We’ve been publishing a series of posts tied to the importance of data security audits at law firms and some of the key things that firms need to understand about their responsibilities. In previous articles (click here and here), we shared some of the overarching trends in data security audits and explored the art of interpreting data security audits.
This week, we take a look at the idea of “co-education” – insurance companies, corporate counsel, outside law firms and data security providers all sharing educational information with each other – and the benefits of that open conversation.
“We always hear about the complex hacking attempts out there, but one pattern we see in cybersecurity is that criminals are increasingly going after the simple attacks first,” said Jeff Norris, CISSP, senior director of data security for LexisNexis Managed Technology Services. “Any hacker that comes after a big company will leave behind a digital bread crumb trail that investigators will eventually find, so sophisticated cyber criminals are going after softer online targets. This makes it important that we’re all sharing information and lessons learned from these events.”
LexisNexis recently partnered with Lewis Brisbois to host a CLE panel event in Los Angeles: “How to Interpret and Meaningfully Comply with Audits?” The panelists included: Gordon Calhoun, chair of electronic discovery, information management and compliance, Lewis Brisbois Bisgaard & Smith LLP; David L. Hansen, director of compliance, NetDocuments; Aaron Laderman, regional underwriting manager, AIG; and Norris.
The panelists advised that major commercial insurance companies have pioneered the concept of co-education by making available certain resources and best practices to corporate clients, based on their experience dealing with data security incidents and helping companies recover from cyber attacks.
“A big part of what we do is educate our clients about their risk profile,” said Laderman. “My team has the opportunity to see a broad spectrum of the market. We can’t divulge any specific client details, but we have general knowledge about clients in various industries that have been victimized by cyber attacks and we can transfer some of our knowledge with other clients in similar industries than may have similar exposure.”
The importance of exchanging information and data security co-education within the legal community was given a significant push earlier this year in the wake of a number of high-profile data breaches involving law firms. Some of that push was initially driven by corporate clients — particularly those in the financial services industry – and now data security audits have become a key way for law firms to demonstrate their commitment to the same cybersecurity standards as their clients.
“I think the message here is that education is a long and arduous process,” said Calhoun. “The ways in which law firms and other businesses can be compromised are increasing enormously. There are new exploits and new malware coming out on a consistent basis.”
To view a video clip including the panelists’ discussion about the value of co-education in data security, please click here. Next week, we’ll share more highlights from the data security audits panel in Los Angeles.