1. Talk to your clients and understand their regulatory requirements and their expectations of your firm.
    2. Establish a baseline through vulnerability assessments and penetration testing in order to prioritize your plans.
    3. Either get certified or at least map to an industry-accepted cybersecurity frameworks such as ISO 27001/02, NIST, PCI, etc.
    4. Make sure that the practices and policies in place are manageable and “reasonable” in your clients’ eyes.
    5. Deploy centralized managed endpoint security and institute automated patch management.
    6. Encrypt your data.
    7. Educate employees on their roles in security and the most prevalent threats.
    8. Partition and limit data to only those who need access to it.
    9. Ensure that you have a data backup system in place and periodically test your backups.
    10. Have a plan in place before you need it.

    Cybersecurity and attestation present a growing issue that has neither a definitive fix, nor a resolution in sight. One of the key themes is not to try to win this war all on your own. If you need help, get help. There are a lot of experts, such as All Covered, the IT Services division of Konica Minolta, that understand your clients’ requirements and can help you with an in-depth understanding of true best practices.

    Your goal should be to understand the threat and proactively prepare for the inevitable. With the right plan and help, you should be able to put your partners’ and clients’ minds at ease and focus on the practice of law.

    March 22, 2016

    Content Management, From Our Experts, Security, Solutions, Strategy

    , , , , , , , ,