More and more, law firms are receiving inquiries from potential clients about how the firm protects data privacy. These prospects are usually large corporations that would represent a big share of the firm’s business. However, these are not simple requests, but include a laundry list of specific security requirements. The law firm has to clarify which measures they have in place, and which they lack. The implication that wrong answers could jeopardize the relationship is quite clear.
These large clients can afford to invest heavily in data security. Now, they are asking their legal partners to implement the same practices as their in-house cybersecurity teams. And who can blame them for seeking reassurance? The legal firm would handle some of the most sensitive data that these corporations own.
What Corporate Clients Want from Law Firms
Clearly, if the law firm misrepresents the safeguards they have in place, a subsequent breach would open them to tremendous liability. But actually putting the safeguards in place is expensive and extremely difficult for most firms. Although the requirements will differ from client to client, a representative list includes:
- Data encryption, both for data at rest on servers that contain client files, and data in motion for email and other electronic communication
- Antivirus or other endpoint security measures activated and regularly updated throughout the environment
- Documented risk assessments on a periodic basis
- Penetration testing, vulnerability scanning or both on a periodic basis, either yearly or quarterly
- Documented incident response framework or other documentation of incident response procedures, often specifying 24x7 response
- 24x7 log data capture and analysis for detecting attacks, anomalies and other activity that could lead to a data breach
Some of these requirements are outside the native skill set of a legal firm’s IT department. The requirement for around-the-clock monitoring and response capability is simply beyond the means of most law firms to accomplish in-house.
Meeting the Requirements — Without Breaking the Bank
Fortunately, law firms can tap into the economies of scale delivered by a managed security service provider (MSSP) such as SOCBOX. By engaging our services, law firms have been able to check all the boxes and reassure their clients that all the required measures are in place. We help legal firms stay focused on what they do best: providing counsel for their important clients.
Typically, set up of the entire security posture takes 30 days or less. If your firm receives one of these requests from a potential client, or if you just want to be ready for the next big one, schedule a consultation with one of our security engineers. Contact us here or call 877-284-7789.