Legal Conference Season Part 2: ILTA LegalSEC Summit
Dustin Bolander and Eden Minucci each attended a different legal conference in back-to-back weeks. First up was Dustin at ILTA’s LegalSEC, and the next week Eden was at ALA’s Annual conference. In a short transcribed call, they discuss the variety of topics that came up at each. The conversations have been lightly edited.
Dustin Bolander was a panelist for this year’s 2023 cyber insurance update, and spent the rest of the conference attending sessions and discussing current cybersecurity topics with other attendees.
Dustin: So, let’s talk about two different things. What did we learn at ALA? Another one, what did we learn at LegalSEC?
Eden: Sure. Let's talk about LegalSEC first.
Dustin: So, the two things that were covered most heavily, was the compliance aspect, like what I've presented on cyber insurance. They had some other sessions on client audits, stuff like that. The other was Incident response and disaster recovery - if you get hacked or something comes up kind of how you recover from that.
Eden: Do you think that's because compliance is related to security processes in general that firms are needing to follow?
Dustin: Yeah, I think so, because every other person that I met and talked to there was, you know, “I'm the information security director. I spend most of my day filling out paperwork.”
Eden: Right.
Dustin: I think it's become so compliance heavy, especially in law, that it's almost…I mean, it's still absolutely about security, but it is almost more of a compliance conference that was actual security.
Eden: Yeah, that makes sense because I think the emphasis on compliance is coming from the need for security. One of the ways that lawyers can satisfy the security fears their clients and prospects have is by having compliance processes around security. So, it makes sense to me that compliance is the way that you satisfy can manage those fears and concerns about security - by beefing up compliance.
And, everybody's getting these audits, I mean the firms themselves are getting audits, you know.
Dustin: Oh, especially the corporate ones. We have several that we get, you know, long, intense audits from firm clients and providers. Which that reminds me, I need to talk to <client> about their in-house IT guys. They filled out the cyberinsurance form and basically just checked yes on everything.
Eden: Well, I think he thought it was right. It's hard. It's harder for the people inside the firm who don’t specialize in this. No one has brought these items up to them, unless we do when we find things.
Dustin: Well, the problem with that is when they don't realize they had the problem. They filled it out like “we're doing great”. The compliance part, and the cybersecurity stuff, it's one of those they don't know there’s a problem until something happens.
Eden: But, I think now people are getting concerned about security because they're seeing so many things that are happening, you know they're seeing all the things that might not necessarily be a security breach, but what they're getting is a ton of phishing and social engineering, telling me, “Oh, they know who our partners are!”
Dustin: Because they're on the damn website.
Did you know CGP can help with client audits, and also has licensed insurance agents on our team to help with cyber insurance?