Given the nature of the information that law firms store, they are prime candidates for hackers who are seeking sensitive information. The major fear is that hackers will attack law firms in order to use this data to trade or to give them a commercial or military advantage. In addition, lawyers themselves can be soft targets for hackers, so IT specialists are working hard to protect these weaknesses.
While this sort of attack has yet to occur, no law firm wants to be the first victim.
This means that even law firms who think they’ve addressed every security risk may discover vulnerabilities they would not have thought of. This is because there is no way to secure every single entry into even the most secure system.
Inevitably, as law firms collect and store more data, securing this information not only becomes more difficult, but it also becomes more important. This puts more pressure on law firms to understand where their data is produced, (if applicable) when and where data is moved; as well as, who in the firm has access to stored data.
According to this handy glossary from Southern Connecticut State University, Information governance (IG) is defined as a set of multi-disciplinary structures, policies, procedures, processes and controls that are implemented to manage information at an enterprise level. In addition, IG works to support an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.
Using the concept Information governance gives IT departments the ability to take a tougher stance against attorneys within the organization, thus ensuring that convenience will not come before good security hygiene. In fact, in some firms, they have reached a point where they are saying no to partners in an attempt to ensure data security.
Since IG is so critical for legal IT departments, they must find a way to bridge the gap with lawyers and other staff at their firms. While lawyers need to adopt safer practices for securing data, they still need to be able to serve their clients. However, a solution to this problem will not come from an IT department alone—they will need the assistance of those who use it (i.e. lawyers) in order to devise a solution (or solutions) that will actually work.
Luckily, IT departments are seeing greater willingness from firms to invest in security due in part to massive data breaches (notable the one involving Target) last year that has put cybersecurity in the spotlight.