With the recent theft and exposure of 11.5 million documents from Panamanian law firm Mossack Fonseca, cyber security firm IT Governance is urging law firms to strengthen their information security practices straightaway.
“All law firms should take the Panama breach as a major wake-up call,” says founder and executive chairman of IT Governance, Alan Calder. “Law firms have notoriously been targets for cyber criminals because of the sensitive information they possess. More recently, the scale and devastation that cyber breaches cause means that law firms need to consider their cyber security posture right now.”
Law firms were ranked the seventh highest target for cyber criminals by CISCO’s last Annual Security Report
and the UK’s Information Commissioner’s Office (ICO) investigated 173 law firms two years ago over data protection breaches.
As the ICO
itself notes, ‘There is no “one size fits all” solution to information security. The security measures that are appropriate for an organisation will depend on its circumstances, so you should adopt a risk-based approach to deciding what level of security you need.’
An ISO 27001-compliant information security management system
(ISMS) provides a risk-based approach to data security that can be applied across the firm and throughout the supply chain. Once your ISMS has been certified to the Standard, you can insist that third-party contractors and suppliers also achieve certification. In addition to this, the external validation offered by ISO 27001 certification is likely to improve your organisation’s cyber security posture and business efficiency, while providing a higher level of confidence to customers and stakeholders, as well as allowing you to meet your legal and regulatory data protection obligations.
“Many leading law firms have already achieved certification to the Standard as a means of proving their commitment to securing their clients’ data,” Calder continues.
Having worked with top law firms including Eversheds, Freshfields, and Slaughter and May, IT Governance knows the importance of implementing robust information security best practices
within the legal profession. It also knows how important it is to have experienced, practical consultants on hand to guide firms through the ISO 27001 implementation process.
For more information about ISO 27001 and how it can benefit your firm, download the free paper, ISO 27001 for Law Firms >>