Legal Eagles – Law Fims Soaring or Grounded on Information Security?

Guest Blog by Jamie Herman, Firmwide Information Security Manager at Withers Bergman LLP

Law firms face similar information security challenges as financial institutions, yet they continue to drag their feet on developing a robust security strategy. Is cost the inhibitor or are we just witnessing a natural progression towards the multidimensional model of information security evolving within the legal industry? The answer can be broken down across three categories (which one might argue are variations of each other), of which are culture, cost, and alignment. I like to call this the CCA model (self-explanatory I know). Like most partnerships, law firms have culture to contend with, not just culture within the confines of the firm, but for an international firm, the cultural asymmetry between the American offices, European offices, and Asian offices. This unconformity creates a slippery slope that information security leaders and business leaders must navigate their way around to achieve an agreed upon strategy and set of policies. Let’s take a look at the CCA model in slightly more detail, and put parameters around achieving success in this space.


  • Understand the culture of the firm, the partners, the support staff, and the regions the firm operates in.
  • Work  within the structure provided at your firm, as deviating too far aware from current practices will throw up red flags and hinder progress.


  • Most firms have a minimal amount of budgetary resources allocated for infosec…change this. Creating business cases or ROSI (Return On Security Investment) projections can go a long way to convincing the firm that it can’t afford not to increase infosec spending. This is not about technical controls solely, but more about user awareness training, administrative and operational controls collectively.
  • Work with other I.T. leaders to identify projects that might be of a lesser priority in favor of information security initiatives in the coming year. Having all technology leaders aligned in their thinking will present the unified front necessary to push it forward, without resource conflicts.


  • Align the information security strategy with the business strategy. Without doing so, your attempts will fail. This takes time, not only to draft the strategy within proper alignment, but to get the much-needed feedback from other key stakeholders to ensure you are on the right path. Nobody wants to draft an infosec strategy and find out a week later that the business has shifted the organizational goals for three to five years from now. Remember, we are identifying how infosec can not only protect the firm and client’s data, but also potentially give the firm a competitive edge in the end.
  • Recognize legal or regulatory drivers that can help to expedite the buy in for infosec in your organization. There is legislation, directives, and regulatory requirements passed throughout the year, which can impact the stance that the business takes.

Look, this is the white elephant in the room, and everyone knows that at some point they need to get their checkbooks out and get their house in order. But this is not just about the money…for the first time in technology we can innovate and make drastic changes that can massively benefit the business, without a great deal of spending! They key is shifting the mindset from a reactive position to a proactive one. Training the business to conduct itself in a more secure fashion is priceless, and it is not until that is achieved that you will see the ultimate return on your investment. This is not about installing some really slick IPS and carrying on with your business. Infosec is a living, breathing animal, which needs care and feeding. Nurture security like it was your child, take care of it and build the right foundation for it, and you won’t be bailing anyone out of jail, being deposed, or sitting up at 3:00 am trying to figure out where you went wrong, and how you were compromised.


Glenmont Group is a boutique search firm that concentrates on Professional Services, with a focus in the Legal & Content space. Because we are a highly focused boutique firm, we offer expertise in the industry that other search firms cannot. Our staff has been trained on, employed in or consulted for these industries so there is no learning curve. This means that you will not see resumes off of "job boards" that seem to have little or no connection to the position you are trying to fill. In fact, just the opposite is true. Our process includes a competitive analysis that identifies the top candidates in your given field. At Glenmont Group, we strive to develop and maintain long-term professional relationships with our clients. We believe in a business relationship based on hard work, cooperation, integrity, trust and a sense of humor. We are also active members in our industries by working on or with the Executive board of our industry trade organizations such as; IQPC, EDRM, LMA, PMA, ALSM, ALA, AIIM, ARMA. This assures constant access to a network of those highest quality candidates who are involved in these organizations.

Posted in Guest Blog, Insights, Legal Technology, Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 540 other followers

%d bloggers like this: