Lawyer Monthly - August 2021 Edition

47 AUG 2021 | WWW.LAWYER-MONTHLY.COM GETTING CYBERSECURITY RIGHT FOR YOUR FIRM their mobile devices for both work and personal use, they will need to face up to an entirely new set of challenges. This updated landscape requires a contemporary way of thinking (and new solutions) in order for legal firms to defend themselves against cybercriminals. Don’t Trust Anyone With people increasingly working under a ‘hybrid’ model (a mix of working from home, the office and on the road), we look to technology to afford us the flexibility and ability to work anywhere. With most workers no longer effectively tethered to a desk, firms require security platforms that support the new normal with solutions that provide remote workers with security whilst actively improving the employee experience. Firms need to ensure that employees are able to work on any device, which makes tools like multi-factor authentication and a zero-trust approach to security absolutely crucial. Organisations everywhere are adopting a ‘zero-trust’ approach which places greater importance on identifying the real-time health of a user’s device and the ability to provide conditional access to corporate data as a result. Zero-trust security is all about eliminating implicit trust. Effectively, it is an interrogation of trust within networks or the trust between host and applications. Zero-trust implies that the best way to secure a network is to assume no level of trust whatsoever. Employing a zero-trust model supposes that no single person is able to solely execute any sort of change to the system that could affect the security of the system. One way to make this happen is to effectively replace human vulnerabilities with automation. In all things ‘security’, humans are invariably the weakest point in any chain. Firms can mollify human error by adopting single sign-on solutions and strengthening security controls that oversee how and where employees get access to specific data. Cloud Access Security Brokers (CASB) A CASB solution can optimise visibility across an organisation by monitoring all user activity within cloud applications (company-approved and shadow apps) and enforcing both internal policies and external compliance requirements. A CASB solution should additionally be adopted as part of a wider SIM/SIEM solution for the ultimate in forward-looking, secure data collection, monitoring, and consolidation. Many CASB solutions are designed with compliance in mind. They provide granular visibility and control over user interaction with cloud applications and broad audit trails of such user activity. They tend to operate as a system that is partly a filter, proxy and firewall between the users and cloud systems, and have capabilities to detect unsanctioned cloud applications, as well as sensitive data in transit. Organisations can use CASBs to address specific use cases with their cloud providers and are perfect for centralised control, management and ease of use. With so much going on in the cloud as businesses strive to Firms need to ensure that employees are able to work on any device, which makes tools like multi-factor authentication and a zero-trust approach to security absolutely crucial.