“Baker Donelson Achieves ISO 27001 Certification for Information Security Management” —

• “Baker Donelson has achieved ISO 27001 certification, an internationally recognized certification for information security management.”
• “Earning the ISO 27001 certification shows that Baker Donelson is in compliance with rigorous international standards regarding utilization of best practices, ongoing governance, and management of information systems to ensure the security of client and firm data. Baker Donelson was awarded this certification by BSI, a leading provider of business improvement solutions.”
• “‘As a law firm, it is critically important that we safeguard the security of our clients’ information. Protecting the interests of our clients has always been paramount for us, and earning the ISO 27001 certification demonstrates that Baker Donelson has the necessary controls in place to ensure that all client data is secure and protected,’ said the Firm’s Chief Information Officer Lance N. Rea.”

“Stark & Stark Achieves ISO 27001 IT Certification” —

• “The law firm of Stark & Stark [100+ lawyers] announced its achievement of ISO 27001 certification, one of the most widely recognized and internationally accepted information security standards that defines how an organization should manage and treat information. Lawrenceville’s Stark & Stark is among a select group of law firms to achieve this certification.”
• “‘Providing our clients with great service is the core of what we do at Stark & Stark, and the security of our clients’ information is at the foundation of great service,’ Thomas Kline, Stark & Stark’s Director of Information Technology, stated. ‘Achieving the ISO 27001 certification illustrates our commitment to continuously improve our information security management, and it tests that commitment through annual audits that adhere to an internationally recognized standard.'”
• “The certification means Stark & Stark has adopted a best practices approach to information security management and has established policies and procedures to ensure the security of the firm’s client information will be continuously improving and evolving.”
  “Stark & Stark Managing Shareholder Michael Donahue stated, ‘Our drive to achieve this level of security is client satisfaction. We are committed to continuous improvement to information security. Obtaining this certification for our Firm was truly a team effort.'”

“How Law Firms Can Avoid Data Breaches Using the Cloud” —

• “Reports of increased cyberattacks significantly impacted the legal industry during the pandemic, with widely publicized ransomware attacks striking several prominent firms, resulting in serious reputational damage and significant liability. There’s little doubt that other attacks occurred but did not become public.”
• “Although firms may think they have appropriate protocols for cyberattack prevention and breach-response plans in place, data has shown that less than half of law firms participating in the ABA survey use even basic security tools like encryption, two-factor authentication, intrusion detection and prevention, or remote-device management protocols.”
• “As the ethical and practical imperatives for data security become clearer, some firms have adopted a stop-gap approach—purchasing insurance to mitigate financial exposure—while others are taking a wait-and-see approach, and the ABA survey reports only about a third of firms hold cyber liability insurance policies.”
• “Although it’s wise to purchase insurance policies, they don’t prevent data breaches, nor do they protect a company from contractual or regulatory consequences.”
• “Compounding poorly mitigated data-breach risk, many Big Law lawyers remain in the dark regarding security incidents at their firms. Whereas about three-quarters of survey respondents from firms with 50 lawyers or fewer report they are in the loop, nearly two-thirds of lawyers working in firms with 100 lawyers or more say they have no visibility into their firms’ data breaches.”
• “Firms rightfully worry about cybersecurity in the cloud generally and client contractual obligations specifically. Because outside counsel guidelines usually stipulate that client data must be stored in a specific fashion—which often entails keeping sensitive information in a firm-managed environment—firms are obligated to audit and update these contracts transparently before migrating client records to the cloud. For a large firm staring down thousands of contracts, it’s an onerous and expensive exercise”
• “Although advanced cloud models for risk and compliance incorporate key elements of secure computing by meeting or exceeding common regulatory requirements—and often provide a higher level of safety than on-premises deployment—the EU General Data Protection Regulation (GDPR) has generated renewed concerns about cloud storage for the legal industry.”
• “Because cloud service providers’ reputations and business models rely on state-of-the-art data security, these vendors invest heavily in robust security teams and rapid platform updates. It’s a simple matter of scale: It’s impossible for a single firm to develop and execute the same breadth and depth of security and innovation protocols as a cloud service provider.”
• “Most cloud service providers have a wide range of clients. As a result, they may be subject to stringent regulatory requirements; many voluntarily adhere to industry best practices and guidelines, such as ISO27001, which entail strict standards for building and maintaining data centers, as well as regular independent audit cycles to ensure compliance.”
• “In the past, law-firm data breaches often went unreported—and possibly undetected. Now, all 50 states plus the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have enacted security breach notification laws requiring businesses to inform affected parties when their personal information is breached.”
• “Today, lawmakers continue to expand existing laws; 22 states strengthened security breach regulations in 2021, including shortening the window for firms to report breaches and requiring private sector entities to report breaches to the attorney general or other state entity.”
• “Survey data shows that cybersecurity remains a key challenge for law firms, and the sector finds itself increasingly targeted due to its wealth of sensitive data—and deep pockets. With representatives of nearly two-thirds of the 100 leading Big Law firms identifying cybersecurity threats as a key concern, it’s eye-opening that less than one-quarter of these firms employ a cybersecurity committee that reports into the party charged with governance.”
• “Although many persist in the belief that in-house servers are more reliable and secure than cloud-based solutions, cloud storage offers strategic redundancies that both protect data durability and availability and prevent file loss due to equipment error, damage, or data breach. As threats become increasingly relentless and sophisticated, firms focused on long-term data security are embracing the protections afforded by the cloud.”

“Kennedys-led consortium receives £783k from Innovate UK to develop reputational risk software” —

• “A consortium led by UK top 50 law firm Kennedys has been awarded £783,000 in funding from Innovate UK to develop software that is able to identify and assess reputational risk, as part of a £1.2m project. The difference will be covered by Kennedys and four fellow consortium members: The University of Manchester and University College London; public relations group Cicero/amo; and risk management company RiskCovered Limited.”
• “Reputation Advisor will be developed to analyse content – from corporate documents to publicly available information – to create a reputational index of risk relating to an organisation’s corporate citizenship via ESG (environmental, social and governance) practices that impact on a company’s bottom line.”
• “Reputation risk is considered as an intangible asset that is rising in company value. Karim Derrick, product and innovation director for Kennedys’ tech arm Kennedys IQ said: ‘In a world where companies are often accused of greenwashing, Reputation Advisor will also provide robust and transparent evidence of a firm’s genuine green credentials. From an insurance perspective, the product will help insurers in their conversations with their own clients to quantify ESG related risk.'”