Here’s what’s trending in the legal industry: (1) Mid-level Associates are curious about their futures, (2) everything you need to know about General Counsel compensation, (3) changes to the law firm business model could spur innovation, (4) how easily a teenager hacked into a law firm, and more.
Here’s what’s trending in the legal industry: (1) law firms are the targets of China hacking, (2) Barclays launches a legal tech incubator, (3) Should law firms shorten the path to partnership, (4) some law firms are ditching annual reviews, and much more.
It is not good enough to be a good lawyer. There are LOTS of good lawyers. On the flip side there is not an abundance of good General Counsels. Think of any professional sport. There are LOTS of good coaches BUT there are NOT a lot of good Head Coaches. The days of a General Counsel being a great lawyer that just weighs in on legal matters are long gone. The modern General Counsel is the CEO of their function and must be viewed as a key business strategist within the company and, especially, the C-Suite.
From the 2017 Nimble Forum on Cyber Security
On Thursday, September 14, 2017, we gathered a panel of six industry professionals to lead a panel on the topic of cyber security for our Nimble Forum. Cyber security is a trending topic due to the string of computer and ransomware attacks that have increased in severity and frequency over the past few years. Companies and individuals alike are more worried about being hacked and how to answer the new age question: how do I protect myself from a cyber attack?
Our fantastic panel included:
- Chris Clymer, Director of Information Security Systems, MRK Technologies
- Molly Drake, Senior Corporate Counsel, A. Schulman
- Pat Haggerty, Partner, BakerHostetler
- Barry Spencer, Special Agent, Federal Bureau of Investigation
- Ann Weinzimmer, Vice President and General Counsel, More Than Gourmet
- Jennifer White Visek, Vice President, Cyber, Tech E&O, Aon Risk Solutions
To get the discussion rolling, we asked each panelist what they believe is the “one thing” a company should be doing in order to limit their company’s cyber exposure. Their responses outlined the "one thing" they each believe to be crucial in protecting their own companies or their clients. Here are each of the points they made:
Take the time to know what information you're collecting and what you're sending out. Know your processes and where the holes might be.
Examine and look at your network hardware and computers, and then look at the people who access and can control them.
Understand where the risks truly are. Know where the data is and where there are possible exposure points.
Realize the threat is not just what is coming into the system. There’s a real threat of the information going out.
Know what you’re protecting. Most people are focused on the anti-virus and protection methods, not what they’re protecting. So know what are the assets you’re protecting.
Training. Phishing training for example. A lot of incidents/attacks are not super sophisticated and are actually common mistakes. It also helps to keep system logs for at least 1 year.
Just as each of their suggestions vary, you may realize there are not only many ways to be exposed to a cyber attack, but (take some comfort) there are many ways to help prevent and protect yourself and your company. Looking over this list, how do you and your company compare? Do you have any suggestions that you would add?
If you like these tips, or want to hear more about our next Nimble Forum be sure to subscribe to our mailing list at nimbleconsultingserevices.com/subscribe!
For more information on our next Nimble Forum click here.
We learned some great stuff at our first Nimble Forum on September 14, 2017. Here is the first of a few posts on the great discussions we had and the insight gained by all that attended.
Cyber security is a complex, multi-faceted problem. There is not ONE owner, so many different departments across an organization have to come together to manage the risk. It’s critical to be proactive and get these parties together and working to protect the organization BEFORE anything bad happens.
Legal’s primary job in working to prevent a Cyber breach is to make sure all of the right functions are included and have a seat at the table. Legal can help lead the group but Legal cannot effectively do all of the work on its own. Facilitating data mapping (where are Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”) stored), preparing a Data Breach Incident Response Plan, arming Supply Chain and HR with “Cyber Protection and Breach provisions” for every vendor or supplier contract that could involve PII or PHI, are all areas where legal has to take lead.
2. Supply Chain
Managing the contracts with the suppliers who may gather and store sensitive data about your organization in the course of doing business. When negotiating the contracts that define the business relationship, you have to think about how that data will be managed--language that governs how the data will be protected, who is responsible and what is the process if the data is breached, if the business relationship ends how/when must the third party destroy the data.
Information technology departments set the strategy for the technical side of protecting systems and data. From firewalls to email filters, they try to keep the bad actors out of company systems. They will know where all your internal data is. Hackers move fast--IT needs to stay educated. And they should be involved any time data is going to be shared with a customer/supplier to be sure the third party has adequate controls. IT should work with Supply Chain, HR, and Legal to audit the Information Security practices of all vendors and suppliers on a regular basis.
HR is accountable for some of the most super-secret data--PII--birthdates, social security numbers, etc. HR also has plenty of employee PHI. It is essential that HR, IT, and Legal partner up on the TRAINING of the organization’s employees when it comes to Cyber Security. Training is the most effective way to minimize Cyber threats. HR should partner with each of the other functions listed to ensure that their internal processes and third party vendors are up to snuff.
5. Insurance and Risk Management (“IRM”)
IRM must be intimately involved in the drafting of the Data Breach Incident Response Plan. In particular, working closely with Communications, IT, and Legal to develop a plan that has few holes. IRM should lead the cross-functional team through annual Data Breach Incident tabletop exercises where representatives from each function act out how they would respond to an actual Data Breach. This will help identify gaps and improve the organization’s ability to swiftly and confidently respond to an inevitable Data Breach. IRM must work with Legal and Supply Chain regarding Cyber insurance requirements the organization is requesting from its vendors and suppliers.
Communications plays a key role in the internal and external statements regarding a Data Breach. Communications working with HR and Legal should prepare draft internal and external statements regarding a Data Breach Communications should identify any internal leaders that would perform well in front of cameras and under intense scrutiny. It’s important to have those leaders identified now - not after a breach has already occurred. Now is the time for training.
Don’t wait for some other department to take ownership. If your organization doesn’t have all of these functions, you should work with your third-party vendors that fill those roles. Get the ball rolling and work together because a cyber breach is not the ideal time to make new friends.
JOIN OUR NEXT NIMBLE FORUM ON OCTOBER 25, 2017 BY CLICKING HERE.