- Qualcomm’s $2.4B Alphawave deal signals bold data center ambitions
- Is this the end of Intel-based Macs? Apple confirms bittersweet update policy for MacOS
- “고객 53%에겐 독이 됐다”···가트너가 경고한 ‘수동적 개인화’ 마케팅의 역설
- The best iOS 26 features announced at WWDC: I'm updating my iPhone for these reasons
- Your Apple Watch is getting a major upgrade. Here are the best features in WatchOS 26
#InfosecurityEurope2022: Lawyers Update Security for New Ways of Working
Legal and professional services firms need to adapt their technology and security to fit new ways of working, according to a senior CISO in the sector.
During a Talking Tactics session at Infosecurity Europe 2022, Christian Toon, CISO at legal practice Pinsent Masons, pointed out that law firms are staffed by “intelligent people who get confidentiality.” Yet, that does not automatically translate into an understanding of digital risks.
Firms also face a challenge dealing with high volumes of information across multiple formats. Some courts, for example, still require paper documents with “wet” signatures. “The volume and veracity of documents have been a pain point for us,” he told session moderator Tim Deluca-Smith, CMO at CoSoSys.
Although Pinsent Masons had flexible working in place before the COVID-19 pandemic, relatively few staff worked remotely. Law firms had quite a traditional culture based around being at the office. “We are slowly working through a digital transformation, not just us but the whole sector,” he said. Nevertheless, lawyers remain wedded to printed documents. During the pandemic, the firm “had to have white vans to pick up media to get rid of it,” he recalls.
Providing secure printing to home-based lawyers was just one task Toon’s department tackled during COVID-19. The firm also provides laptops – it does not currently support BYOD – and secure facilities for sharing information. If firms do not continue to invest in these areas, he warned, they are likely to see the continued growth of shadow IT, including the use of insecure, consumer-focused sharing services.
Firms also need to take steps to monitor traffic across their networks and monitor their endpoint devices. However, these need to be done in the context of the business. As Toon points out, staff might need to use USB devices or make large transfers of data out of regular hours in order to meet deadlines for court hearings.
Monitoring also needs to extend to tools such as Teams and Slack to maintain conflict of interest rules.
The firm is also finding that it needs to align its security tools with clients’ requirements. One client, for example, sends keywords for the firm to enter into its data loss prevention (DLP) software. “It is not just frameworks and standards, but the supply chain dictating it,” said Toon.
