Ask

The tipping point when my law firm’s Managing Partner called me in the dead of night to talk about cyber security came on May 9, 2016, when the International Consortium of Investigative Journalists (ICIJ) released the Panama Papers to the public. The call did not come because our firm had any connection to since-defunct Mossack Fonseca, the firm from which leaked 11.5 million documents and was subsequently charged with money laundering. He called to be reminded of what we had agreed to put in place during the last budget season and find out what more could be done and how quickly. Thankfully, I assuaged his fears for the night with some reassuring facts, including multi-factor authentication was in place, as were up-to-date firewalls, intrusion prevention, intrusion detection, anti-virus and incident response systems. When I called IVIONICS later that morning, they assured me that what I told my boss was true and that we should start talking about data governance.

Approach

IVIONICS, our MSP had visibility into our systems so, they quickly identified risks related to ungoverned data in the form of documents stored in various places outside the document management system, and rogue applications installed on desktops. With this knowledge, they convinced us that we needed to talk to the attorneys and practitioners to understand the reasons for working outside the standard application suites. We arranged meetings with representatives from all the practice areas and departments, including those identified as rouge. IVIONICS synthesized the interviews into a succinct data governance and business process analysis and set of recommendations to improve our practices.

Results

I had relied on IVIONICS for years to manage my infrastructure, but what they brought at this point was business expertise that enabled my firm to make the changes necessary to better govern our data,  manage our matters, and service our clients, many of whom are public figures likely to be targeted by cyber-criminals. As a result, we put realistic processes in place, including the process of regularly scheduled process-success assessments. In addition to establishing more secure control of our data and implementing more usable applications, my firm now benefits from reliable data that drives productivity and profitability. Matter workflows guide attorneys through best practices and provide current precedential work product from which to begin new matters. By governing our data better, we are capturing our institutional knowledge and inserting it into our practice in real time, ensuring that we are always providing our clients with the best possible products and outcomes.