When you think of a data breach, what comes to mind? It’s probably the image of a hacker stealing data from a large business or company that stores an abundance of customer data—like Target, for instance. Data breaches are expanding from companies and healthcare organizations and are also becoming a real concern for law firms.
Last summer, the computer networks of some of New York’s most prestigious law firms were hacked, leading to an FBI investigation. This is a growing trend among hackers, as they are obtaining sensitive client information, which leads to insider trading and other financial crimes as well.
According to ThreatPost, high-powered law firms have personal identifiable information of executives whose email and personal data are attractive to hackers interested in identity theft and financial crimes, such as fraudulent money transfers.
It should come as no surprise, then, that as the seventh highest target for cyber criminals, law firms are under increased pressure from clients to keep their data safe. Achieving ISO/IEC 27001:2013 (ISO 27001) certification can help protect your law firm in three big ways:
Secure client data:
Your clients entrust you with their sensitive information. When your firm is ISO 27001 certified, it means you are complying with worldwide specifications for managing the availability, integrity, and confidentiality of your information assets. But being certified doesn’t just mean your technology processes are working as they should. The ISO 27001 standard focuses on a management system, so information security is approached holistically, meaning the entire information security lifecycle is addressed including risks, processes, and people. The lifecycle approach is critical in today’s dynamic technology driven environments. Without it, security practices and procedures will quickly become outdated as a business and external threats change.
Unlike the healthcare and financial industries, there is no set of regulations or standards for the legal industry governing how law firms store and collect data. As a result, pursuing ISO 27001 certification is a relatively new endeavor for law firms. Having an ISO 27001 certification not only shows your clients you want to protect their valuable information, it can set you apart from your competition.
“Given that law firms have a lot of data, it's a natural trend that they would be focused on trying to make sure they have some sort of third-party assessment to ensure their customers that they take this very seriously,” explained Ryan Mackie, Schellman & Company’s ISO Certification Practice Director. “It is becoming more popular among law firms. There have been a handful of firms that have obtained ISO 27001 certification, and because of that, they've almost created that market,” Mackie said.
Better business resilience:
Becoming ISO 27001 certified protects your firm’s clients and intellectual data, and it can help prevent or minimize the damage sustained in a security breach. It is much more likely your firm can detect and stop a security breach in its early stages with the framework an ISO 27001 information management security (ISMS) puts in place, which can help you mitigate the impact of the breach.
The benefits of ISO 27001 certification are not industry specific reserved for financial, healthcare or government entities. The fact is, your law firm handles sensitive data, and whether you realize it or not, it is at risk for potential cyber-attacks. Protect your business and your clients by considering ISO 27001.