Imagine the paralegal who unknowingly clicks on a malicious link embedded with spyware; the junior lawyer who accidentally leaves his laptop in a taxi cab only to have it fall into the wrong hands; the managing partner who stores files on a cloud-based service, unaware of a possible entry point for a devastating breach.
Those in the legal industry have been applauded for being early adopters, eager to embrace technology to improve efficiency. However, with innovation comes the need for improved security. Without it, the legal industry is at risk. Law firms are often the primary target for cyber criminals looking to gain access to intellectual property, trade secrets and other business capital.
Law firms, large and small, are finding current and future clients are growing more concerned with their firm’s ability to keep confidential information safe. Many prospective security savvy clients
“There is no silver bullet when it comes to security and new vulnerabilities are being discovered every day. DD is a key player in our risk mitigation strategy and they help us to identify and eliminate internal and external vulnerabilities quickly and throughout the year.”
are demanding assurances that any firm/client relationship will include a secure, digital foundation. Earlier this year, The New York Times detailed the growing concern in the industry, as well as the steps taken by the FBI in partnership with top law firms to get out ahead of the issue. Despite these efforts, the FBI officials and security experts say that law firms remain a “weak link.”
Law firms with access to protected health information likely will find themselves classified as “business associates” under new HIPAA rules and therefore subject to new privacy, security, and breach-notification requirements governing their handling of such information.
Recognizing the risk of not complying exceeds the risk tolerance of the organization, law firms are seeking solutions that enable them to demonstrate their due diligence in complying with all necessary requirements
“Our Personal Security Analyst was deliberate with his processes and methodologies but remained FLfl exible and accommodating to our changing needs and requirements. The overall customer service and expert insight has helped us improve security while exceeding our expectations.”
Vulnerability scanning has been relied upon for years to mitigate risks. However, many scanning tools in the marketplace today lack ease of use and protection required for organizations to defend against potential security breaches.
“We were committed to vulnerability scanning and securing our netwrok, and
we invested time in evaluating in-house scanning tools and managed solutions. DD’s scanning technology identified vulnerabilities in our network that were not seen by other scanning methods. DD’s managed solution not only identified weaknesses but also helped us prioritize them so that we could more effectively manage risks.”
Vulnerability Lifecycle Management-Professional
DD’s solution, Vulnerability Lifecycle Management – Professional (VLM-Pro), is used to conduct host discovery and vulnerability scans on external (internet facing) and internal IPbased systems and networks. DD employs a variety of scanning techniques built on a patent pending proprietary scanner to survey the security posture of the target IP-based systems and networks. These scans proactively test for known vulnerabilities and the existence of mainstream industry practice security configurations.
DD assigns each VLM-Pro client a Personal Security Analyst (PSA) who serves as the client’s primary point of contact for more involved technical questions. The PSA provides the client clear, consistent security consulting advice on their Vulnerability Lifecycle Management program. The consistent quality of this advice is achieved by providing the PSA access to a common technology platform kept up-to-date by dedicated teams of security analysts and vulnerability researchers.
The managed vulnerability scanning solution, VLM-Pro, is helping Keesal, Young & Logan reduce the likelihood of a cyber-attack, which would have a negative impact on the firm’s reputation.
*At the time of this case study, Fortra VM and its corresponding security solutions were referred to under the Frontline brand.
Keesal, Young & Logan is committed to security
Keesal, Young & Logan, a full-service business law firm, opened its first office in Long Beach, California in 1970. The firm’s goal is to help business clients grow and prosper in the face of rapidly changing laws and challenges by competitors.
To protect clients and the firm’s reputation, security initiatives are of the utmost importance to Keesal, Young & Logan. The information security team led by Justin Hectus, Director of Information,
is committed to not only comply with information security regulations such as HIPAA, HITECH and recent ABAB standards, but also to go beyond compliance to better protect sensitive data from access by unauthorized resources. With a finite number of IT personnel available to apply towards information security-related activities, they understood the value of outsourcing security solutions to a team they could trust.
Empower your security team to identify and fix vulnerabilities quickly with our comprehensive and easy-to-use solution.
Copyright © Fortra, LLC and its group of companies. Fortra®, the Fortra® logos, and other identified marks are proprietary trademarks of Fortra, LLC. | Privacy Policy | Cookie Policy | Sitemap