Issue link: http://read.uberflip.com/i/45522
"The malware infection in our machines has decreased by 80 percent." sentenced to two and a half years in prison. He has also been disbarred and fined $378,000. The sentencing judge called out the lawyer's actions as harmful to the reputation of the legal profession. IS YOUR FIRM READY FOR AN INFORMATION SECURITY PROGRAM? Looking back at the last two statistics on the Verizon report, they're a little deceiving. Over 85 percent of the data-loss incidents were discoverable and over 95 percent were deemed avoidable with simple controls. This makes it sound like the events were "easily" avoidable. Based on these findings, we all need to answer two questions before building a solid information security program: • Does my law firm have the "simple controls" in place that could avoid a potential problem? 46 Risky Business ILTA White Paper • Does my law firm have the proper staff to not only implement those controls, but also monitor activities and detect a potential attack or issue? When it comes to law firm information security, I believe that you must hire the best resources that your firm can afford. Whether internal or outsourced, this group must have the skills, knowledge and management support to do what they need to do in order to preserve your firm's data, which is confidential and often subject to different regulations. Hiring partners in the form of software-as-a-service (SaaS) and managed service providers (MSP) might make sense for many small to mid-sized law firms, as hiring your own resources with those skills will certainly be very costly. In their book "Security Strategy: From Requirement to Reality," authors Bill Stackpole and Eric Oksendahl define three different approaches that organizations have been using for their security strategy: