You Can’t Secure What You Don’t Know Exists

posted in: LawFirms, LitigationSupport, Tech 0 |
Reading Time: 3 minutes
data photo
Image by Elif Ayiter/Alpha Auer/…./

If you’ve paid much attention to the space over the last months, you may have noticed the same trend that I have. It seems that every other article that I have seen on the topic is mentioning either Cybersecurity, or Information Governance, along with eDiscovery.

This is not a coincidence.

breaches have become big news, and the legal industry, rightly, is becoming very concerned with not just the possibility of being breached, but also the possibility that, as part of that breach, the client information they have been entrusted with, will also be breached. No one wants to be the firm that makes the headlines as the one that lost confidential client information. That’s not a good look.

Hand in hand with these concerns though, is another. In order to truly protect your data, you actually have to know what it is, where it is, and who has access to it. As an article in the Chronicle of eDiscovery puts it:

For many years, those of us responsible for were only concerned with a direct cyberattack on our own networks. But as cyberattackers get more sophisticated and better funded, we need to be conscious of our role in a far more complex information ecosystem. A good example of this is the Target breach in late 2013. As more information has come to light, we’ve learned that the cyberattackers found a weak link via Target’s HVAC contractor and used its network as the staging site for the attack. If you think about the structure of how work is done, it could have just as easily been a law firm or a legal services provider that provided the entry point.

Here we had a major news story that resulted from Target not keeping track of the various folks who had access, and what they had access to. (At least that’s my guess from the outside.) This is the reason is a big part of the push. Simply put, as lawyers start storing confidential information in a variety of places, on a variety of devices, and sharing it with outside vendors, someone needs to be fully aware of all of the possible points of security failure.

If you don’t keep track of where confidential and communications live, you can’t possibly keep it secure. Unfortunately, thanks to the proliferation of BYOD policies, cloud storage providers, and outsourcing, most organizations are now playing catch up. Their is already spread across a lot of potential targets. Figuring out which ones are vulnerable and what data they contain is a challenge, but it’s step one towards increased security.

Do you know where your confidential is and who has access to it?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.