The Challenge:
Over the past few years, several top law firms have made headlines after malware or phishing attacks led to significant data breaches. Such breaches are costly – not only because of remediation expenses but the resulting, and too often lasting, damage to client trust.
As a result, law firms of all types and sizes are being asked to demonstrate their commitment to data security. This mid-sized law firm, which regularly handles sensitive client information as part of their employment law practice, is no different. They have seen their existing clients move towards working with firms that can demonstrate they follow cybersecurity best practices. And potential clients are asking more detailed questions about the firm’s cybersecurity program, including asking them to complete vendor due diligence questionnaires as part of their contracts.
In addition, in the face of ever-evolving threats from bad actors, the firm also needed to provide evidence of their security practices for cyber insurance purposes. To meet these needs, as well as ensure that both firm locations were using a single, cohesive approach to threat prevention and remediation, the law firm decided they needed to develop a security policy that reflected both their cybersecurity strategy and business operation needs.
The Solution:
The firm engaged Xantrion to help develop an internal security policy. Xantrion began by reviewing the firm’s existing cybersecurity program. The review allowed Xantrion to improve the firm’s security posture by identifying ways to better protect the firm’s sensitive information moving forward.
The review also helped Xantrion work closely with the firm’s top leadership and human resources department to develop a policy document that dovetails with firm operations and accurately represents the firm’s updated, cohesive security program. Since this security policy is a living document, Xantrion will help the firm make necessary updates when it is reevaluated on an annual basis – or as new security protocols are put into place.
In addition to helping the firm develop a security policy, Xantrion was also hired to provide ongoing monitoring of the firm’s IT systems and devices. This includes 24/7 monitoring for potential security threats, regular security updates and patches, and timely responses to any security incidents that may occur. In a time where it’s a matter of when, not if the firm will have a security incident, having Xantrion manage the firm’s cybersecurity program provides an additional layer of protection that clients appreciate.
The Outcome:
With a written security policy in place, the law firm now has a “single source of truth” to better implement mandated security measures across its two offices. And, thanks to Xantrion’s Managed Security program, the firm has also been able to make targeted improvements to their cybersecurity posture. They can also show prospective clients that they utilize best practices in cybersecurity, including implementation of multifactor authentication (MFA), data encryption, updated endpoint protection, and mobile application management (MAM).
Furthermore, the development of the security policy allows the firm to keep their cyber insurance premiums in check and easily respond to requests for information on their security practices.
The law firm’s operations director believes, “After implementing Xantrion’s Managed Security program, we are confident that our sensitive data is protected and the process of incoming vendor due diligence requests is both faster and easier thanks to the development of our written security policy.”