May 14, 2019

Last Updated on January 12, 2024

View our free cybersecurity resources »

Many law firms are already moving towards stronger information security and privacy postures. They’re doing things like aligning with the ISO 27001 or NIST security frameworks, conducting vulnerability assessments or penetration tests on their networks, looking at managing third-party security risk or implementing critical security controls like two-factor authentication (2FA).
But to align with emerging privacy initiatives like GDPR and the California Consumer Privacy Act (CCPA), law firms need to do more beyond point-in-time solutions or just reacting to the hottest current problem, to focusing holistically on security and privacy for the long-term.
May is “Privacy Month” here on the Pivot Point Security blog, and we plan to share several posts with privacy themes especially for the legal vertical. We’ve partnered with dozens of law firms across the country to help them achieve everything from ISO 27001 certification to HIPAA and GDPR compliance, to robust data protection strategies… we understand the unique cyber security and privacy challenges law firms face.

Discover the 5 Indispensable Success Factors for Cyber Security/Privacy Initiatives in the Legal Vertical

This post introduces you to what in our collective experience are the five most indispensable, essential success factors for security and privacy initiatives for any law firm. We’ll cover each of these in more detail in an upcoming post.

  1. Educate yourself and your team members regarding security and privacy laws, regulations and frameworks. If you don’t know where to start, starting anywhere is the best first step.
  2. Get senior leadership buy-in. This is perhaps the single most crucial success factor. Cooperation across a firm to adhere to security policies rarely manifests without some formal direction.
  3. Prioritize resources. Given resource limitations, it’s essential to prioritize before stepping off.
  4. Align your security and privacy objectives. Security and privacy overlap in many ways, so thinking about them in tandem can save considerable cost, time and effort while driving a better end result.
  5. Use a team approach. Every law firm’s security and privacy initiatives will involve multiple stakeholders and roles, from IT to HR to Purchasing to senior management. Each of these interested parties will have different security/privacy concerns, so working together is essential to addressing those concerns.

These measures may sound simplistic, but as I’ll explain they are pervasively fundamental and underpin subsequent activity. Without a conscious focus on them, your efforts stand a very real chance of failing to achieve objectives.
To discuss your practice-specific security and/or privacy requirements and concerns with an expert at any time, contact Pivot Point Security.

Need answers regarding ISO 27001 certification requirements?

Learn about the audits you will face to achieve and maintain certification, what's involved, and the cost you can expect to pay to achieve and maintain certification.
Download our NEW ISO Certification and Cost Guide now!