How to Safeguard Your Intellectual Property Through Document Management
Law firms have typically had an open-door approach to document access. This means that anyone in your firm can likely access any document at any time, leaving your firm's intellectual property entirely unprotected.
November 27, 2019 at 07:00 AM
8 minute read
Illustration by Shaw Nielsen
This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.
Documents are the lifeblood of any law firm. The documents that a firm produces are its greatest asset, yet firms historically have not made sufficient efforts to safeguard those documents from both internal and external threats.
For decades following the advent of word processing systems and continuing even into today's sophisticated document management platforms, law firms have typically had an open-door approach to document access. This means that anyone in your firm can likely access any document at any time, leaving your firm's intellectual property entirely unprotected.
With law firms featuring prominently in headline stories about cyberattacks and security breaches, the old way of doing things no longer works. Changes to document management and security have been long overdue, and the time to start implementing new procedures is now. The open-door practices of the 1990s need to be brought into the 21st century by implementing need-to-know policies that offer the security required in the present day.
|Closing the Open Door
Law firm documents have always been susceptible to security threats, even before the sophisticated cyberattacks that we see today. Firms have faced an everyday threat of users losing data or documents being stolen, either by internal or external thieves. In the past, law firm document systems were not really set up with protecting documents as one of their primary goals.
In large part, this is because systems were typically designed with user convenience as the main priority. Document protection and user convenience are often at odds when it comes to day-to-day operations — lawyers want to be able to access any document they want to see at any time, but allowing that level of openness leaves documents entirely unprotected and creates the perfect conditions for a security breach. Placing restrictions on document access necessarily reduces the level of unfettered convenience that lawyers have enjoyed in the past, and for that reason firms have been loath to implement such procedures.
In addition to the convenience factor, law firms historically also simply gave little thought to protecting their documents from internal users. It has only been since the rise of external security threats that firms have started focusing more attention on these issues and are now looking to institute safeguards against both internal and external breaches.
|Document Security for Modern Times
Overcoming the convenience issue starts with getting users to understand the threat, particularly lawyers or partners who have been at the firm for decades and are used to the way things have always been done. If your users understand that the threat at hand is being the next front-page story, they'll be more likely to get on board with new security procedures that will actually safeguard the firm's intellectual property.
Law firm users now access documents in very different ways than in the past, when lawyers worked entirely from desktop computers in their offices. Today's lawyers are constantly on the go, opening documents in the document management system from mobile devices and through mobile applications. While your framework may be set up for security, you're still relying on user credentials that can easily be stolen and your old system won't ever offer your documents complete protection.
If a single one of your users gets hacked, that hacker gains access to millions of documents through open-door policies. In contrast, if you establish a zero-trust network to protect your documents and give your users access to only those documents that they need to see, you have significantly greater protection in the event that credentials are compromised and your system is breached.
Switching over to a need-to-know document access policy can take significant work, but the potential risk is too great not to do it. Firms face internal and external threats all the time — from disgruntled employees to entire practice groups moving to a competitor. In those scenarios, there may be no way to protect the documents those individuals had access to, but if you've implemented procedures that protect the intellectual property of other practice groups, that will go a long way toward protecting your firm.
Your documents and your document management are your firm's greatest assets. It's time to institute updated procedures to safeguard them.
|The Way Forward
If you haven't seriously started thinking about your document management procedures and your document security, the time to start is now. Even if you have thought about it, if you're like many firms, you may be hesitating to take action because this is new territory. Most firms have not addressed a change like this before, and it can be daunting to put a plan together.
The good news is that there are solutions available on the market that can make it easier to implement need-to-know access, as well as experienced vendors who can make the transition easier. For example, iManage, one of the most popular document management systems in the legal industry, offers a product that makes the transition to need-to-know access much simpler for its clients. The iManage Security Policy Manager allows you to implement need-to-know access for documents on a global scale, segregating your content and implementing the ethical walls you need to maintain security in the face of today's looming threats.
These kinds of solutions allow you to protect your documents without sacrificing your performance or productivity. While the unfettered convenience of the past may not be there, your employees will still be able to get to anything and everything they actually need to see to do their jobs. Need-to-know access can easily be set up on client-, project- or matter-centric bases, providing the necessary security without impacting your firm's resources or systems.
When you segment your document system and restrict access on a need-to-know basis, you greatly minimize the impact of any potential cyberattack or security breach. Employee credentials can only be used, either by that employee or someone who improperly obtains those credentials, to access the specific documents for which that employee has permission. This means that any breach is contained and your entire system is no longer at risk.
Regardless of the document management system you currently use, similar measures can be put in place to ensure that your documents are secure. An experienced IT vendor can help you analyze your security framework and implement the right solutions that work with your systems and preferences.
Most law firms handle thousands of matters, which produce hundreds of thousands of documents to manage. The sheer volume of documents at issue can make changing the way those documents are managed feel like a daunting task. However daunting it may be, though, it isn't impossible. Today's technology makes it easier to assign groups to massive workspaces and institute a need-to-know framework. The key to getting started is to get the right help so you can truly understand how to tackle the problem. With the right education, the solution can be a lot easier than you might think.
The solution to modern document management and security lies in addressing access in terms of groups. The ability to use groups to structure document management has existed for years, but too many firms have declined to implement it simply out of fear of inconveniencing their users. With today's significant threats to document security, there's no longer time to wait.
|The Future of Document Management Is Need-to-Know
Need-to-know access is the only way to truly secure your sensitive law firm data in today's technological age. By restricting document access to certain clients, projects or teams, you can be sure that your employees are only getting to the documents and data they truly need to do their jobs and are not capable of compromising your entire system.
Today's technologies are flexible enough to allow you to configure your need-to-know access in ways that still allow you optimal performance while creating minimal interruptions to your daily workflows. While any change will inevitably put some burden on your IT staff as employees struggle to adjust to the new way of doing things, achieving the right balance between convenience and security is crucial going forward.
Until now, that balance has been too far in favor of convenience, opening law firms up to the possibility of major, unrecoverable breaches. This overriding desire to not inconvenience has led firms to not address the very real risks they're facing.
No one wants to be the next big breach headline. By implementing need-to-know access for your documents and data, you'll be well on your way to mitigating cyberattacks and securing your critical intellectual property from both internal and external threats.
Matthew Calcagno is an Information Security Consultant at Keno Kozie Associates (www.kenokozie.com). He has two decades of document management experience and has a passion for improving the overall security landscape of a company. Matthew received his Bachelors of Business Administration in Computer Science at Robert Morris University and did his Graduate studies at Eastern Illinois University.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Stock Trading App Robinhood Hit With Privacy Class Action 1 Month After Alleged Data Breach
- 2NY High Court Returns Fired Priest's Discrimination Claim to State Agency
- 3Digging Deep to Mitigate Risk in Lithium Mine Venture Wins GM Legal Department of the Year Award
- 4Reminder: Court Rules and Statutes Apply to Pendente Lite Custody Decisions
- 5Consumer Cleared to Proceed With Claims Against CVS 'Non-Drowsy' Medication, Judge Says
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
