The Challenge
It’s not enough to protect sensitive client information. You also need to prove that you’ve taken reasonable care to protect it using cybersecurity practices that conform to industry standards. At one San Francisco based law firm serving clients in the highly regulated defense and health care industries, those goals were difficult enough on a small IT budget. Implementing cybersecurity simple enough for employees who weren’t tech-savvy made it nearly impossible.
The Solution
The firm brought in Xantrion to develop a cybersecurity-focused, IT strategic plan that assessed its true risks and determined how to mitigate them most effectively. In the end, we implemented a device encryption program, introduced a stronger password management policy, and provided cybersecurity training, all while steering the firm away from investing in expensive security services that didn’t address the cyberthreats it actually faced.
To generate buy-in for changes such as introducing a stronger password management policy, we provided benchmarking comparisons. We also provided training on simple techniques for generating passwords that are easy to remember, but hard to guess.
The Outcome
Today, the law firm has cybersecurity measures that address its most significant risks cost-effectively, without excessively burdening end users – which makes them more likely to stick to the cybersecurity strategy. It also has a plan for additional cybersecurity measures, such as obtaining a third-party certification of its cybersecurity practices.