3 Quick Steps for Law Firms to Tighten Information Security

Information security at law firms is becoming a more pressing issue than ever before. News stories like the recent Equifax data breach show just how vulnerable sensitive data has become to online threats.

Law firms, due to the nature of the sensitive material they store and manage on behalf of their clients, are especially vulnerable to these attacks.  So, how does a law firm best avoid this type of risks, and all the potential liabilities that follow?
drive accountability and solve problems

Protecting Information Is Becoming a Major Vulnerability for Law Firms

A Holistic Problem

Information security is a holistic problem and not just a technology issue that can be solved with properly configured and up to date software, hardware, and network equipment. Information security is also about people, processes, facilities, clients, vendors, policy, and culture. 
So how do you make sure that all the essential tasks to create a safe workplace environment are completed?  It all starts with creating a culture of accountability in the workplace.  In a law firm, information security cannot be delegated to some administrative or IT function and hope that they cover all the bases.  Information security is an issue that requires everybody in the firm – lawyers, partners, staff, administrative support, vendors, contractors – to proactively engage and  participate.  People business are always more challenging to control.    
Want to learn more about how accountability is central to efficient law practice? Download our Lawyer’s Ultimate Guide to Accountability today:

So why is a culture of accountability so crucial?  Let’s take a look at 3 of the most critical steps that law firms can take to immediately tighten information security, and the role that accountability plays in effectively executing these steps:

1.  Understanding the Big Picture

The first step is to get a better understanding of what it really takes to develop and put in place a solid information security strategy.  Get a hold of a comprehensive information security framework like ISO-27001or COBIT 5 to get a sense of the scope of such a challenge.  

Developing and deploying a comprehensive and well integrated information security strategy is not something that can be done overnight.  However, having a comprehensive blueprint in mind, will certainly help you build this foundation over time.
COBIT5 Information Security Enablers
Law Firms Must Take a Holitic View of Information Security

Information security requires that all law firm constituents play an active role.  A culture of accountability is key if this strategy is to be successful. Software applications like CommandHound that focus on workplace systems to drive accountability track completion performance of critical tasks at the individual level.  Law firms have shown that tying this level of performance tracking to people’s compensation is an effective way to make sure things get done.   

2.  Tigthen Technology Use

The second step is to take a quick look at all the technology currently in use at the firm and to make sure that it is all up to date in terms of updates.  This includes software, hardware, application software, and network equipment.  Next, a quick review of who has access to what technology and how access to these different systems is granted and revoked when employees come on board or are terminated is also critical.  

Once all of these technology components are cleaned up and brought up to date, then a regular process must be defined, and rolled out, to ensure that these things are done regularly.  Here is where a culture of accountability comes into play again. Many law firms use an accountability software solution that not only reminds individuals of their tasks on a regular basis, but also escalates those tasks to managers and partners if they are not completed by the set deadline.

3. Empower and Hold People Accountable

a culture of accountability at law firms

Law Firm Personnel Must Understand the Case for Tightening Information Security and Held Accountable for its Success

Often, one person gets very excited about it but no one else is sold on the benefit of the change, so execution is halfhearted at best.

So how do you ensure that a new way of doing things is successfully embraced by everyone in your firm?  Make sure they clearly understand the vision and the business case for the desired change.  What is in it for them when it is all said and done?

People need to understand and believe that the new why of doing things will be beneficial to them and to the firm.  Once the belief is there, accountability and empowerment become the key enablers. Each person in the firm must feel responsible for their assigned tasks, empowered to perform them, and ultimately, held accountable for their timely and successful execution.   


A law firm with a strong culture of accountability will be greatly positioned to develop, deploy, and carry-out a comprehensive information security strategy.  It is self-evident that the risk mitigation benefits will greatly outweigh the effort and investment.  
Would you like to learn more about how to use accountability software to drive business performance and imporve information security at law firms?

Or download our Lawyer’s Ultimate Guide to Accountability:

%d bloggers like this: