With the data breaches and ransomware that has plagued law firms (and other companies) of all sizes recently, clients and firm managers alike are seeking more advanced data security. Certifications like the ISO 27001 provide guidelines and standards for how to protect the confidentiality, integrity, and availability of the information your firm holds. But what does implementing the high level of cybersecurity mean practically, how much will it cost, and what if a solo or small law firm can’t afford it? In this episode of The Digital Edge, Sharon Nelson and Jim Calloway interview John Simek about the International Standards Organization (ISO) 27001 certification, The National Institute of Standards and Technology (NIST) small business standards, and other news concerning law firm cybersecurity. Topics include: Updates, guidelines, and costs of getting the ISO 27001 certification NISTIR 7621 Revision 1: absolutely necessary, highly recommended, and advanced cybersecurity actions Helpful resources for small firms Client wishes and data breaches in 2015 How to implement an incident response plan (IRP) Email encryption and Opinion 648 of the Texas Center for Legal Ethics Protection from ransomware Passwords, multi-factor authentication, and biometrics Changing defaults and patching applications John Simek is the vice president of Sensei Enterprises, Inc. in Fairfax, Virginia, which offers IT, information security, and digital forensics services for law firms and other businesses. John is a co-author of the book “Encryption Made Simple for Lawyers,” published by the American Bar Association in 2015 and a co-author of the second edition of “Locked Down: Practical Information Security for Lawyers” which will be published in March of 2016. John is one of the country’s leading cybersecurity experts for law firms.