Project Management Institute

Protection Clause

The Legal Sector Is Desperate for Cybersecurity Projects

img

ISTOCKPHOTO

As harbors of sensitive client information, law firms are ripe targets for hackers. According to PwC's 2019 global survey, 100 percent of the top-10 surveyed law firms experienced a cybersecurity incident in the past year. And in the American Bar Association's 2019 Legal Technology Survey, the biggest concerns among U.S. lawyers are around poor and worsening cybersecurity approaches, particularly when it comes to cloud-based applications.

“Ten years ago, few law firms were making significant information and cybersecurity investments,” says Mark Walmsley, chief information security officer, Freshfields Bruckhaus Deringer, London, England. “Now, it's considered pure hygiene. It's a business basic principle.”

Yet despite the mounting urgency around legal data privacy, firms’ cybersecurity portfolios rarely match their level of concern. Of the standard precautionary security measures listed by the American Bar Association, the one most commonly used (secure socket layers) was implemented by only 35 percent of survey respondents. Legal teams are worried—and doing little about it.

Feeling the Heat

The cybersecurity push isn't just affecting law firms and their IT teams. The vendors that serve them are also feeling the pressure.

“Several years ago, security was mentioned during the request-for-proposal process, but it wasn't a key determining factor,” says David Carter, senior vice president and CIO, Aderant, Atlanta, Georgia, USA. Aderant provides accounting and related software solutions to 2,500 law firms globally. “Now we spend a tremendous amount of time answering clients’ questions about the security practices we apply as we develop and implement our software.”

Many of those concerns are swirling overhead. A growing number of law firms—58 percent in 2019, up from 55 percent in 2018—are moving their operations to the cloud. But the most commonly used cloud services are consumer platforms, such as Google Docs and Dropbox, not services designed specifically for law professionals.

With the rising anxiety around cybersecurity, “more and more firms ask for third-party certifications of the security regimes of any vendors providing software or IT,” Mr. Carter says. Vendors often must use remote access software for their client interactions, and they have to demonstrate that their own team members have been properly vetted.

As requirements expand, so do project schedules and budgets. That has to be communicated at a project's start, Mr. Carter says, and clients need to understand the benefits of integrating a project's security requirements from day one.

“Building security into IT projects upfront is cheaper than adding it on the back end of projects,” says Sean Thompson, director of information security, Aderant.

img

—Sean Thompson, Aderant, Atlanta, Georgia, USA

Defense Mechanism

Freshfields Bruckhaus Deringer no longer relies solely on traditional cybersecurity measures such as anti-virus and firewalls software to safeguard its clients’ confidential data. The U.K. firm is now investing heavily in cybersecurity projects that incorporate artificial intelligence. Since mid-2017, Freshfields has launched five proactive defense technologies that identify cybersecurity risks before they have a chance to penetrate the firm's security defenses.

To execute these projects, the Freshfields security team relies on a waterfall approach. “Agile delivery has many benefits but must be used with caution,” says Mr. Walmsley. “Agile is better suited to the development of client and business tools, but waterfall is preferred for the delivery of security technology or capability.”—Novid Parsi

Legal Action

Law firms are a hot target for hackers. Here are some of the biggest cybersecurity risks IT project teams must mitigate.

1 Unauthorized disclosure of confidential legal documents

It hurts: The global average cost of a data breach is US$3.9 million, according to the Ponemon Institute's 2019 Cost of a Data Breach Report.

2 Compromised emails

To address the threat, firms have begun to implement multifactor authentication, says Sean Thompson, director of information security, Aderant, Atlanta, Georgia, USA. “If there's a phishing attack, the second factor is still needed to gain access to sensitive emails.”

3 Ransomware

Hackers make their victims pay to recover captured information.

4 Legal malpractice

If a breach causes economic or reputational damage to clients, a law firm could be sued for not properly securing its systems, says David Carter, senior vice president and CIO, Aderant.

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited. For permission to reproduce this material, please contact PMI.

Advertisement

Advertisement

Related Content

  • Project Management Journal

    Team Collective Intelligence in Dynamically Complex Projects member content locked

    By Hansen, Morten Juel | Vaagen, Hajnalka | van Oorschot, Kim In concurrent engineering projects driven by short delivery times, team performance rests on the team’s capability to quickly and effectively handle different, emergent issues. We conducted an…

  • PM Network

    High-Wire Act

    By Parsi, Novid Seven years ago, government leaders in Alberta, Canada vowed to take a major step toward addressing the energy needs of the growing province. The resulting transmission line, the longest of its kind…

  • PMI White Papers

    The Impact of the COVID-19 Crisis on Project Business

    By Project Management Institute | Project Business Foundation This is a report on the results of a survey jointly conducted by PMI and the Project Business Foundation. The intention was to replace observations and opinions with reliable data. The mission was…

  • PM Network

    Árboles de la vida

    By Hendershot, Steve El mundo necesita más árboles, muchos más árboles, para mitigar el daño causado por la deforestación masiva. Brasil está destruyendo el equivalente a tres canchas de fútbol por minuto en la selva…

  • PM Network

    Riesgos elevados

    By Nilsson, Ryan Desde que los humanos han construido ciudades, han migrado hacia las costas en busca de alimento, facilidad de transporte y un sinnúmero de beneficios ecológicos.

Advertisement