beyond the fortress fortify your content before it travels beyond the firm walls
Post on 03-Jan-2016
Embed Size (px)
Beyond the FortressFortify Your Content Before it Travels Beyond the Firm Walls
Paul Domnick, Board of Directors, Litra Corporation
Michael Fick, Consultant, Enlitened Technologies
Joy Heath Rush, Vice President, Client Development (Law Firms), Litra CorporationOur PanelFraming the Issue
Law Firms as Cyber TargetsAggregate highly confidential information Most firms DM security is public by defaultOrganized into client/matter folder structuresContain data from multiple organizations pertaining to one transaction/matterPerceived as less secure
ABA Model Rule 1.6 - Confidentiality of Information. Require lawyers to keep confidential ANY information relating to the representation of a client.
ABA Model Rule 1.1 Comment 8 - Competency. To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technologyEthical ResponsibilitiesLawyers are communicatorsLawyers access the most confidential informationLawyers work as part of a team need to collaborateLawyers work everywhere sometimes in unsecured environmentsLawyers are under severe client pressureLawyers communicate with third parties creating content in motionLawyers duty to protect and manage client information extends beyond the firms firewall
Why Does the Practice of Law Create Business Situations that Could Compromise the Confidentiality of Client Information?
What are Firms Doing to Protect their Client Information and Electronic Communications?Source: A Study of the Legal Industrys Information Security Assessment Practices, Sponsored by ILTAs LegalSEC Team, August, 2013General security of the firms ITSecurity of their dataAt rest/in motionComingling Auditable defense Adherence to regulatory requirements Client Audits Spotlighting Concerns
If you dont understand what your clients expect of you, then you cannot invest in the appropriate level of protection and make informed decisions about risk.Law Technology News April 7, 2014What Clients Expect Law Firms To Do
Protecting the infrastructure and the edge is critical, but what about the actual data
The General Approach Taken by the Industry Protect The Infrastructure
EmailHow can the firm protect the future of the email message beyond the initial transmission?Deal RoomsHow can the firm control the file after it has been downloaded onto foreign network?Drop Box/iCloudHow can the firm protect the client when content proliferates beyond the firms control?Mobile DevicesHow can the firm protect content on mobile devices, removable media and home PCs/Macs?Human FactorHow can the firm protect against the busy lawyer that does not abide by firm security policies?Some Other Things to Consider When Protecting Client DataWhy Digital Rights Management (DRM) Protect what is yours from misuseMisuse is accessing confidential information without authorizationEnables proactive control over contentExtends content custody beyond the perimeter
Digital Rights Management The Next Level of Threat ProtectionWhat is the Security-Convenience Equation when Dealing with Content in Motion?
Secure File TransferIntegrated into emailNo file size limitsAvailable on mobileSend and receive filesFull audit trail
Secure CollaborationFull content controlSimultaneous edits on a single documentSide by side view of all changesCustody retainedFull audit trail
The Collaboration Landscape One Size Does Not Fit AllEmail and AttachmentsProfessional attachment managementReply all and BCC protection
Secure File Synchronization2-way exchange of shared foldersNo file size limitsGranular securityFull audit trail
Frequency of interactionConfidentialityMake it easy for lawyers to do the right thing.... Convenience breeds compliancePrioritize defenses based on the balance of risk involvedProtect the content as well as the perimeterBooby-trap the data Snapchat for documentsThink of outbound risk as well as perimeter defenseHow Can Firms Begin to Fill the Gaps?Imagine A World Where Lawyers...From Michael:Despite continuous monitoring, robust defense and awareness of network activities the bad guys will get in. Security is a team sport educate users on how to play defense and support them with the right tools Focus on controls to manage content and risk of data exfiltrationKnow what is leaving the firm, protect it in motion and manage it when it lands outside the firmThree Take Aways...From Paul
Habitual protection of content that is easy, mitigates riskOne size does not fit all Building a fortress from infrastructure up is essential but not enough. You must also build from the people and the content downThree Take Aways...Thank You!