On March 5th, our CEO AJ Shankar had a piece published in Bloomberg Law, with his take on why the legal industry should take the lead on improving security:
Data security is important, but doubly so in litigation: often what’s at stake isn’t just any old data, but instead a client’s most sensitive information, and it’s typically passed between opposing parties without a comprehensive understanding of how it’s going to be secured.
I propose creating a unified set of tiered security standards, from which parties can agree on a single tier based on the circumstances, to better facilitate meeting the responsibility to secure client data established in Rule 1.6 of the ABA’s Model Rules of Professional Conduct.
Securing sensitive data isn’t easy. It isn’t as simple as using encryption or ensuring that your vendor’s hardware provider has a particular certification. It is a holistic process, covering everyone who can access the data, from technicians to document reviewers to vendor support staff to law firm partners. Attacks are as likely to come through exploitation of human vulnerabilities, such as phishing, as they are through technical means.