Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Is Information Security Hard and Expensive?

November 28, 2011

We recently wrote an article for the Canadian legal blog SLAW in which we said that information security was hard and expensive. We were surprised by a comment which basically suggested that this was fear-mongering. Mind you, there is plenty of fear-mongering in infosec, but we stand by what we said.

Think about the paper world. You locked up documents and you were done. The greatest risk was often that you'd lose your briefcase and the documents it contained.

There are all sorts of hazards in the digital world – and most of them are poorly understood by lawyers. Lawyers are very busy folks and often not very sophisticated about technology. We have consistently found that lawyer audiences describe infromation security as "hard."

It is absolutely true that there are many free and inexpensive things lawyers can do to protect their data and we harp on these all the time. Strong passwords are critical. Keeping up with patches is critical. But in an era where the overwhelming majority of states have data breach laws and most law firms don't carry cyberinsurance which would cover data breach investigations, notifications, credit monitoring and remediation, it is now the recommendation of most experts that firms have periodic information security assessments and then fix the problems that are uncovered. The assessments and remediation are generally not cheap – and these items have not been in traditional law firm budgets, especially the budgets of small law firms.

It is also true that cheap and free solution are often worth what you have paid for them. Not all solutions need to be expensive, but the desire for free or cheap can get you in trouble. It is also often true that, no matter what solutions are used, lawyers tend not to know how to properly configure them. Sadly, a lot of IT support folks don't seem to know either.

With that explanation, we stand by our words. Education is certainly pivotal to helping lawyers with data security and it is no surprise that some variation of "Protecting Your Data" is our most requested seminar. Audiences do indeed give us feedback that the seminar is "scary" but they also feel more educated about the nature of the dangers and how to safeguard against them. Forewarned is forearmed – and we need more practical seminars identifying the reasons for data loss and how to stop these losses.

Too often, lawyers believe "it can't happen here" – until it does.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Is Information Security Hard and Expensive?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer