Roy Russell says that the shift from optimistic to pessimistic security will gain momentum in 2018 with clients now demanding 'tangible, demonstrable and even evidencable action from legal services providers on how their data is protected.'  Mr Russell, who is CEO of document management consultancy Ascertus, said that 'be it intentionally or inadvertently, people are weakest link for organisations when it comes to security.'  He pointed out that law firms are an especially attractive target for cyber criminals. Worse still, they were 'vulnerable as their security measures are often found to be inadequate.' 

'Need to know' basis

With numerous recent embarrassing and potentially business crippling data breaches, law firms will make a concerted shift from optimistic to pessimistic security, he predicted.  Furthermore, he said, 'In addition to traditional preventative security measures such as securing infrastructure, email security management, and intrusion detection; in 2018 firms will have no choice, but to segregate content, establish ethical walls and institute governance policies that allow access to information on a ‘need to know’ basis. This will ensure that only authorised individuals have access to sensitive data – and in the event of credentials being compromised, the impact of the breach will be significantly limited to the account in question.'