It is no secret that information technology has transformed the practice of law. As information has become increasingly digitized, the primacy of a robust information security and privacy posture has become crucial. DLD Lawyers understands that third-party cyber risk is an extremely serious issue that creates challenges for clients and firms alike. More than half of companies surveyed in 2018 by The Ponemon Institute report having experienced a third-party breaches, and that number has been increasing steadily each year.
We continue to place a significant emphasis on security and privacy. In the American Bar Association’s 2018 Legal Technology Survey Report, considerably less than a third of law firms reported using full-drive and/or email encryption, and barely over a third of firms reported having cyber insurance coverage. Our security steering committee includes legal, technical and administrative professionals with the knowledge and experience needed to deal proactively with the cyber issues faced by all companies today.
Although DLD Lawyers is a small mid-size law firm, we adhere to the following cybersecurity protocols:
- Maintain a Certified Information Systems Security Professional on staff full-time;
- Base our cybersecurity governance on common industry standard frameworks, such as ISO27001 and NIST 800-series;
- Encrypt sensitive information at rest and in motion using provably secure mechanisms;
- Employ physical, administrative and logical access controls to restrict access based on information security axioms such as the principle of least privilege and separation of duties;
- Conduct regular vulnerability assessments and penetration tests;
- Have programs to train and test employees on modern cyber issues;
- Regularly review all policies and procedures; and,
- Maintain an appropriate level of cyber liability coverage.
On-Site Technology Management
Roger Jimenez is the Director of Information Technology and Security for DLD Lawyers. He is a certified information systems security professional (CISSP) with more than 15 years of experience in information systems and security management. Roger earned his M.S. in Information Technology from the College of Engineering & Computing at Florida International University. He also holds a B.B.A. in Management Information Systems and Marketing from FIU’s College of Business Administration. Two of his favorite pastimes are making things like sensor-laden, raspberry pi-remote-controlled rovers and applications (full stack); and legally breaking [into] things like algorithms and applications. He can be reached at email@example.com.