Lex Mundi Core Standards and Recommended Practices
      Back to home
      1. Knowledge Base
      2. Cybersecurity
      3. Lex Mundi Core Standards and Recommended Practices

      Cybersecurity - firm policy

      What should in your policy plus downloadable Word templates for these policies: Working Remotely; Information Security Program; Data Handling; Vendor Management

      What your cybersecurity firm policy should contain

      ". . . another way a [firm] may address the risks associated with human factor is by elaborating a comprehensive policy that informs [lawyers and] employees on how to deal with the [firm's]  technology, its devices, its web applications (including email) and its electronic information as well as any personal devices that come into contact with the [firm's] IT infrastructure.  In elaborating such a policy, [firm leadership] may consider:

      • using language that is easily understood by all [lawyers and] employees – not only technology or security specialists;
      • specifying what constitutes intellectual property, confidential information, sensitive business information, and other assets which the policy seeks to protect;
      • emphasizing the importance of cybersecurity and explaining the potential risks to allow [lawyers and] employees to understand what is “at stake” by using real life examples to which employees can relate to;
      • specifying what can or cannot be done with the business’ technology, devices, web applications (including email) and electronic information;
      • specifying who is responsible for the policy specifically or cybersecurity generally;
      • specifying the hierarchy of who to contact if there are any questions or incidents as well as how to contact such persons; and
      • specifying the costs and consequences to the business and individual employees who fail to respect the policy.

      In order to ensure that such policy is an effective tool, a [firm] may consider regularly reinforcing its application through information sessions and internal communications (i.e. emails, videos, portal) and its compliance through proper audit and monitoring."

      Adapted from:  Vanessa Coiteux,  Cyber-attacks: why any business may be at risk and five possible ways to address the risks,  MARCH 8, 2016

      Attachments: