As data becomes increasingly accessible in the digital age, security has become a vital subject for law firms of all shapes and sizes to consider. WARPs could help everyone stay safe, says Andrew Rose
A group of City and regional firms last week started to pilot a 'community' project with the Law Society that could help increase security and reduce risk across all law firms.
The information age has certainly had its impact on the legal sector. Contracts are now drafted electronically and matter files, which were once tied with ribbon, are now 'virtual'. These new working practices bring new challenges - as the data becomes digitised and increasingly accessible, it becomes more vulnerable to breaches of confidentiality and integrity.
In 2003, a handful of like-minded information security and risk professionals met over coffee to talk about the challenges that large law firms face when protecting their data. This assembly has since grown into the Legal Security Forum (LSF), a group of around 50 representatives of various law firms, acknowledged and supported by the Law Society.
Although the LSF was initially formed from the largest City firms and is, to a significant extent, still driven by them, regional firms now make up a large part of the membership. And it has always been a goal to fully incorporate the smaller firms and give them the opportunity to share information and network to the same level as the large City firms.
This matters because information security is an issue for all law firms. Information security will continue to be an important issue for all types and sizes of firm because of the need to address security both within global electronic communications and also within the new domestic IT-based business processes specifically relevant to the legal sector. These include electronic conveyancing, electronic court filing and electronic links between the Legal Services Commission and its suppliers. Information security can only grow in importance as electronic working and networked communications become ever more pervasive.
Solicitors in global law firms and in high street practices alike share common professional standards, and the overall reputation of the profession for good information security is very important. The recent loss of data by HM Revenue & Customs highlights the value the public and clients place on good security, and the reputational damage that can result from a mistake.
WARPs: the how and why
The vital importance of trust and maintaining client confidentiality in the provision of legal services and advice is recognised by solicitors. According to Law Society research, the majority of law firms now have a written information security policy and a designated person responsible for IT security. Security policy provides the essential foundation but in a fast-moving field, rapid and effective sharing of information about vulnerabilities and threats is also important.
The Centre for the Protection of National Infrastructure (CPNI) is the government authority for protective security advice across the national infrastructure. Although its advice is targeted primarily at the critical national infrastructure, it also makes its publications and advice available to a wider audience.
In particular, it recognises that 'if a mechanism can exist through which one company can learn from the experiences, mistakes, and successes of another, without fear of exposing company sensitivities to competitors and the media, then every participant can improve their level of assurance'. In order to help achieve this objective, the CPNI promotes Warning, Advice and Reporting Points, or WARPs for short.
A WARP offers a personalised service of warnings and advice to a private information-sharing community. The three core services and benefits of a WARP are:
- A filtered warning service where members receive only the security information they need;
- An advice brokering service where members can learn from other members' initiatives and experience; and
- A trusted sharing service where reports are anonymised so that members can learn from each others' attacks and incidents, without fear of embarrassment or recrimination.
Full speed ahead
The Law Society has been in discussion with the CPNI about the possibility of WARPs in the legal sector. Some months ago, the Law Society approached the LSF and suggested that they may be interested in using a WARP to extend the reach of the forum. It quickly became clear that the functionality offered by the WARP closely aligned with the LSF's goals.
One of these key goals is to build 'circles of trust' between the information risk/security staff of similar law firms. Although the honest sharing of experiences and issues within the original group has been really beneficial to all involved parties, it can become difficult to scale that level of confidence up to a full membership of around 50. The WARP provides a secure platform for firms to begin to build these relationships and, hopefully, reap the same rewards.
Although it is recognised that not every firm can justify the need to have dedicated information risk/security staff, this is a topic that is wide-ranging, complex and constantly developing. The second goal of the LSF, therefore, is to collate and make available 'best practice' guidance and relevant experience, for the benefit of firms that have no specialist staff. By making this information available, the intention is to enable an improvement in information risk management across the legal sector.
In addition, the WARP technology offers personalised, automatic alerting to new system vulnerabilities - important in these times of swift exploitation of any technical exposure.
Eleven firms are currently piloting the Law Society-LSF trial WARP. Though it is still too early to say if it will fulfil its potential, the synergies between the LSF and the WARP look to be very closely aligned and, given the success of the LSF, it is hoped that this will be extended further through the medium of the WARP.
Andrew Rose is global IT risk manager for Clifford Chance
- Go to www.cpni.gov.uk or www.warp.co.uk
More from News
-
NewsFewer pupils would recommend a bar career
Mounting workloads, hefty debts and rising stress levels highlighted by Bar Council pupil survey.
-
NewsRugby player's liability for collision upheld by Court of Appeal
Tom Clark ran into Omar Elbanna at full speed while his opponent was without the ball, in breach of rugby’s laws.
-
NewsClaimant cannot sue firm over report to SRA, rules tribunal
Trowers and Hamlins fought application to bring claim over email report to SRA.
Partnership
Charity Explorer provides a reputable reference tool for solicitors, will-writers and their clients who want to leave a legacy or charitable gift.
Visit Charity Explorer
Whether you are looking for legal expert witnesses, legal training/CPD providers, international law firms, administration of estates, legal software suppliers, barristers chambers or any other general legal service, the Legal Services Directory will provide a suitable option.
Visit Legal Services Directory
No comments yet