Cybersecurity & Risk Management

Cybersecurity & Risk Management

Need-to-Know Security and Ethical Walls

Hacking happens. Thousands of breaches happen every year, exposing millions of records. Client expectations have changed. Cybersecurity and privacy regulations are increasing. Firms can no longer operate ‘open access’ security inside the firm. They must lockdown content and limit everyone’s access as appropriate. Without the right technology, it can prove painful.

Security Challenges are Inevitable

Protect Client Data in the Era of Hackers and Bad Actors

Firms are nervous about changing to need-to-know security. Lawyers rely heavily on past work product for completing new work. Partners worry that the extra hurdle will delay their work and impact client service. Records, InfoGov, and KM professionals worry end-users will circumvent document management and other systems to avoid the hassle, choosing to rather save and email documents outside the protection of the DMS.

Good Security Solutions Don’t Get in the Way of Work

The right technology makes the process better

Accommodate the ‘people + process + technology’ equation

Recognize the complex workflow and collaboration needs of legal professionals

Simplify the process and don't get in the way of users

Match the Solution to the Problem

Prosperoware can help

Making Self-Service Work: Push and Pull

Good technology creates efficient workflow. End-users should have the ability to help determine who can access a matter while Risk delegates decision-making authority as appropriate: limited to the Risk team, the client/matter partner, client/matter team, or simply self-determined (closer to an ‘open access and audited, once requested’ model).

The system needs ‘push’ access, where one person authorizes and delivers access to another, or ‘pull’, whereby a user seeking access can request it and an automated alert is sent to the appropriate authority to either grant or deny access. Automation makes this kind of solution work at scale.

Partial, Secure Access for Specialists

Some matters require a specialist to review or complete individual sections or documents. But, clients today expect access to be limited to ‘as needed,’ and regulations mandate ‘least privilege’ access. This means folder and document-level security is necessary to avoid running afoul of expectations.

Temporary Access

Firms have professionals who work across teams, fostering their expertise, and contributing towards a flexible, cost-effective work environment. Firms need temporary or ‘timed’ access that revokes automatically ensures compliance without becoming cumbersome to accommodate them.

Security Assisted by Analytics

Firms need to track activity in their DMS, including history and audit tables. The reporting needs to be secured, to enable Risk Managers or General Counsel to ensure policy compliance – without alerting the individuals involved. Investigators need access to regular, automatic reporting through email and the ability to run ad hoc reports. The document contents should be viewable without leaving a telltale footprint in the DMS history tables.

Preventing Too Much Security?

 

Though firms can never be too secure, it doesn’t make sense to secure public data or data that’s become public. This could include pleadings, court rulings, public filings, agreements filed with the SEC, etc. Because this information is initially private, a fluid approach to confidentiality management will improve KM and end-user adoption.

Confidentiality Manager

Achieve harmony between the need for security and the realities of work