- I use this cheap Android tablet more than my iPad Pro - and it costs a fraction of the price
- How to detect this infamous NSO spyware on your phone for just $1
- I let my 8-year-old test this Android phone for kids. Here's what you should know before buying
- 3 lucrative side hustles you can start right now with OpenAI's Sora video generator
- How to use Microsoft's Copilot AI on Linux
#InfosecurityEurope2022: Lawyers Update Security for New Ways of Working
Legal and professional services firms need to adapt their technology and security to fit new ways of working, according to a senior CISO in the sector.
During a Talking Tactics session at Infosecurity Europe 2022, Christian Toon, CISO at legal practice Pinsent Masons, pointed out that law firms are staffed by “intelligent people who get confidentiality.” Yet, that does not automatically translate into an understanding of digital risks.
Firms also face a challenge dealing with high volumes of information across multiple formats. Some courts, for example, still require paper documents with “wet” signatures. “The volume and veracity of documents have been a pain point for us,” he told session moderator Tim Deluca-Smith, CMO at CoSoSys.
Although Pinsent Masons had flexible working in place before the COVID-19 pandemic, relatively few staff worked remotely. Law firms had quite a traditional culture based around being at the office. “We are slowly working through a digital transformation, not just us but the whole sector,” he said. Nevertheless, lawyers remain wedded to printed documents. During the pandemic, the firm “had to have white vans to pick up media to get rid of it,” he recalls.
Providing secure printing to home-based lawyers was just one task Toon’s department tackled during COVID-19. The firm also provides laptops – it does not currently support BYOD – and secure facilities for sharing information. If firms do not continue to invest in these areas, he warned, they are likely to see the continued growth of shadow IT, including the use of insecure, consumer-focused sharing services.
Firms also need to take steps to monitor traffic across their networks and monitor their endpoint devices. However, these need to be done in the context of the business. As Toon points out, staff might need to use USB devices or make large transfers of data out of regular hours in order to meet deadlines for court hearings.
Monitoring also needs to extend to tools such as Teams and Slack to maintain conflict of interest rules.
The firm is also finding that it needs to align its security tools with clients’ requirements. One client, for example, sends keywords for the firm to enter into its data loss prevention (DLP) software. “It is not just frameworks and standards, but the supply chain dictating it,” said Toon.
