Respectfully, Law Firms are rated on the lowest in terms of Technical Compliance to begin with. I count them as an outlier, and I'm grateful I don't have to manage them as a supplier base in my organization because of the sheer amount of non-compliance they generate, which is absolutely in reverse ratio to their ability to influence us as a client, especially at management level. I only know of one person who had the Moral Fiber to tell the General Counsel the truth, that his panel of contractor law firms his division used to cover the amount of barrister related work that he never staffed up for internally, was a breach waiting to happen. That poor soul for speaking the truth found himself on the street a month later.
The proclivity of barristers to use unsecured, co-located and co-mingled Internet facing file sharing platforms was one of the highest risks we could determine, aside from a sheer lack of internal training, all the way down to the desktop control level. That was BEFORE pandemic. Which again, I point out, if you have control weaknesses beforehand, Covid didn't compel changes for the better, it just exposed them further.
There's no excuse for NOT on-boarding someone and giving them both the tools and the training, remote or not. As a matter of fact, many organizations have moved towards on-boarding in virtual even before the Pandemic, where the new hire hit the ground already having done the necessary paperwork and mandatory training/orientation all online (which includes Security Training which is looked at closely in regulated industries, and on their own time!) before showing up in the office for Day 1. About the only thing that needed to happen was to plant him/her in a chair and hand them their laptop and key fob. It was simple enough to transition that latter piece to a courier service of delivering the hardware with basic connection instructions.
The proclivity of barristers to use unsecured, co-located and co-mingled Internet facing file sharing platforms was one of the highest risks we could determine, aside from a sheer lack of internal training, all the way down to the desktop control level. That was BEFORE pandemic. Which again, I point out, if you have control weaknesses beforehand, Covid didn't compel changes for the better, it just exposed them further.
There's no excuse for NOT on-boarding someone and giving them both the tools and the training, remote or not. As a matter of fact, many organizations have moved towards on-boarding in virtual even before the Pandemic, where the new hire hit the ground already having done the necessary paperwork and mandatory training/orientation all online (which includes Security Training which is looked at closely in regulated industries, and on their own time!) before showing up in the office for Day 1. About the only thing that needed to happen was to plant him/her in a chair and hand them their laptop and key fob. It was simple enough to transition that latter piece to a courier service of delivering the hardware with basic connection instructions.
Last edited: