Security needs wide range of tactics

By Elizabeth Millard
The Daily Record Newswire

MINNEAPOLIS - Having a single piece of hardware or software that can protect a firm's entire information stream is somewhat like going completely paperless - the vision is there, but the innovation isn't a reality just yet.

In part, that's because "security" covers an array of areas, like device lockdown, associate best practices, courtroom technology use, regulatory mandates, and other issues. But while each of these challenges has its own nuances, there are ways that a firm can create a stronger-yet-efficient security mix that benefits employees instead of hinders them.

Here are tips for creating a tougher security blend at your firm:

Create an internal working group: Assessing current security and developing language for security governance statements is more effective when handled with a team-based approach. "We established an internal working group dedicated to addressing security concerns as well as HIPAA and other regulatory requirements," says Courtney Ward-Reichard, a shareholder at Nilan Johnson Lewis who's been chair of the firm's technology committee.

Developing a technology committee is helpful, but having a security-focused working group either within that committee or as a separate team can be useful for setting goals, developing training materials, and keeping on top of regulation changes.

Keep on top of security regulations: A firm may get to a point where all regulatory mandates are being followed perfectly, but what happens if the practice expands, or a merger occurs? In January, Stinson Leonard Street launched - as a merger between Stinson Morrison Hecker and Leonard, Street and Deinard - and now has business operations in 14 cities, with over 500 attorneys. The melding of each firm's electronic systems is still ongoing, but one of the first areas to be addressed is security, says Vic Peterson, the firm's chief information officer.

"The new firm has an expanded banking practice, which pushes more sensitive data through the system," he notes.

In order to drive meaningful change, the firm works on creating goals that involve security measures and implementing better security protocols with sensitivity to rapid cultural change, Peterson says.

Develop training that works: While it would be useful for all attorneys and partners at a firm to sit down for an hour-long presentation on best security practices, the reality is that pinning down busy attorneys for even 15 minutes can be challenging.

At Nilan Johnson Lewis, database and applications manager Sarah Didrikson uses one-on-one training for technology issues like security, and has also developed a firm intranet that includes a database of customized reference materials.

Get a security checkup: In light of increased subcontractor security measures, some firms have put better controls into their technology plans. This can include bringing in an outside security firm to check for gaps that might be affecting overall operations, according to Jeremiah Talamantes, founder and managing partner of Minneapolis-based consulting firm RedTeam Security.

These companies can visit subcontractor sites to determine whether they are following appropriate information security practices.

"Before two organizations engage in a partnership that includes the exchange of sensitive data and access to network or physical resources, the advice of an information security consultant should be sought out," says Talamantes.

Ward-Reichard notes that the firm brought in an outside consultant to assess the current security mix and develop language for security governance statements.


Elizabeth Millard has been writing about technology for nearly 20 years. Her work has appeared in ABA Journal, Law Office Computing, Business 2.0, eWeek, and TechNewsWorld.

Published: Tue, Sep 09, 2014


  1. No comments
Sign in to post a comment »