| |

You Can’t Secure What You Don’t Know Exists

ByMike McBride Reading Time: 3 minutes
data photo
Image by Elif Ayiter/Alpha Auer/…./

If you’ve paid much attention to the eDiscovery space over the last months, you may have noticed the same trend that I have. It seems that every other article that I have seen on the topic is mentioning either Cybersecurity, or Information Governance, along with eDiscovery.

This is not a coincidence.

Data breaches have become big news, and the legal industry, rightly, is becoming very concerned with not just the possibility of being breached, but also the possibility that, as part of that breach, the client information they have been entrusted with, will also be breached. No one wants to be the firm that makes the headlines as the one that lost confidential client information. That’s not a good look.

Hand in hand with these concerns though, is another. In order to truly protect your data, you actually have to know what it is, where it is, and who has access to it. As an article in the Chronicle of eDiscovery puts it:

For many years, those of us responsible for data security were only concerned with a direct cyberattack on our own networks. But as cyberattackers get more sophisticated and better funded, we need to be conscious of our role in a far more complex information ecosystem. A good example of this is the Target breach in late 2013. As more information has come to light, we’ve learned that the cyberattackers found a weak link via Target’s HVAC contractor and used its network as the staging site for the attack. If you think about the structure of how eDiscovery work is done, it could have just as easily been a law firm or a legal services provider that provided the entry point.

Here we had a major news story that resulted from Target not keeping track of the various folks who had access, and what they had access to. (At least that’s my guess from the outside.) This is the reason IG is a big part of the security push. Simply put, as lawyers start storing confidential information in a variety of places, on a variety of devices, and sharing it with outside vendors, someone needs to be fully aware of all of the possible points of security failure.

If you don’t keep track of where confidential data and communications live, you can’t possibly keep it secure. Unfortunately, thanks to the proliferation of BYOD policies, cloud storage providers, and outsourcing, most organizations are now playing catch up. Their data is already spread across a lot of potential targets. Figuring out which ones are vulnerable and what data they contain is a challenge, but it’s step one towards increased security.

Do you know where your confidential data is and who has access to it?

Similar Posts

  • Upgrading

    ByMike McBride Reading Time: 1 minute

    Upgraded the Movable Type and PhpBB installs over on the other site last night. That should help with comment spam and the security problem with PhpBB. Both went off pretty easily. I’d highly recommend them! Follow these topics: Uncategorized

  • Please Don’t Take Chances with Stalkerware

    ByMike McBride Reading Time: 1 minute

    Let me repeat what I’ve said before. If you are in an abusive situation and your partner has had access to your phone, leave it behind. If you suspect any of your devices had these tools installed, do not take any chances with them. Yes, getting a new phone and changing all of your passwords will be a pain in the ass. It will suck to set up a new email and change the default email address for all of your online accounts.

    It still beats getting tracked down by a violent ex-partner. Do not make light of this. This is life and death stuff. Trying to remove stalker ware incorrectly might kill people. It shouldn’t be that way, but it is. Don’t take the chance.

  • How Work From Anywhere Could Help Repair a Broken Employer – Employee Relationship

    ByMike McBride Reading Time: 4 minutes

    So, I left, for a job I could do from anywhere. And, most of all, I appreciate the fact that I can do this job from anywhere, even if the pandemic has meant doing it from the same exact spot in my house for the last 15 months. Because, when the time comes, I can be where I need to be, and continue working. That matters. That shows that the company trusts me, and I want to continue to earn that trust by meeting deadlines and getting my work done.

    That kind of relationship, or culture if you will, seems to be missing from many companies based on what I’m seeing other people talk about, online and off. Yet, every company out there like top brag about their top-notch “culture”.

    Culture isn’t what you say you do, culture is what you do together. And if, together, you have no trust between employees and management, well that’s your culture, regardless of what your mission statements says.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)