Confidentiality management is not a new concept to law firms. In fact, it’s long been a requirement for firms, one that has become increasingly challenging over the past 20 years as client information gets digitized and optimized for mobility. Law firms hold enormous amounts of sensitive client data, making them attractive targets of cybercriminals perpetrating external malicious attacks, hacks, and data breaches.
Threats from the inside firm
Increasingly occurring insider threats — originating from within the firm — pose potential concern and vulnerability to data security. According to PwC’s 2018 Global State of Information Security Survey, the most prevalent cybersecurity threats are not directed toward a firm’s perimeter defenses; rather, they are caused by intentional or unintentional actions by individuals within the firm itself.
At the same time, clients and regulators have become increasingly demanding about how their sensitive data is protected. We now see a proliferation of client security requirements in outside counsel guidelines, and firms are regularly being audited by their clients. Regulations, like Market Abuse Regulation (MAR), and more recently, GDPR, have imposed stiff security requirements on law firms.
More than just document management
While a document management system is a primary repository containing sensitive client data, it is far from the only law firm system that need to be secured to meet client terms, professional responsibility obligations, and regulatory requirements. Confidential information can also be found across the enterprise, such as in time entry, financial management, records, conflicts, intake, file share, and other firm systems. Focusing protections only on the document management system leaves a firm vulnerable to other security breaches.
Protecting a client’s confidential data with software
Confidentiality management software is vital in protecting law firms against insider threats and helping them ensure client compliance. Firms must ensure that the confidentiality and ethical-walls software chosen can safeguard all the various applications housing sensitive data. Failing to do so can result in significant reputational damage, loss of business, and potential regulatory sanctions.
Additionally, the types of policies that need to be enforced across all of these systems can be complex, overlapping, and, at times, in conflict. It is one thing to say you are enforcing ethical walls, but what happens when those walls are in conflict with other types of policies — such as team screens, multi-sided walls, or inclusionary walls required by clients? Imagine all of those policies overlapping across tens of thousands of clients and matters?! We know — from over 12 years of experience helping firms manage these complex environments — just how challenging this can be without a sophisticated policy engine in place.
That knowledge begs these questions. Are you properly securing all of the systems that may contain confidential information in your law firm? And does your current confidentiality-management policy engine manage all of the overlapping wall types across those disparate systems?
It is much easier said than done. Choose the right enterprise-wide software to enable a more secure and simplified confidentiality-management strategy for your firm.
Stay tuned for the next post in our risk series. Meanwhile, check out more about one of Intapp’s key compliance management and ethical walls offering here.