Insights hero banner (short)


Bringing our best ideas and thinking to you.

Blog Post

August 13, 2018

Share this page:

Law Firms and Information Governance

By John Desborough

Even law firms are worried about being hacked!

In December 2016, the Wall Street Journal published an article about US law firms being hacked "Cyberattack Exposes Law Firms' Weak Spots". Since then, many firms have reported in the media that they have upgraded their security to prevent attacks.

Improving perimeter security is not the only thing they need to do - hackers can and will eventually get by a firm's perimeter security. If they do, using phishing or other methods, they may be able to access emails, documents, etc. inside the firm.

With a strong information governance strategy and approach, law firms can remove broad-based access to information and can restrict access to only those who need to access this material for their business purpose. Encrypting and protecting work products with multiple authentication mechanisms can also be protect information from hackers.

Putting in place a strong information governance strategy can be accomplished by following these steps:

  • Educate and train the users on the information governance requirements and processes;
  • Use strict security models including sharing files in a secure fashion (i.e. encrypted);
  • Store work product in governed locations and under enforced data retention policies; and,
  • Use information governance analytics to understand how the information is being accessed and by whom.

Law firms should follow these steps in order to put in place a strong information governance strategy that allows them to fend off most cyber attackers and also to prevent, or at least mitigate, any damage from attackers that do find a way through their perimeter security systems.

John Desborough is a Director, Consulting and Technology Solutions at MNP. He is an accomplished business solutions program manager and business transformation architect with 30+ years in the information and technology consulting domain. John has extensive background in information management and governance with both public and private sector clients on a global scale. Drop John a line to discuss this topic in more detail: [email protected]