Blogs

The Purge!

By Rebecca Sattin posted 12-21-2023
Be the first person to like this post.
Please enjoy this blog authored by Rebecca Sattin, Senior Director, Partner Success, NetDocuments. Setting Up for Success in 2024: Strategies for Managing Data for Departing Users In this blog post, the author will discuss ideas on how firms may consider implementing strategies that purge departed user data and secure management approval to do so. _________________________________________________________________________________________________________________________________________________________ Having a sound information governance policy is a necessity for any business, and particularly law firms as they are responsible for keeping ...
0 comments

Becoming a Modern CISO

By Andrea Scholfield posted 10-04-2023
1 person like s this.
Please enjoy this blog posted on behalf of: Carlos Rodriguez, CEO & vCISO, CA2Security. The Modern CISO must become a trusted business leader. The modern Chief Information Security Officer (CISO) at leading law firms must evolve from being a purely technical cybersecurity role to a strategic leader that can enable attorneys to practice law securely and safely by forging connections across practice groups, supporting departments and clients, influence decision-making; be a servant and trusted advisors; and have an in-depth understanding of The Firm's goals and culture. This shift in responsibilities demands a new skill set beyond technical prowess. ...
0 comments

Addressing the Ransomware Threat

By Kevin Foster posted 06-29-2023
Be the first person to like this post.
Please enjoy this blog posted by the author, Kevin J. Foster, Sr., Cybersecurity Operations Coordinator, White and Williams LLP. Introduction: For an era where technology plays a pivotal role in every industry, law firms are increasingly becoming targets of sophisticated cyber-attacks. Among these, ransomware attacks have emerged as a significant concern, posing grave risks to sensitive client data and business continuity. To safeguard their operations, law firms must implement robust tool changes and establish comprehensive policies that can effectively combat modern ransomware attacks. In this article, we will explore the evolving nature of ransomware ...
0 comments

How to Win the Talent War for Cyber Security Professionals

By David Whale posted 01-09-2023
Be the first person to like this post.
Hiring cyber security professionals to fill current vacancies is one of the toughest and most important challenges we face when trying to build out a successful cybersecurity team. A strong team with a good bond is important and that can be hard to accomplish when supply is low and demand is high. The cybersecurity market quickly evolved into a global market over the pandemic and with work from home options available the competition for limited resources is fierce. This blog will look take a look at what you can do to stand out when trying to fill that vacancy and ways to think outside of the box to land that next hire. The competition for professionals is ...
0 comments

Data Governance in the Cloud for Law Firms

By Reggie Pool posted 12-17-2021
Be the first person to like this post.
Please enjoy this blog post co-authored by Dan Phelps, 3Cloud and Reggie Pool, HBR Consulting With cloud adoption accelerating in the legal industry over the past two years, earlier in this year, 3Cloud and HBR set out to speak with IT leaders in the legal industry to understand their priorities for using cloud over the next 12 months. Through these conversations, we learned that CIOs are exploring how cloud platforms like Microsoft Azure can help them secure sensitive data, meet data privacy requirements, and enable better decision-making with 360-degree views of data and improved analytics tools. While making the move to the cloud can be instrumental ...
0 comments

Cybersecurity Maturity Models – A 40,000 Foot Overview

By David Whale posted 12-17-2021
2 people like this.
Please enjoy this blog post authored by David Whale, Director Information Security, Fasken Martineau Dumoulin LLP The world of cybersecurity maturity models is on par with going to your favorite buffet (pre-Covid of course) for your birthday dinner. So many options. Government based frameworks, regulatory based frameworks, development based framework, cloud based frameworks, Internet of Things based frameworks… Where to start? How to start? This blog post will take a high level look at 10 of the more popular frameworks in hopes of making your questions clearer then mud. NIST Cybersecurity Framework (CSF): When President Obama calls for ...
0 comments

Valuable Tips and Tricks for Creating Your First Dev/Sec/Ops Pipeline

By Brian Balistreri posted 11-12-2021
Be the first person to like this post.
**Please note that this blog is posted on behalf of the author, Fernando Gonçalves, Head of DevSecOps, Congruity360. EVERYTHING-AS-CODE AUTOMATE EVERYTHING TEST EVERYTHING SECURITY BY DEFAULT CHANGING MENTALITIES / YOUR C-LEVEL PARTICIPATION In the last few years, the DevSecOps area has been growing significantly. Its related tools/technologies and the surrounding culture have become more mature and specific than ever. This journey also brought new challenges as well as their corresponding solutions. No environment is equal to another and usually, a one-size-fits-all approach is not always implementable, but we can suggest high-level ...
0 comments

Analysis of Vulnerability Scan Output

By Jarad Schraeder posted 10-21-2021
1 person like s this.
Please enjoy this blog post authored by Jarad Schraeder, Cybersecurity Manager, Davis Wright Tremaine LLP. Regardless of the size and scope of your environment, vulnerability management is a daunting task. Depending on the maturity of our vulnerability management program, the vulnerability scan results can create a challenge of prioritization, which for some law firms can be hard to tackle based on the resources you have available. There are automated solutions on the market like Insight VM or Vulcan Cyber to address priorization, but not everyone has the budget or time to deploy a tool like that. Whatever your current vulnerability scanner is, it should ...
0 comments

Which Certifications are Truly Critical for Success in Cybersecurity?

