Beyond the Fortress Fortify Your Content Before it Travels Beyond the Firm Walls.

Slides:



Advertisements
Similar presentations
INDIANA FARM BUREAU & THUNDERHEAD: COLLABORATING FOR THE FUTURE October 18 th, 2010.
Advertisements

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
TECHNOLOGY & ETHICS Association of Corporate Counsel ©
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Outsourcing: The Ethical Issues Steven M. Richman November 2014.
Website Hardening HUIT IT Security | Sep
Social Law Library MailSafe Encrypted Service Compliance Driven, Secure Service.
Security Awareness Norfolk State University Policies.
Evolving IT Framework Standards (Compliance and IT)
Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Intangible Technology Transfer and Catch-All Controls June 18, 2003 Timothy Clinton Export Policy Analyst U.S. Department of Commerce.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
The Drivers of Audit Quality Culture within firm Skills and qualities of partners and staff Audit Quality External factors Reliability and usefulness of.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Archiving s. How to Manage Auto-Archive in Outlook Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
© Securities Commission, Malaysia 1 What the Audit Oversight Board will do ICAA-MICPA Audit Forum 3 August 2010.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Model Rules of Professional Conduct and Electronic Tools: How Ethical Rules Must Adapt to Address Current and Forthcoming Technologies By Melissa Freeman.
Balancing Transparent Access to KM with Client Security, Confidentiality, Risk and Compliance #INFO14 August 25, 2011.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
MA. EXPORT CENTER COMPLIANCE EXPORT EXPO Presented by : Paul Divecchio –DiVecchio & Associates Phone: (617) , Fax: (508)
© Intapp, Inc. 1 Cloud Strategies for Law Firms: Enabling Lawyer Productivity, Maintaining Firm Control.
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Title of Presentation Technology and the Attorney-Client Relationship: Risks and Opportunities Jay Glunt, Ogletree DeakinsJohn Unice, Covestro LLC Jennifer.
February,  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
Information Security tools for records managers Frank Rankin.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
INTRODUCTION  netCORE offers 360 degree digital communication solutions Messaging and Mobility  Pioneers in Linux based mailing solution and catering.
F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.
Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk.
MODULE 7: CONDUCT OF GOVERNANCE AUDIT GOVERNANCE AUDITOR ACCREDITATION COURSE.
Law Firm Data Security: What In-house Counsel Need to Know
CPA Gilberto Rivera, VP Compliance and Operational Risk
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Data Minimization Framework
Chapter 17 Risks, Security and Disaster Recovery
Securing the Law Firm Myth vs. Reality vs. Practicality:
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
9/14/2018 2:22 AM THR2026 Set up secure and efficient collaboration for your organization with Office 365 Joe Davies Senior Content Developer Brenda Carter.
Enabling Collaboration with IT
Securing Information for a Shared Services Infrastructure
Cybersecurity compliance for attorneys
Legal Ethics of Information Governance Presented by Sean Monahan
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
Technology Convergence
GRC - A Strategic Approach
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Conf.univ.dr. Victor-Octavian Müller.
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Microsoft Data Insights Summit
Presentation transcript:

Beyond the Fortress Fortify Your Content Before it Travels Beyond the Firm Walls

Paul Domnick, Board of Directors, Litéra Corporation Michael Fick, Consultant, Enlitened Technologies Joy Heath Rush, Vice President, Client Development (Law Firms), Litéra Corporation Our Panel

Clients demand protection of material under law firm control Lawyers have a duty to protect client data Law Firms are perceived as easy targets for bad guys Firms share sensitive information across security boundaries Framing the Issue

Law Firms as Cyber Targets Aggregate highly confidential information Most firms’ DM security is public by default Organized into client/matter folder structures Contain data from multiple organizations pertaining to one transaction/matter Perceived as less secure

ABA Model Rule Confidentiality of Information. Require lawyers to keep confidential ANY information relating to the representation of a client. ABA Model Rule 1.1 Comment 8 - Competency. To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology Ethical Responsibilities

Lawyers are communicators Lawyers access the most confidential information Lawyers work as part of a team – need to collaborate Lawyers work everywhere – sometimes in unsecured environments Lawyers are under severe client pressure Lawyers communicate with third parties creating content in motion Lawyers’ duty to protect and manage client information extends beyond the firm’s firewall Why Does the Practice of Law Create Business Situations that Could Compromise the Confidentiality of Client Information?

What are Firms Doing to Protect their Client Information and Electronic Communications? Source: A Study of the Legal Industry’s Information Security Assessment Practices, Sponsored by ILTA’s LegalSEC Team, August, 2013

General security of the firm’s IT Security of their data At rest/in motion Comingling Auditable defense Adherence to regulatory requirements Client Audits – Spotlighting Concerns “If you don’t understand what your clients expect of you, then you cannot invest in the appropriate level of protection and make informed decisions about risk.” Law Technology News – April 7, 2014

What Clients Expect Law Firms To Do

Protecting the infrastructure and the edge is critical, but what about the actual data … The General Approach Taken by the Industry – Protect The Infrastructure

How can the firm protect the future of the message beyond the initial transmission? Deal Rooms How can the firm control the file after it has been downloaded onto foreign network? Drop Box/iCloud How can the firm protect the client when content proliferates beyond the firm’s control? Mobile Devices How can the firm protect content on mobile devices, removable media and home PCs/Macs? Human Factor How can the firm protect against the busy lawyer that does not abide by firm security policies? Some Other Things to Consider When Protecting Client Data

Why Digital Rights Management (DRM) Protect what is ‘yours’ from misuse Misuse is accessing confidential information without authorization Enables proactive control over content Extends content custody beyond the perimeter Digital Rights Management – The Next Level of Threat Protection

What is the Security-Convenience Equation when Dealing with Content in Motion?

Secure File Transfer Integrated into No file size limits Available on mobile Send and receive files Full audit trail Secure Collaboration Full content control Simultaneous edits on a single document Side by side view of all changes Custody retained Full audit trail The Collaboration Landscape – One Size Does Not Fit All and Attachments Professional attachment management Reply all and BCC protection Secure File Synchronization 2-way exchange of shared folders No file size limits Granular security Full audit trail Frequency of interaction Confidentiality

Make it easy for lawyers to do the right thing.... Convenience breeds compliance Prioritize defenses based on the balance of risk involved Protect the content as well as the perimeter Booby-trap the data – Snapchat for documents Think of outbound risk as well as perimeter defense How Can Firms Begin to Fill the Gaps?

Share only what they want to share Share only with whom they want Share only when they want Share only how they want to share Imagine A World Where Lawyers...

From Michael: Despite continuous monitoring, robust defense and awareness of network activities the bad guys will get in. 1.Security is a team sport … educate users on how to play defense and support them with the right tools 2.Focus on controls to manage content and risk of data exfiltration 3.Know what is leaving the firm, protect it in motion and manage it when it lands outside the firm Three Take Aways...

From Paul 1.Habitual protection of content that is easy, mitigates risk 2.One size does not fit all 3.Building a fortress from infrastructure up is essential but not enough. You must also build from the people and the content down Three Take Aways...

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.