4 Ways to Stand Up to Your Client’s Security Audit
Today’s professional services firms are under a great deal of pressure when it comes to matters of security. Not only externally from the cybercriminals who are increasingly targeting them to gain access to privileged client data, but internally from clients themselves who are reacting by demanding more stringent procedures and precautions be taken with their information.
To provide some perspective on how prevalent these pressures are, consider the latest research from cyber security firm, FireEye, which tells us 97 percent of all service firms have experienced a data breach at one time or another. That is no small percentage. When we take into account the media attention these breaches can produce, it is easy to understand why clients are turning up the heat on making sure their information is protected.
At iManage, we speak to our customers regularly about these pressures and how they manifest themselves in client relationships. One recent trend we have seen emerge are client-mandated security audits. In these audits, clients will run their own security assessments on firms in order to ensure their data is being adequately protected. Some firms have had clients go so far as to write provisions for these audits into their contracts as a condition of working together.
What all of this signals is that clients are getting very serious about security. They want to know their firm is doing everything it can to keep their information safe and as the practice of client-run security auditing gains popularity, it will become even more critical for service firms to be able to meet expectations.
If your own clients are beginning to approach this subject, here are four ways you can ensure your firm stands up to an audit:
1. Store information in governed locations
We cannot stress enough the importance of governance when it comes to managing client data. There are many benefits to storing mission-critical information in governed locations over simple files shares or email inboxes, including the ability to set up multi-factor authentication protocols and define matter level security levels. Your firm will also benefit from encryption of data both at rest and in motion, as well as audit trails to track user access.
2. Adopt stricter security models
This has to do with your firm’s mindset when it comes to security: Either it is optimistic and gives everyone in the organization the same level of access, or it is pessimistic and determines access-levels based on standards such as matter specificity. The pessimistic model is the one toward which we see our industry moving. And while it can be upsetting to employees to have only the lowest level of security necessary to complete their job, it is undoubtedly safer for the organization as a whole.
3. Use secure file sharing tools
We understand how heavily service professionals rely on email for matters of collaboration and communication, but when it comes to sending files back and forth repeatedly for reviews, edits and feedback, it is often much more effective to use a sharing tool such as iManage Share to keep information out of harm’s way. Not only will it help you keep documents governed, it will also bring significant productivity benefits, which means time and money saved in process.
4. Enforce data retention policies and practices
Lastly, it is essential to have a central policy for tracking, retaining and disposing of client information at your firm. The best and most effective policies are those that have the shortest retention period possible, can be applied to both electronic and physical data, and are easy to follow scrupulously across an entire firm.
If you are interested in learning more about how iManage can help you and your firm stand up to client audits, please visit our product page for more information.