The massive data breach at Mossack Fonseca, yielding a trove of some 11.5 million documents, should be ample demonstration for all law firms that improving their cyber security ought to be an immediate necessity, not a vague ambition.
Irrespective of the nature of their clients’ business, all law firms will hold a vast amount of data that neither they nor their clients will want to be made public – and there will also be innumerable people who want to get their hands on it.
Is your law firm certain that it’s doing all it can to ensure the security of that information?
Information security isn’t just a job for the IT department: it’s the responsibility of every single employee, from partners to trainees, from clerical staff to cleaners. Everyone who comes into any contact with information must follow an agreed approach to ensuring its security.
Using international best practice
The international standard for information security management, ISO/IEC 27001:2013, is a holistic approach to information security that can be applied across the organisation and throughout the supply chain.
And because it’s based on the results of regular risk assessments, an ISO 27001-compliant information security management system (ISMS) covers everything that might put your information at risk – people, processes and technology.
That’s why clients and firms alike should insist on ISO 27001 certification.
The external validation offered by accredited ISO 27001 certification is likely to improve your organisation’s cyber security posture and business efficiency while providing a higher level of confidence to customers and stakeholders, as well as allowing you to meet your legal, regulatory and contractual data protection obligations. And once your ISMS has been certified to the Standard, you can insist that third-party contractors and suppliers also achieve certification, providing confidence about your supply chain’s security too.
Accredited certification to the Standard is recognised the world over as the hallmark of best-practice information security, which is why thousands of organisations, including governments, require their supply chains to achieve ISO 27001 certification.
ISO 27001 adoption among the legal profession
According to the latest ISO Survey, there was a 17.6% growth in the number of ISO 27001 certificates in the UK last year, and many leading law firms, including Allen & Overy, Bond Pearce and Clifford Chance have already achieved certification to the Standard as a means of proving their commitment to securing their clients’ data:
“This certification provides real business benefits when working with our clients and future clients, especially within the financial industry.”
Allen & Overy
“Retaining our ISO 27001 certification demonstrates our high level commitment and understanding of security requirements to ensure our client information and data remains fully secure.”
“It is quite surprising other law firms haven’t adopted this, but they tend to operate on a peer review system. Hopefully if they see others in the same field trying for it, they will do the same.”
Free paper: ISO 27001 for Law Firms
The good news is that it’s very likely that you already have many of ISO 27001’s controls in place, so bringing your current practices into line with the Standard could well be within your grasp.
Having worked with top law firms including Eversheds, Freshfields, and Slaughter and May, IT Governance knows the importance of implementing robust information security best practices within the legal profession.
For more information about ISO 27001, and to learn how we can help your firm achieve a robust information security posture, download our free paper, ISO 27001 for Law Firms >>