Information Security: What you do matters...Yes, even you

This is the time of the year around our house where we are approaching a heightened holiday season (yes, I'm including Halloween in that list …don't judge). It's always a good time of the year to remind ourselves of a very important truth …WHAT YOU DO MATTERS …YES, EVEN YOU! …and what you do impacts more than just you!

This is particularly true amidst the increasing efforts being made by law firms today to deal with and address Security related matters in firms. If you've been following this trend over the last two years you have notice significant strides in law firms to take seriously the matter of security. Our clients are demanding it. The industry is forcing it. Regulations are requiring it. AND, it's just the right thing to do. Perimeter security, ISO 27001 Certification, Mobile Device Management, data encryption, secure file transfer, and other security measures are being implemented in firms all around the globe in response to the increased security threat levied at law firms. So, as we continue to fight the good fight, let's not forget that simple truth …WHAT YOU DO MATTERS!

Let's take a look at a few notable quotes (from among many this past year) that bring this point closer to home…

FROM THE NEWS … 

(while reading these, in your mind or out loud, do your best Emeril Lagasse impression and say "BAM!" after each one)

Security issues are fought on many fronts, but I think we may have to give the "winner of the biggest threat" award to … you guessed it … PEOPLE (and, by the way, that includes you and me). 

THE HUMAN CONDITION…

OK, let's look at this a different way. Let's look at just a few common but FLAWED ways of thinking. How many of you have heard people at all levels in your firm say (or have even said yourself) any of the following things…

  • FLAWED THOUGHT NO. 1:"I don't care if someone sees my email …I have nothing to hide."

Doesn't that sound noble!?! The "my life is an open book" mentality may sound honorable and full of character, but that is no excuse for exposing what you've been entrusted with to exposure or breach to those who have no business seeing it. This is dangerous thinking. 

  • FLAWED THOUGHT NO. 2: "I don't have to worry about that. I have a great IT department …so what I do doesn't matter. They've got me covered." 

YIKES! I drive a safe car and I feel safe in my car, butI don't drive down the wrong side of the street or drive with my eyes closed. We have a responsibility …to ourselves, the people in the car, and all those around us to take our position as a driver seriously. It doesn't matter how impressive the car is. You still have potential to cause harm.

  • And finally, that natural human tendency and flaw in the human condition that leads us to believe …in spite of all evidence to the contrary andwarnings all around FLAWED THOUGHT NO. 3"That will never happen to me!" 

Do I even need to pull out the "famous last words" saying?!? This "bubble of disbelief" that nothing like this could ever happen to me is a dangerous way to live. 

OK, I'll admit that I have at least said these words, "If it weren't for people, my job would be a lot easier." Well I guess it's true, but while People are likely our biggest threat and risk vector, they are also our greatest assets. Let's enlist them in the battle and let them know how important they are to the security of the firm. SECURITY IS EVERYONE'S JOB! 

IN DEFENSE OF PEOPLE…

I strongly believe that most people want to do a good job. I think most people take pride in their work. I don't believe individuals start out their day thinking of ways to expose the firm, the employees of the firm, or the client information the firm handles to exposure and risk. Most of us simply set out into our day with a goal of getting our work done to the best of our ability. We often do risky things with pure motives …to provide good customer service and/or to respond timely to our job's demands. People aren't the enemy, but sometimes the way we think is the enemy. This thinking can and should be challenged.

As we continue to address the security threat that is facing all law firms …of all sizes … let's not forget to address the people that are out there doing the work. Our security initiatives have to include a concerted effort to inform all employees that no matter how big or small you perceive your role in the firm's security initiative and overall success to be, security is EVERYONE's job. 

Change starts with you. To get to a culture of security awareness in your firm begins with you. Yes, you. You are the only one you can change! Fostering a culture where people behave safely and securely depends on everyone realizing it is their personal responsibility. 

WHAT YOU DO MATTERS... Spread the word!