“I support network applications, video conferencing, and bundling security. We have a lot of sensitive client data. So we get a lot of client audits making sure that we’re complying with all security programs – and also making sure that we keep hackers out.”
Why is security so important for an Am Law 200 Law Firm?
Some of the larger clients have very sensitive data and that data gets breached, it’s going to cost them quite a bit of money. So why it’s important is reputation. number one. Number two is losing clients. You don’t want to be on the front page of the news. Number three, your clients trust you with the data. So you have to make sure you’re protected and doing the right things because you’re agreeing to certain stipulations and what they call outside counsel guidelines. Outside counsel guidelines are actually the arrangement that most clients have with law firms that explain billing, explain how you’re going to do the work, and finally, they have a lot of security requirements in those outside counsel guidelines. So what’ll happen is a lot of the clients will come in and they’ll audit us saying we’re doing what we said we’re going to do when those outside counsel guidelines.
How do you stay on top of the latest security threats?
There’s a number of things. I listen to a lot of podcasts and read a ton of different blogs. We also have a managed security provider that sends us information when there are types of critical security alerts that we need to be aware of.
How do you handle awareness training for your clients and for your team?
We have a product called KnowBe4, which we do yearly security awareness training through that. A lot of it’s for compliance purposes, along with having good security awareness training programs. We have a fairly robust HIPAA practice or healthcare practice. So the healthcare attorneys, on a monthly basis, send out tips on how to be secure. Because of HIPAA, they are very secure environments. So a lot of the users get tips from them too.
Have you ever had to really sit down with someone who keeps clicking on things they’re not supposed to?
Generally, no. We have an IT security mailing list that people send stuff to. So most of the attorneys are very scared to click on something they shouldn’t. They’re very judicious about actually sending it over to be reviewed, which I appreciate. Every so often, you’ll have somebody click something they shouldn’t, but it’s getting rarer and rarer.
What’s your home network like?
If you’re familiar with Palo Alto networks, I have a Palo Alto firewall with a bunch of threat protection on it. I’m running a VMR system with about 10 VMs. One of those VMs is a product called Teapot, which is a ree honeypot where I can actually see people trying to attack my network. I have some three-layer switches and some pretty advanced wireless stuff. For my wireless network, I split it into two – I have, what I call, my Internet of things. So that is my fire alarms, thermostats, things of that nature. Then I have just my regular network.