The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/34686
contents June 2011 BEST PRACTICES Legal Information Risk — Action Plan and Roadmap A law firm has only a few principal assets: its reputation, its people, its relationships and the collective information for which it is responsible. Ensuring the quality of this information and protecting it from risk is critical to a firm’s viability. While many share responsibility for the quality of information, the CIO has the central role in handling risks that threaten its existence, accessibility, and security. IT’s hardware, software, and services, while complex and expensive, are simply the tools that help IT deliver on these responsibilities. We have assembled an action plan for some of the considerations when addressing nine risks to law firm information and a roadmap to outline key aspects of the expected future state. While not exhaustive, it is a useful guide for CIOs, COOs and security directors when considering their firm’s priorities and risk tolerance. action plan Risk: Theft by Internal Parties. Risk: Theft by External Parties. Security firms have conveyed that law firms are targets for obtaining informatio (n on law firm clients; hackers might not even bring their v rsity team to break in. Whether this situation drives law firms to third-party providers of infrastructure and secur ty services or improves internal procedures is yet to be seen but, in any case, security know-how is an IT responsibility that is growing in importance. Considerations include: For collaboration, law firms trust their own employees and provide wide access once logged onto the IT systems. Headline events of associates selling firm information for asy profit have not yet driven most firms to change this model although a small number of firms have done so). Firms can take more prudent steps and better protect sensitive information by moving to a “trust, but verify” model. Considerations include: • Consistent, automated ethical walls across major inf • Annual audit by third-party security specialist, i cluding penetration testing rmation systems (online accounting, business intelligence reports, time entry, document management, file shares, intranet and search results) • Expert (third-party or in-house) monitoring of WAN and firewall security incidents • Mature (consistent and fresh) software patch management procedures • Private folders and need-to-know project code names for sensitive matters not subjected to an ethical wall • Rights management and/or encryption applied to very sensitive client and firm documents • Secure client software for iPhone/iPad and other PDAs • Two-factor authentication (something you know, something you have) for network logon • Expiration dates on information, e.g., the information is purged or access is denied after a defined period of time • Automated monitoring for extraordinary events (e.g., mass export or printing) • Password policies to ensure appropriate complexity and occasional change • Clear information security design and incident response responsibilities, including appropriate training 30 www.iltanet.org Peer to Peer • Secured screen savers and daily log-out policies 9 10 36 42 44 48 54 Letter from the Director Best Practices Ask the Expert Tech Focus Ask the Vendor Smart Moves Case Studies Close to the Edge: IT’s Fight to Stay Ahead of the Curve................................... 64 From Immalleable to Agile: The New Business of Law ....................... 72 New Competition for Your Clients’ Work ........... 76 The New Rules for Law Schools .................. 85 The Impending Demise of Cost Recovery .......... 92 Discovery 2020: A High-Stakes Tale of Survival of the Fittest ......................... 98 A Self-Service Legal Helpdesk? Not So Fast ....... 102 ILTA Conference Session 2020: The Success of Being Truly Integrated ............ 108 features PAGE 62 Close to the Edge: IT’s Fight to Stay Ahead of the Curve by Tom Koulopoulos The debate about the relevance of IT has been raging for at least the last decade. The bottom line is that your firm is in a competitive arms race to cut out as many costs as possible, and IT is squarely in the crosshairs of that effort. But the arguments about whether IT is a commodity typically leave out one very important variable — namely, what is the core competency of IT? Now, here is a radical thought: What if the core competency of IT isn’t IT? PAGE 70 From Immalleable to Agile: The New Business of Law by Tony Abena PAGE 74 New Competition for Your Clients’ Work by Michael D. Bell and Bradley S. Blickstein PAGE 83 The New Rules for Law Schools by Barbara Gontrum PAGE 90 The Impending Demise of Cost Recovery by Robert C. Mattern Peer to Peer the quarterly magazine of ILTA 61 PAGE 96 Discovery 2020: A High-Stakes Tale of Survival of the Fittest by Howard J. Reissner PAGE 100 A Self-Service Legal Helpdesk? Not So Fast by Lance Waagner PAGE 106 ILTA Conference Session 2020: The Success of Being Truly Integrated by Norm Mullock 123 124 Letter from the President Member Resources New Members, Event Calendar and More Peer to Peer the quarterly magazine of ILTA 7 132 Inside ILTA INSIGHT Recap, Ignite Law, ILTA 2011, Lessons Learned and More