More Secure eDiscovery Process:
For those in the eDiscovery field, protecting companies’ sensitive data is ever increasing in importance. Each year the odds that a company will experience a data breach grows. There are several ways to enhance safety protocols to ensure data is better protected.
Only Send Documents Through Encrypted Means – When transmitting discovery documents outside of an eDiscovery platform, always use an encrypted delivery method. Email is not necessarily very secure. Using a secure file transfer solution such as a SFTP to transfer data is highly recommended.
Consider Multi-Factor Authentication – Another option for additional security is using a multi-factor authentication (MFA). When logging into a site or eDiscovery platform, it would be required to use the login name and password then a second method to confirm your identify. This can come in the form of a code that is sent to the user’s email. Some programs also use authenticator apps like Microsoft Authenticator.
Limit Access to a Need-to-Know Basis – Another security shortcoming is when a company will make discovery data in an eDiscovery database available to everyone in the company. If a platform holds especially sensitive records, it is simple to limit access and only give permissions to only the employees that need access.
Review Export Settings – In addition to viewing and accessing sensitive data, another permission that helps is restricting export settings. eDiscovery platforms give users the option to export or download data for use outside of the database. Restricting these settings ensures sensitive data isn’t being downloaded and shared externally.
Password Protection – As with any password, never share it. It is tempting to share passwords for easier access, but this should not be done. Not only does sharing a password increase the chance of sensitive information ending up in the incorrect hands, it also makes the original account holder vulnerable to having their other accounts compromised.
In any situation, early conversations about security expectations are key. Discussions within the company and with outside service providers are the first step to a more secure eDiscovery process.
For more Tidbits & Thoughts, please click here.