If the 2016 presidential election brought any single issue to the forefront, it was the importance of information security. History may well decide that Democratic candidate Hillary Clinton was harmed by her attempts to use a personal server for classified information while she was secretary of State; and history will almost certainly decide that Republican candidate Donald Trump was helped by the WikiLeaks release of data damaging to the Democrats.
But it’s not just politicians who pay a price when information isn’t secure; so can businesses and law firms.
That’s why last year I took steps to ensure that Berry Appleman & Leiden became a law firm where our information is secured. We decided that our clients and our firm deserve the best information security possible. And now we have it.
The process we used is established by the International Standardization Organization (ISO). ISO 27001 is the international standard published by the organization. Essentially, ISO 27001 provides the methodology for implementing information security management in an organization. What that means is that at BAL we now have a comprehensive and well-established information security management function based on methods we use that allow us to establish a dedicated information security function. The program allows us to take measures to protect our clients’ data in a constantly changing environment of cyber risks. More specifically, the program allows us to handle external threats and trends in the cyber world driven by geopolitical struggles, technology advancements and compliance changes.
Still, many businesses think they have time to delay dealing with cyberattacks. They should think again.
During the past few years in my industry, we’ve seen law firms experience an increase in cyber risk. And that risk continues to grow. After all, law firms historically have not operated with security integrated into their standard business operations. As a result, these law firms are an inviting target to hackers. Indeed, there is reason to believe that hackers are much more interested in legal information than they have been in the past. Historically, cybercrime has focused largely on personal financial data. But today’s financial data is worth pennies to the dollar. The black market for data has shifted from personal financial data to corporate intelligence and health care information. Not to mention, law firms hold exorbitant amounts of data from a variety of high profile companies, all in one place.
In fact, one source suggests that law firms are now the third most targeted industry for cyberattack behind only financial and retail businesses. And the number of attacks will only grow as hackers use law firms as a backdoor entry to data for their high-profile clients.
Examples of this growth are already being seen in law firms around the world.
Last year, a hacker based in Ukraine using the alias “Oleras” publicly advertised his services targeting law firms. In the United States, hackers breached networks at several firms representing Fortune 500 companies, including powerful legal names like Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. And of course, the Panama Papers represented 11.5 million documents of leaked attorney-client privilege.
The legal community is the growth market for cyberattackers. And that means law firms need to be prepared for the inevitable attacks. But so do all businesses.
Protecting your business
At BAL, here is how we do it. We pledge to our clients that their data privacy and protection are a top concern. That’s why we are ISO-certified.
For every client, we complete external assessments to ensure that we are protecting our clients’ data according to best practice. We work not only with the client but with their employee to protect all the data involved. In other words, we not only want to protect the business but their employee as well.
Having the third-party certification completed annually is helpful to our clients. It gives them confidence that a process is in place to protect their information. They can trust the independent assessment of our controls in place, the effectiveness of the controls and the ongoing management of our Information Security Management System in a quickly changing world.
At BAL, we believe the investment in our information security system is already producing dividends. Not only do our users, technologies and business processes provide compliance with legal requirements, but they offer our clients the peace of mind of knowing that their data is safe and secured.
The challenge of information security is real and growing. Not long ago, businesses thought that challenge could be handled in the future. No more. The challenge is here now and the need for certification has arrived.
For the sake of your business, an effective, dedicated information security program must be established before it’s too late.
Jeremy Fudge is managing partner of Berry Appleman & Leiden, one of the largest corporate immigration law firms in the world. He is based in the firm’s North Texas office. www.balglobal.com/
WFAA Channel 8 did a story on information security with Jeremy Fudge: