Essential Data Security for E-Discovery

Recent years have seen a rise in high-profile data breaches. Home Depot, Target, U.S. Internal Revenue Service, U.S. Office of Personnel Management, TJ Maxx…the list goes on. In these breaches, hackers made off with millions upon millions of credit card numbers, Social Security numbers, and other data that can be sold easily to identity thieves and other criminals.

Recent years have also seen a rise in the use of e-discovery in litigation. These powerful tools can comb through vast collections of electronic documents to find those that are relevant to a case. Obviously, any e-discovery system requires some type of data storage, and many law firms are choosing to use their own local data storage servers for this purpose.

These two trends—data breaches and e-discovery—are on a collision course, and if your firm’s data security structure is not up to the job, you are asking for trouble.

“But wait,” you say. “My firm’s e-discovery data doesn’t have credit card numbers or Social Security numbers that hackers covet. Why would I be a target?”

Look no further than the infamous Sony Pictures data breach. In that breach, no credit card numbers or other saleable data were exposed. Most of the data was personnel and medical records, and the apparent motive was public embarrassment of Sony Pictures employees and management.

Your e-discovery data is crucial to the success of your firm. If it were compromised in some way—exposed to opponents, the press, or other interested parties, or even corrupted so that its authenticity could be questioned—it could completely derail your case. And because law firms are notorious for under-emphasizing the care and maintenance of their IT systems, many firms are vulnerable.

Things You Can Do NOW To Protect Your Data

How can you protect your firm’s data? Here are some actions you should take now:

  • Update your systems: Make sure your computers and servers are running with the latest security updates. Applying these updates typically requires system reboots, so schedule this activity for off-hours to minimize downtime.
  • Check your anti-malware system: Anti-malware systems can protect your data from viruses, Trojans, and other malware that can give hackers a back door to your data. Make sure that you have an anti-malware system in place and that it is properly configured and up to date.
  • Enforce “least-privilege” access: The idea of “least-privilege” access is that all people with access to the system has only the access level necessary to do their jobs, and no more. Administrative access (which enables the installation of software and changing system configuration settings) should be restricted to only a small number of people who know what they’re doing. If everyone has administrative access, you are leaving yourself a gaping security hole.
  • Create and enforce data policies: Sensitive data must be controlled, and standard policies should be put in place so that everyone in the firm knows the rules. For example, USB memory fobs are bound to be lost eventually, so copying sensitive data to them is a bad idea. A better option is portable hard drives that require a password or PIN to access. Once everyone in the firm knows the rules and the importance of data security, you are on your way to building a culture of security.

With e-discovery rapidly becoming the normal way of doing business, data security for law firms is not an option. If you do not have the in-house expertise to properly maintain your data security, invest in outside help. The life and reputation of your firm may depend on it.

 

For more Tidbits & Thoughts, please click here.