insider threats: protecting data during ediscovery (nuix webinar)

Insider threats: Protecting data during eDiscovery

September 15, 2016 COPYRIGHT NUIX 2016 2

Countering insider threats in eDiscovery


Today’s Panel

Mark Burgess

Director eDiscovery,

Yerra Solutions

James Billingsley

Principle Solutions

Consultant, Cyber Security

& Investigations, Nuix

Angela Bunting

Vice President, eDiscovery

Nuix


Converging interests

• Technology advancing at an

alarming rate

• Google-fast societal expectations

• Enormous amounts of data

• Things getting lost, damaged,

stolen

• IT is focused on systems, Legal is

focused on the law … but they

both are bound by the data

Why we need to care


Insider threat is on the rise – the “who”

Source: Verizon 2016 DBIR report

Incidents Breaches


What makes up the “who”



Insider threat is on the rise – the “why”



Insider threat is on the rise – the “how”



Insider threat is on the rise – and so is time to discovery



Insider threat on the rise – the misconceptions

Source: 2015 Vormetric Insider Threat Report


Discovery is complex

Addressing the threat


Addressing the threat - People

• Vet your personnel

– Employees

– Vendors, contractors and business partners

– Confidentiality agreements/policies/monitoring/control

• Reassess when necessary

– At fixed intervals (e.g. annually)

– Change in status

• When an employee’s role changes (promotion, transfer)

– If employee displays signs of distress or disgruntled behaviour


Addressing the threat - People

• Educate employees and affiliates on the risks

– Contractual provisions

– At onboarding

– Refresher days

• Training to include:

– Acceptable use

– Data handling

– Duty to report (see it, say it)

– Expectation of privacy

– eDiscovery personnel-specific training

• Disciplinary action for non-compliance


Addressing the threat – Policies and Process

• eDiscovery policies

– Data preservation and collection

• Common understanding of Legal Hold

– Gatekeepers

– Track data

• Physical Data Management

– Secure premises (even within premises)

– Encrypt all devices

– Secure file transfers (no email)

– Safe destruction


Addressing the threat – Policies and Process

• Logical data management

– Encrypt in transit

– Secured on network: secured within

– Air gap systems

– Moving data

• Jurisdiction

• Legislative compliance

– Give consideration to:

• Cloud service providers

• Vet for cybersecurity

• Industry certification and classification

• Cyber insurance


Addressing the threat – things to think about

• Who do we tell?

• Who has access to it?

• Where is the data stored?

• Who is collecting the data?

• Where does this data reside while it is being processed?

• Who are the people authorised to receive and work with the data?

• How should we transport the data to third parties? Is it encrypted?

• Who in the organisation is accountable for monitoring and

overseeing the process?


Summary - Security

Create a good security posture

– Know where your data is

– Manage accounts

– Control access

– Control methods of exfiltration

– Monitor for inappropriately stored data

– Educate your users

– Make sure people know who to talk to

when they see a problem


Summary- eDiscovery

Secure your data collections

– Ensure timely collection

– Collect once

– Encrypt in transit

– Air gap systems if data is in clear

– Implement access controls on collected

data

– Monitor activity

– Regularly review and update controls as

needed


Closing thoughts


Q&A

insider threats: protecting data during ediscovery (nuix webinar)

Data & Analytics