Estimated Reading Time: 2 minutes
Recap of a panel discussion which focused on a few key data security topics and included Mike Marsilio, director of security and compliance, DTI; Mark Connelly, CISO, Thomson Reuters; Steve Katz, board member at Glasswall Solutions; John Masserini, CSO, The MIAX Exchange; and Mark Olson, vice president and CISO, Iron Mountain.
ENEMIES AT THE GATE: RESPONSES TO DATA SECURITY THREATS AT LAW FIRMS
In eerie silence, law firms could be easily breached like JPMorgan Chase, Home Depot and Sony by cyber criminals. The difference with law firms though is that few would know the sensitive data was absconded. While law firms do not have to report such penetrations, we learned at the 5th Annual Law Firm CFO/CIO/COO Forum: Data Privacy, Security & the Globalized Law Firm, that they must increasingly stay vigilant to avoid such a plight.
The first panel discussion of the day focused on a few key data security topics and included Mike Marsilio, director of security and compliance, DTI; Mark Connelly, CISO, Thomson Reuters; Steve Katz, board member at Glasswall Solutions; John Masserini, CSO, The MIAX Exchange; and Mark Olson, vice president and CISO, Iron Mountain.
What keeps them up at night?
Masserini expressed several concerns which were mutually shared by the panel. Simply put, employees create significant anxiety. What are they downloading? What links are they clicking? Are they using dirty unencrypted jump drives on their computers? All were in agreement that internal employees’ actions can cause the most harm to a network.
Other concerns expressed included:
Not having enough skilled people
Complexity of vendors systems and vendors who are not mindful of the security concerns.
Answering some of these issues, Olson offered a few suggestions. There has to be processes in place. Enact physical requirements on your data rooms, e.g. isolating buildings and spaces. In addition, have vendors escorted into your buildings. Knowing that you have to trust some vendors, log absolutely everything. Do not allow jump drives unless cleansed by your security professionals. Ultimately the mantra of the day was educate, test, create and follow process and procedure and retrain constantly to guard against breaches.
Full press release:
Copyright © 2002-2020 John Masserini. All rights reserved.