protecting data in the age of cybercrime and data breach
TRANSCRIPT
Protecting Data in the Age of Cybercrime and Data Breach Practical Guidance for Securing ‘Data in Motion’
March 8, 2017
Sr. Marketing Dr. Logikcull.com
Head of Customer SuccessLogikcull.com
Senior Corporate Counsel Salesforce.com
Aseem Gupta Robert Hilson Colin Szesze
Agenda The cybercrime and breach landscape
Ethical and professional duties related to data breach
Why the “old” EDRM-driven eDiscovery process creates risk
Steps you can take to secure client/company data
Why law firms are especially vulnerable to breach
>>> The Cybercrime and Data Breach Landscape
And the statistics are alarming…
Data breaches are commonplace
6 BillionRecords breached
since 2013
Source: Breach Level Index
46Records lost or stolen
every second
4%Of breached records are encrypted
Source: Breach Level Index Source: Breach Level Index
A timeline to the worst. year. ever
Feb. March
2016: The Year of the (Legal) Data Breach
Oleras Alert
Elite Law Firms
Breached
April
Panama Papers
May
First known malpractice
suit
July
DNC Emails Leaked
December
Chinese Hackers Indicted
In fact, they’re among the most vulnerable targets
Law firms are not immune!
From the perspective of hackers, exactly because lawyers handle such valuable and sensitive information belonging to clients, law firms become a one-stop shop.
“
”Eli Wald
Legal Ethics Professor(and former BigLaw attorney)
Source: Logikcull.com
At least a quarter of all firms have been breached
The facts don’t lie.
1 in 4Law firms have
been hacked
Source: ACC
80% Of 100 biggest firms
have been breached
Source: Mandiant/BloombergSource: 2016 IBM Cost of a Date Breach Study
$3.79MThe average cost
of breach
90%Of breaches are
preventable
3 in 4Firms have not assessed cost
or risk
Source: Marsh Survey Source: ILTA 2016 Tech Survey
90%Of breaches are
preventable
>>> The professional duties to secure data
Model Rules
ABA Model Rule 1.6(c): Must make “reasonable efforts” to prevent unauthorized disclosures
ABA Model Rule 1.1: Duty of competence, which includes keeping abreast of ‘benefits and risks associated with relevant technology’
ABA Model Rule 5.3: Duty of Supervision… Attorneys are responsible for conduct of non-lawyer assistance
Other Applicable Rules
State rules: e.g. CAL. BUS. & PROF. CODE § 6068(e)(1) - must preserve client secrets at ‘every peril to himself or herself’
Industry-specific: New York City Cyber-Security Proposal23 NYCRR 500 - Lawyers who advise financial institutions must match their cybersecurity standards
>>> “The EDRM - Great for vendors and hackers!”
“Data is most at risk when it’s on the move.” - FCC Cyber Security Planning Guide
How current discovery works
1-3 days 1-2 days 1-5 days
Client Send data Law firm CDs DVDs Thumb drives FTP Email attachments
Sends data
Internal Tech
External Tech
Gather instructions Process data OCR images Fix exceptions Charge by the hour Make multiple copies of data
Loads data Review Platform
Ships data Requesting Party
Keyword search Linear review Manual prove review Exception review Final QC review Slow & inefficient
CDs DVDs Thumb drives FTP Email attachments
Confirm receipt Copies data loads for review Looks for errors
1-5 days
>>> Steps you can take to secure data
Transforming the EDRMData stays in 1 secure place in a closed-loop system
Mins/hours Hours/days
Client Law firm
Requesting party
Uploads Data
Reviews Data
Downloads Data Securely shares data w/ShareSafe
https:// https://
https://https://
Secure Discovery
Hub
Takeaway: Limit the use of physical media
40%Of breaches
involve physical media
Source: InfoSecurity Magazine
>25%Of the largest data breaches resulted
from poor security or lost or stolen media
<2%
Multiple Sources
Amount of annual budget law firms spend on security
Source: Bloomberg BNA
Takeaway: Encrypt all data at all times
40% <2%Amount of annual budget law firms spend on security
Data in motion Data at rest
Takeaway: Apply strict access controls
<2%Amount of annual budget law firms spend on security
2 Factor Authentication | Permissions-Based Users | Strong Passwords | Access Auditing | Silo Data
Now let’s play…40%
<2%Amount of annual budget law firms spend on security
Stump Colin and Aseem!
