Historic attitudes favouring globalisation are fundamentally changing....
| 1yr
| 1yr
Historic attitudes favouring globalisation are fundamentally changing....
YOUR PRIVACY - PLEASE READ CAREFULLY DATA PROTECTION STATEMENT
Below we explain how we will communicate with you. We set out how we use your data in our Privacy Policy.
Global City Media, and its associated brands will use the lawful basis of legitimate interests to use
the
contact details you have supplied to contact you regarding our publications, events, training,
reader
research, and other relevant information. We will always give you the option to opt out of our
marketing.
By clicking submit, you confirm that you understand and accept the Terms & Conditions and Privacy Policy
3Kites has recently undertaken system/service selection projects which have included helping firms to select security partners, SOCs (security operations centres) and SIEMs (security information and event management). With new acronyms to grapple with, and a significant additional IT spend being requested by IT directors, we provide here a short overview of the changes taking place in cyber security and the impact that professional services firms might expect from these. There’s a lot to cover, so let’s get started:
‘Traditional’ IT/cyber security
We have become familiar with the cyber security provisions that have been in place for a number of years, including items such as complex passwords, firewalls, antivirus applications, VPNs, device/data encryption, software patching, training and blocking access to items such as USB pens and websites that breach a firm’s policies. Some firms have taken the decision to formalise their approach with accreditation such as ISO 27001 and Cyber Essentials +. At the very least, we recommend firms complete the Cyber Essentials check list, which in our experience often highlights areas where cyber security can be improved.
As the risks firms face become more sophisticated, the ability to ensure your systems remain secure becomes considerably more complicated. With the increase in security solutions and associated companies to implement and monitor these, how do you know the difference between what you need to put in place and what (based on a risk assessment) you want?
An overview of some of the solutions outside of the ‘traditional’ security model:
That’s interesting, but what do I need to do?
It is no longer enough to outsource cyber security to your IT team or a third party, a firm’s management team needs to have a broad understanding of these potentially existential risks and understand what steps are in place to address them. While we would recommend your in-house team lead this approach, ideally working with a third-party specialist, full responsibility should not be devolved solely to them.
The list above provides details on the solutions which are forming part of the ‘new’ IT security model. These help tighten and enforce security controls as well as provide services to monitor and react to issues that may be discovered, ideally before a firm identifies an issue (or even worse) when a ransom or similar attack is raised to your firm. None of these options are foolproof and, despite all the precautions put in place, your staff are still your greatest risk – appropriate and regular training is key to building the ‘human firewall’.
Implementing the options listed above will run into tens of thousands of pounds (increasing with a firm’s size), so understanding the likelihood of an issue and its impact is important to ensure you consider solutions that match the risk you are trying to mitigate. This will help when speaking to suppliers as it will suggest which questions to ask and ensure that any solutions being considered are aligned to your specific needs.
3Kites can provide assistance in helping a firm to understand its risks, consider requirements to manage identified risks and help to choose the right solutions/security partner to meet the firm’s needs. With these solutions adding a considerable cost to a firm’s annual IT budget, choosing the right solution not only reduces risk but can help save thousands of pounds each year.
If you would like further information about 3Kites’ IT supplier selection, help with managing an existing supplier, or any of the other 3Kites’ services, please contact Jon Howells on 07917 367872, email [email protected] or visit https://www.3kites.com/contact-us
Jon Howells is a director of 3Kites. This is the 35th article in the series Navigating Legaltech.
--------------------
About 3Kites and Kemp IT Law
3Kites is an independent consultancy, which is to say that we have no ties or arrangements with any suppliers so that we can provide our clients with unfettered advice. We have been operating since 2006 and our consultants include former law firm partners (one a managing partner), a GC, two law firm IT directors and an owner of a practice management company. This blend of skills and experience puts us in a unique position when providing advice on IT strategy, fractional IT management, knowledge management, product selections, process review (including the legal process) and more besides. 3Kites often works closely with Kemp IT Law (KITL), a boutique law firm offering its clients advice on IT services and related areas such as GDPR. Where relevant (eg when discussing cloud computing in a future article) this column may include content from the team at KITL to provide readers with a broader perspective including any regulatory considerations.
Email your news and story ideas to: [email protected]