By Ken Fishkin posted 10-15-2021
1 person like s this.
Please enjoy this blog post authored by Ken Fishkin, CISSP, CCSP, CIPT, CIPM, CIPP/US, CISM, CEH, and many others. https://www.linkedin.com/in/kfishkin/ Since 1996, I have been pursuing industry certifications. I have always found them to be an essential part of my career growth, because I use them as entry points to learn new skills that seem challenging. While I know that practical experience is much more important than obtaining these certificates, I have found that the process of obtaining certificates first, gives me the confidence boost I need to immerse myself in whatever area I am studying. For example, in 2007, I passed the gold standard ...
0 comments

IG Considerations for M365 and Teams: Chat Retention and Archiving

By Brian Donato posted 04-30-2021
1 person like s this.
As many organizations move to MS Teams in a constantly evolving M365 ecosystem, there are many IG concerns that need to be considered. You need to make sure the guardrails are in place before, and after, opening the doors. This entry in our blog series, specifically explores MS Teams chat retention and archiving. Some people may think of chat retention and destruction as “Mission: Impossible”. Read on to find out if those people are right or just a bit off base. What is Chat in Microsoft Teams Many of you reading this article already know that Teams support a private chat and channels. In Microsoft Teams, teams are groups of people brought together ...
1 comment

Pillars of a Solid Insider Threat Program

By Corey Reitz posted 04-28-2021
1 person like s this.
According to a report released in 2020 by the Poneman Institute, “the number of insider-caused cybersecurity incidents increased by a whopping 47% since 2018” . Insiders are trusted individuals that work for an entity and as a result are privy to systems and information that is not available to the public. Proprietary information within a company or government agency often has great economic value, and if this key information is altered, destroyed, stolen, or exposed to unauthorized individuals it can be very damaging. Insider threats come in at least two varieties: the negligent insider who ignorantly or negligently places company information at risk due to ...
0 comments

Vendor Governance to Integrate Teams and Document Management Systems

By Reggie Pool posted 03-11-2021
Be the first person to like this post.
Please enjoy this blog post authored by Reggie Pool, Senior Director, HBR Consulting LLC. This is the third article in the series on Teams governance, addressing the challenges and benefits of Teams and Document Management Systems (DMS), including managing safeguards, classification, policies governance, and effective change management. Many firms look at Teams as yet another location where content will be stored and information will need to be managed, often viewing it as another area of risk leading to non-compliance with the existing DMS policy. But the impending adoption of Teams doesn’t have to be viewed as a negative. With an effective governance ...
1 comment

Kick-Off Introduction to Security and Compliance's "Taming Unstructured Data" Series

By Karen Allen posted 02-25-2021
1 person like s this.
Unstructured data is but one consequence of many firms' relatively late adoption of Information Governance policies and concepts. Many of us struggle to absolve ourselves of the ‘sins of the past’ and establish control of the content of legacy shared network drives or file sharing services that were put in place without policy to govern how and how long data is stored. In this short story series, the authors will examine ideas about how to start to establish structure, gain buy in, and provide real life examples of what firms' have implemented in terms of tools, policies, and processes. Our series starts off with a project the author’s firm aptly named the ...
1 comment

Making Lemonade Out of Lemons – How to Leverage a Global Crisis to Evolve your IG Skillset

By Leigh Isaacs Zidwick posted 02-18-2021
Be the first person to like this post.
Please enjoy this co-authored blog post by Leigh Isaacs, CIGO, CIP, Director of Information Governance and Records Management, Proskauer Rose LLP and Andrew Corridore, CIP, Information Governance Compliance Specialist, Proskauer Rose LLP It’s no secret that the world of information and data management has been evolving in an ever accelerating pace – companies are realizing that information is an asset that should be managed, secured and leveraged as such. At the same time, client demands and our legal, regulatory and ethical obligations continue to expand and grow in complexity. As greater emphasis is placed on this proper management, the old, traditional ...
0 comments

Blood from a Turnip: Cyber Security for the Resource Challenged

By David Forrestall posted 05-14-2020
1 person like s this.
Please enjoy this blog post co-authored by David Forrestall , CISSP CISA, Managing Partner, SecurIT360 and David Oxley , CLM, CISM, Director of Information Technology, Messerli & Kramer. Introduction Everyone agrees that cybersecurity is absolutely essential. However, many firms still do not have dedicated security resources. And, if you are a smaller firm, do you really need to do as much as the larger firms? If you look at NIST, ISO 27001, or other frameworks, there is a lot to do, and much of this is still thrown over the wall to IT. Does all of that apply to us and if so, how in the heck can we get it done? Security for the new WFH environment ...
1 comment