Hacking has gone from the blood sport of supernerds, who hacked systems just to prove they could, to economic espionage. The bigger the deal, the bigger the effort. Another type of hacker called “hacktivists” attempt to promote political issues through hacking. Both have proven that, once the firewall has been breached, a hacker meets few barriers to data access.
While law firms can clearly tighten their outer defenses with the latest firewalls, two-factor authentication, and other mechanisms, an outer defense is not likely to be enough. Just as castles in Medieval times protected themselves with rings of defenses—the moat, outer wall, internal wall, and the last place of refuge, the tower—law firms today need to build rings of defenses that give them multiple opportunities to prevent harm if their firewall gets breached. Potentially that could include:
- Controlling the desktop with strong password policies and by restricting the ability of lawyers to install software
- Strictly limiting the number of superusers
- Strictly limiting the information available to the help desk and local office IT support staff
- Automatically enforcing the firm’s ethical walls and information barriers
Two different strategies can be used to limit access in a public security model that most of us work in:
- Make matters confidential to a limited group of people
- Employ a hybrid model, where work-in-progress drafts remain public but third-party, email, and finished content are secured
From a knowledge management perspective, the hybrid model gives lawyers the ability to leverage prior work product. The other advantage of the hybrid model is that, in addition to providing another ring of defense to prevent hacking, you limit access to private information and other client confidences contained in the third-party content and email. This has become vital.
Prosperoware has discussed this subject in more depth in a whitepaper, which you can access here. I’d love to hear your thoughts.