3Kites has recently undertaken system/service selection projects which have included helping firms to select security partners, SOCs (security operations centres) and SIEMs (security information and event management). With new acronyms to grapple with, and a significant additional IT spend being requested by IT directors, we provide here a short overview of the changes taking place in cyber security and the impact that professional services firms might expect from these. There’s a lot to cover, so let’s get started:

‘Traditional’ IT/cyber security

We have become familiar with the cyber security provisions that have been in place for a number of years, including items such as complex passwords, firewalls, antivirus applications, VPNs, device/data encryption, software patching, training and blocking access to items such as USB pens and websites that breach a firm’s policies. Some firms have taken the decision to formalise their approach with accreditation such as ISO 27001 and Cyber Essentials +.  At the very least, we recommend firms complete the Cyber Essentials check list, which in our experience often highlights areas where cyber security can be improved.

As the risks firms face become more sophisticated, the ability to ensure your systems remain secure becomes considerably more complicated. With the increase in security solutions and associated companies to implement and monitor these, how do you know the difference between what you need to put in place and what (based on a risk assessment) you want?

An overview of some of the solutions outside of the ‘traditional’ security model:

• Endpoint Protection – Guarding every device connected to your network, endpoint protection solutions offer real-time threat detection, malware prevention and secure data encryption. With advanced endpoint security measures, you can ensure that laptops, desktops and mobile devices remain secure against a number of threats. Think anti-virus on steroids.
• Identity and Access Management (IAM) – IAM solutions play a pivotal role in controlling and managing user access to sensitive information and applications, including robust authentication protocols, access controls and privileged access management to prevent unauthorised access and protect critical assets.
• Security Operations Centre (SOC) – A SOC is a team (often provided by a third-party security firm) responsible for monitoring, detecting, responding to and mitigating cyber security threats. The primary goal of a SOC is to ensure the security of an organisation’s information systems and data by actively monitoring, analysing and acting on security events in real time.
• Security Information and Event Management (SIEM) – SIEM is a system that combines security information management (SIM) and security event management (SEM) functions into a single, integrated platform. The SIEM system collects and aggregates log data generated throughout a firm’s technology infrastructure, from laptops and applications to network and security devices. SIEM analyses this data to identify patterns, detect anomalies and correlate events that may indicate potential security incidents or breaches. It provides a centralised view of a firm’s security landscape and helps SOC teams in monitoring, alerting and responding to security events efficiently.
• Incident Response and Forensics – In the unfortunate event of a security incident, rapid response and forensic analysis teams combine to investigate, contain and remediate the issue. 
• Mobile Device Management (MDM) – A solution that secures and enforces policies on mobile devices, including laptops, tablets and mobile phones.
• DMARC – The long-winded ‘Domain-based Message Authentication Reporting & Conformance’ is an email security protocol which verifies email senders by building on a number of other security protocols. Its primary aim is to stop domain spoofing, such as emails that appear to be sent legitimately from a company’s email address. 

That’s interesting, but what do I need to do?

It is no longer enough to outsource cyber security to your IT team or a third party, a firm’s management team needs to have a broad understanding of these potentially existential risks and understand what steps are in place to address them. While we would recommend your in-house team lead this approach, ideally working with a third-party specialist, full responsibility should not be devolved solely to them.

The list above provides details on the solutions which are forming part of the ‘new’ IT security model. These help tighten and enforce security controls as well as provide services to monitor and react to issues that may be discovered, ideally before a firm identifies an issue (or even worse) when a ransom or similar attack is raised to your firm. None of these options are foolproof and, despite all the precautions put in place, your staff are still your greatest risk – appropriate and regular training is key to building the ‘human firewall’.

Implementing the options listed above will run into tens of thousands of pounds (increasing with a firm’s size), so understanding the likelihood of an issue and its impact is important to ensure you consider solutions that match the risk you are trying to mitigate. This will help when speaking to suppliers as it will suggest which questions to ask and ensure that any solutions being considered are aligned to your specific needs.

3Kites can provide assistance in helping a firm to understand its risks, consider requirements to manage identified risks and help to choose the right solutions/security partner to meet the firm’s needs. With these solutions adding a considerable cost to a firm’s annual IT budget, choosing the right solution not only reduces risk but can help save thousands of pounds each year.
 
If you would like further information about 3Kites’ IT supplier selection, help with managing an existing supplier, or any of the other 3Kites’ services, please contact Jon Howells on 07917 367872, email jon.howells@3kites.com or visit https://www.3kites.com/contact-us

Jon Howells is a director of 3Kites. This is the 35th article in the series Navigating Legaltech. 

--------------------

About 3Kites and Kemp IT Law  
3Kites is an independent consultancy, which is to say that we have no ties or arrangements with any suppliers so that we can provide our clients with unfettered advice. We have been operating since 2006 and our consultants include former law firm partners (one a managing partner), a GC, two law firm IT directors and an owner of a practice management company. This blend of skills and experience puts us in a unique position when providing advice on IT strategy, fractional IT management, knowledge management, product selections, process review (including the legal process) and more besides. 3Kites often works closely with Kemp IT Law (KITL), a boutique law firm offering its clients advice on IT services and related areas such as GDPR. Where relevant (eg when discussing cloud computing in a future article) this column may include content from the team at KITL to provide readers with a broader perspective including any regulatory considerations.