Ten Steps to Secure Your Law Firm’s Software Supply Chain

By David Carter, as appeared in Peer to Peer ILTA’s Quarterly Magazine – Winter 2021

Law firms face unique challenges when it comes to security. Not only must they safeguard their own internal data, but they must also ensure that confidential client documents are stored securely. The risks and responsibilities regarding data management are substantial, and the penalties imposed for errors are stiff. While software solutions are essential to a firm’s daily operations, technology and tech vendors can pose significant security risks. Ensuring the security of a firm’s software supply chain is, therefore, a critical objective.

In the 2020 SolarWinds hack, attackers compromised the technology company by inserting malicious code into their security monitoring platform. A “back door” was inserted into SolarWinds’ popular monitoring suite allowing attackers to infiltrate thousands of networks in the public and private sectors, negatively impacting their customers.

The SolarWinds breach serves as a cautionary tale, demonstrating that all organizations— including law firms— must be vigilant when securing their on-premise technology and software-as-a-service (SaaS) supply chain. Security for the entire legal software supply chain is more vital than ever. Firms now frequently perform IT and business functions remotely, and more firms use cloud-based solutions due to the ongoing pandemic. Because many firms have plans to move to the cloud and migrate from on-premise products to SaaS solutions in the future, they will soon have broader security considerations.

A law firm’s software supply chain includes all locally installed desktop and server computer software and cloud/ SaaS technology delivered over the internet. It also has an often-overlooked layer: the vendors used by the technology suppliers, who must be evaluated for risk and compliance assurance.