This essay entails an analysis of the ethical, legal, as well as security, risks linked to the threat of having Kirkland & Ellis’ servers hacked or breached. Kirkland & Ellis is a well-established law firm. Its offices are in Chicago. Like many other legal firms, Kirkland & Ellis engages LPO (Legal Process Outsourcing) in line with the instructions it receives from own clients according to Djordjevich and Vault (2007, pp.182-183). Principally, LPO is enabled by the continuing globalization along with the extant information technologies according to Lacity, Burgess and Willcocks (2014). LPO entails procuring particular legal support, or services, from overseas firms that provide the services.
Every firm that engages in LPO is highly exposed to various ethical, legal, as well as security, risks. Most firms have in-house counsels whose brief is to advise the firms on how to alleviate the risks and take advantage of any related opportunities. In the case of Kirkland & Ellis, the most significant of the risks relates to the possible hacking of its servers, which would occasion the breaching of the ethical, security, as well as legal, provisos that are applicable. The hacking of the servers would injure the firm’s efforts towards establishing itself as an authentic firm offering cost-effective, as well as high-quality, services in an environment exclusively defined by confidentiality according to Lacity, Willcocks and Burgess (2014, p.112) and Lacity, Burgess and Willcocks (2014).
One of the most significant problems facing organisations with LPO components relates to confidentiality stemming from possible breaches of their information systems and related components, including servers (Djordjevich & Vault 2007). There are many LPO providers and seekers, including Kirkland & Ellis, which lack servers that are adequately secured as well as hack-proof. One of the elementary ethical and legal principles that guide lawyers and their clients in the engagements between them is confidentiality. One of the rules put in place by the American Bar Association, Model Rule 1.6, addresses varied matters related to the LPO-related confidentiality. Notably, the rule requires every legal firm and legal practitioner to safeguard every piece of information that they possess or acquire according to Burnett (2009) and Trent and Roberts (2010). It is clear that LPO is colored by specific confidentiality challenges relating to the security of the information system security in the firms that engage in it. The challenges also relate to the legality of transmitting particular information, including through servers according to Center for Professional Responsibility and American Bar Association (2007, p.97).
Kirkland & Ellis moves lots of work overseas. The work includes transferring considerable amounts of very sensitive data, including clients’ health records, social security-related information, and financial records. The transfer of such documents predisposes the firm to confidentiality breaches and the possible abuse of such data. The hacking of the firm’s servers would most likely have the data fall into hands of entities that would abuse it and possible trigger a confidentiality-related crisis for the firm. With the mounting cybercrime cases, there is a mounting risk of having the firm’s servers hacked since they are not sufficiently secured as yet (Barrett, Byrnes & Silverman 2005).
If server hackers got hold of the data, they would breach its confidentiality according to Burnett (2009). They would breach the specific confidentiality legal requirements or stipulations of the corresponding cases being processed by the LPO providers engaged by the Kirkland & Ellis. Worldwide, numerous servers are hacked or accessed illegally, daily. Firms are supposed to develop and establish adequate, as well as effectual, measures to safeguard their servers from being hacked, leading to confidentiality breaches.
Technically, Kirkland & Ellis’ capability to secure the information that it sends overseas and ensure that the information retains its integrity and confidentiality is dependent on its ability to plan well to control how the information is accessed and the related processes. Several technical solutions, or measures, have been proposed to deal with the risk of the breaching of the firm’s servers and the related confidentiality requirements. The first proposal is that Kirkland & Ellis should secure its servers adequately via smart password management. The firm should ensure that the passwords used on its information system, especially for users, provide shell admission or access.
The passwords ought to be strong. As well, they should be changed regularly. In addition, given that the firm uses multiple servers, should use a unique set of passwords on each of the servers (Society for Computers and Law 1974; Trent & Roberts 2010). The second proposal is that Kirkland & Ellis should secure its servers adequately by using secure shells as opposed to telnet. The proposal is broadly supported by Barrett, Byrnes and Silverman (2005). Telnet sessions are all unencrypted according to Burnett (2009). Consequently, the usernames and related passwords transmitted or conveyed via them are unsecure as they exist as plain text.
The two proposed solutions present additional legal, security, and ethical risks. Regarding legal and security risks, smart password management may present a security challenge since most smart password managers allows for the saving of passwords when a user logs into particular sites, especially new sites (Society for Computers and Law 1974). The saving of the passwords presents a security risk where firms, including Kirkland & Ellis, are the ones that provide the smart password managers to users and the users utilize passwords to access personal sites. In such cases, the users may enter own information into the sites illegally after accessing them using the passwords and the managers. That heightens the possible legal liability faced by the firms according to Burnett (2009).
Firms such as Kirkland & Ellis have an ethical duty to utilize strong passwords to ensure that their information system elements, including servers, are secure. The usage of strong passwords is encouraged in an effort to ensure that such firms suffice their ethical duties regarding confidential customer information. Even then, strong passwords do not stop breaches wholly, particularly when they are used on manifold networks or sites or when they are not changed regularly according to Burnett (2009). The usage of strong passwords by Kirkland & Ellis on its systems may encourage more and more attempts to attack its information system through malware attacks or phishing. Legally, the usage of secure shells as opposed to telnet by Kirkland & Ellis may raise legal concerns which may be brought about by changes in the applicable audit and legal regulations.
The risks that can be brought about by the adoption of the suggested solutions can be addressed in varied ways according to Lacity, Burgess and Willcocks (2014). The security, as well as ethical, risks that can be occasioned by the adoption of smart password management by Kirkland & Ellis can be addressed by ensuring that the adopted smart password managers do not allow for the saving of passwords when a user logs into particular sites, especially new sites as suggested by Society for Computers and Law (1974). The firm can also ensure that when the users leave their workstations at the end of every working day, the logins they use within the day are all wiped out of its information system according to Burnett (2009).
As noted earlier, the usage of strong passwords by Kirkland & Ellis on its systems may encourage more and more attempts to attack its information system through malware attacks or phishing (Trent & Roberts, 2010). Such attempts can be stemmed or reduced by ensuring that a unique set of passwords is used on each server. As well, the firm should put in place a lockout mechanism for devices on which wrong passwords is keyed in repeatedly according to Burnett (2009). In addition, the form should ensure that its IT teams keep its information system elements, including secure shells, up-to-date and in compliance with the applicable audit and legal audit regulations.
This essay explored the ethical, legal, as well as security, risks linked to the threat of having Kirkland & Ellis’ servers hacked or breached. Every firm that engages in LPO is highly exposed to various ethical, legal, as well as security, risks. Firms are supposed to develop and establish adequate, as well as effectual, measures to safeguard their servers from being hacked, leading to confidentiality breaches. The two proposed solutions present additional legal, security, and ethical risks. The usage of strong passwords by Kirkland & Ellis on its systems may encourage more and more attempts to attack its information system through malware attacks or phishing. Legally, the usage of secure shells as opposed to telnet by Kirkland & Ellis may raise legal concerns stemming from changes in the applicable legal regulations.