stay connected facebook twitter blog.thomsonreuters.com YouTube LinkedIn
THOMSON REUTERS ELITE
Forefront eNewsletter

Q1 2018 EDITION

Using Business Processes to Improve Cybersecurity

Cybersecurity issues have been at the forefront of everyone’s minds these days. Every day new articles appear about breaches that have happened recently or even up to five years ago that are only hitting the news now.

While all firms strive to incorporate better security into their existing systems, it has not yet reached the point where it is ubiquitous. At this point in time, many firms are still overwhelmed by the vast amount of information available about cybersecurity and how it should be handled.

Rather than looking at the problem as one that can be solved with a product or products, firms should instead approach the problem from the perspective of their business processes. This approach will facilitate user adoption through repetition.

An obvious starting point is the new business intake process, when information is gathered about what kind of new business is coming in. It is at this point that questions can be asked regarding potential risk in taking on the new business, the least of which would include whether the parties involved require any additional security or confidentiality. In some cases, even a client name may be so confidential that only certain people within a firm are privy to the fact that the firm is representing the person or entity.

If the case involves litigation, it may be apparent from the start that the type of discovery data involved will require additional security measures. A good example is health information covered by HIPAA. At the outset, rather than handle this kind of data internally, a firm may decide to outsource and use a hosted e-discovery platform rather than absorb the risk themselves. Doing so can have other obvious advantages such as direct billing to the client.

In instances like this, depending upon the system, keywords in client and matter names can be used to trigger automatic notifications to partners, records, and IT that special care or security might be necessary for a particular case. Once notified, IT can meet with those involved and discuss whether it will be necessary to secure the matter such that all files created for it can only be seen by those working on the case. IT should also meet with the team to discuss whether they will have any need to transfer files for the case as well as any e-discovery needs.

Another place where good cybersecurity practices can be adopted within existing business processes is with retention rules. Many firms include their retention policies in their engagement agreements, indicating the period after which documents will be either sent back to the client or destroyed. Adapting these retention policies to cover electronic data as well is another way to reduce risk.

There are some practice areas that involve a constant stream of personally identifiable information (PII). Immigration is one such practice area. Whenever such data is transmitted or stored, it should be encrypted. Ensuring that everyone who works with this kind of data has the appropriate tools and understands when, why, and how they should be used is paramount. Some email systems can even be configured to alert senders or prevent the sending of messages and attachments containing PII.

Incorporating security into business processes and reviewing procedures periodically is one of the best ways to advance the cybersecurity efforts of firms. As these processes are changed to support increased security through risk assessment, firms move closer to having good and pervasive security practices.
 

Worldox

Founded in 1988 and based in Glen Rock, New Jersey, World Software Corporation® is an innovative leader in the Document Management Systems (DMS) category. The company's flagship product Worldox has an install base of over 6000 companies in 52 countries.. Click here for more information.

 
 
Back to front page   |   Contact Forefront