1 / 19

Beyond the Fortress

Beyond the Fortress. Fortify Your Content Before it Travels Beyond the Firm Walls. Our Panel. Paul Domnick, Board of Directors, Lit é ra Corporation Michael Fick, Consultant, Enlitened Technologies Joy Heath Rush, Vice President, Client Development (Law Firms), Lit é ra Corporation.

braith
Télécharger la présentation

Beyond the Fortress

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Beyond the Fortress Fortify Your Content Before it Travels Beyond the Firm Walls

  2. Our Panel • Paul Domnick, Board of Directors, Litéra Corporation • Michael Fick, Consultant, Enlitened Technologies • Joy Heath Rush, Vice President, Client Development (Law Firms), Litéra Corporation

  3. Framing the Issue

  4. Law Firms as Cyber Targets • Aggregate highly confidential information • Most firms’ DM security is public by default • Organized into client/matter folder structures • Contain data from multiple organizations pertaining to one transaction/matter • Perceived as less secure

  5. Ethical Responsibilities • ABA Model Rule 1.6 - Confidentiality of Information. Require lawyers to keep confidential ANY information relating to the representation of a client. • ABA Model Rule 1.1 Comment 8 - Competency. To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology

  6. Why Does the Practice of Law Create Business Situations that Could Compromise the Confidentiality of Client Information? • Lawyers are communicators • Lawyers access the most confidential information • Lawyers work as part of a team – need to collaborate • Lawyers work everywhere – sometimes in unsecured environments • Lawyers are under severe client pressure • Lawyers communicate with third parties creating content in motion • Lawyers’ duty to protect and manage client information extends beyond the firm’s firewall

  7. What are Firms Doing to Protect their Client Information and Electronic Communications? Source: A Study of the Legal Industry’s Information Security Assessment Practices, Sponsored by ILTA’s LegalSEC Team, August, 2013

  8. Client Audits – Spotlighting Concerns • General security of the firm’s IT • Security of their data • At rest/in motion • Comingling • Auditable defense • Adherence to regulatory requirements • “If you don’t understand what your clients expect of you, then you cannot invest in the appropriate level of protection and make informed decisions about risk.”Law Technology News – April 7, 2014

  9. What Clients Expect Law Firms To Do

  10. The General Approach Taken by the Industry – Protect The Infrastructure Protecting the infrastructure and the edge is critical, but what about the actual data …

  11. Some Other Things to Consider When Protecting Client Data • Email How can the firm protect the future of the email message beyond the initial transmission? • Deal Rooms How can the firm control the file after it has been downloaded onto foreign network? • Drop Box/iCloud How can the firm protect the client when content proliferates beyond the firm’s control? • Mobile Devices How can the firm protect content on mobile devices, removable media and home PCs/Macs? • Human Factor How can the firm protect against the busy lawyer that does not abide by firm security policies?

  12. Digital Rights Management – The Next Level of Threat Protection • Why Digital Rights Management (DRM) • Protect what is ‘yours’ from misuse • Misuse is accessing confidential information without authorization • Enables proactive control over content • Extends content custody beyond the perimeter

  13. What is the Security-Convenience Equation when Dealing with Content in Motion?

  14. The Collaboration Landscape – One Size Does Not Fit All • Secure File Transfer • Integrated into email • No file size limits • Available on mobile • Send and receive files • Full audit trail • Secure Collaboration • Full content control • Simultaneous edits on a single document • Side by side view of all changes • Custody retained • Full audit trail Confidentiality • Secure File Synchronization • 2-way exchange of shared folders • No file size limits • Granular security • Full audit trail • Email and Attachments • Professional attachment management • Reply all and BCC protection Frequency of interaction

  15. How Can Firms Begin to Fill the Gaps? • Make it easy for lawyers to do the right thing.... Convenience breeds compliance • Prioritize defenses based on the balance of risk involved • Protect the content as well as the perimeter • Booby-trap the data – Snapchat for documents • Think of outbound risk as well as perimeter defense

  16. Imagine A World Where Lawyers...

  17. Three Take Aways... From Michael: Despite continuous monitoring, robust defense and awareness of network activities the bad guys will get in. • Security is a team sport … educate users on how to play defense and support them with the right tools • Focus on controls to manage content and risk of data exfiltration • Know what is leaving the firm, protect it in motion and manage it when it lands outside the firm

  18. Three Take Aways... From Paul • Habitual protection of content that is easy, mitigates risk • One size does not fit all • Building a fortress from infrastructure up is essential but not enough. You must also build from the people and the content down

  19. Thank You!

More Related