Engaging in the eDiscovery process entails collecting and managing vast amounts of information and data - data with sensitive and high value information. Insiders can pose a significant risk of compromising your data, which can damage your company’s interests and reputation, resulting in significant financial losses.
In this presentation our experts address the vulnerabilities that you face during the eDiscovery process, the specific types of threats that insiders can present, and practical advice to prevent and address potential insider threats.
You will learn:
- The vulnerabilities in data and information management during eDiscovery
- The risks of intentional or accidental compromise posed by insiders
- Practical tips for detecting and deterring potential insider threats
Who would benefit most this presentation?
C-suite level executives; in-house and outside counsel; any practitioners and litigation support professionals dealing with information governance and eDiscovery issues.
Webinar recording can be viewed here: https://www.nuix.com/videos/insider-threats-protecting-data-during-ediscovery-emea
2. September 15, 2016 COPYRIGHT NUIX 2016 2
Countering insider threats in eDiscovery
3. September 15, 2016 COPYRIGHT NUIX 2016 3
Today’s Panel
Mark Burgess
Director eDiscovery,
Yerra Solutions
James Billingsley
Principle Solutions
Consultant, Cyber Security
& Investigations, Nuix
Angela Bunting
Vice President, eDiscovery
Nuix
4. September 15, 2016 COPYRIGHT NUIX 2016 4
Converging interests
• Technology advancing at an
alarming rate
• Google-fast societal expectations
• Enormous amounts of data
• Things getting lost, damaged,
stolen
• IT is focused on systems, Legal is
focused on the law … but they
both are bound by the data
15. September 15, 2016 COPYRIGHT NUIX 2016 15
Addressing the threat - People
• Vet your personnel
– Employees
– Vendors, contractors and business partners
– Confidentiality agreements/policies/monitoring/control
• Reassess when necessary
– At fixed intervals (e.g. annually)
– Change in status
• When an employee’s role changes (promotion, transfer)
– If employee displays signs of distress or disgruntled behaviour
16. September 15, 2016 COPYRIGHT NUIX 2016 16
Addressing the threat - People
• Educate employees and affiliates on the risks
– Contractual provisions
– At onboarding
– Refresher days
• Training to include:
– Acceptable use
– Data handling
– Duty to report (see it, say it)
– Expectation of privacy
– eDiscovery personnel-specific training
• Disciplinary action for non-compliance
17. September 15, 2016 COPYRIGHT NUIX 2016 17
Addressing the threat – Policies and Process
• eDiscovery policies
– Data preservation and collection
• Common understanding of Legal Hold
– Gatekeepers
– Track data
• Physical Data Management
– Secure premises (even within premises)
– Encrypt all devices
– Secure file transfers (no email)
– Safe destruction
18. September 15, 2016 COPYRIGHT NUIX 2016 18
Addressing the threat – Policies and Process
• Logical data management
– Encrypt in transit
– Secured on network: secured within
– Air gap systems
– Moving data
• Jurisdiction
• Legislative compliance
– Give consideration to:
• Cloud service providers
• Vet for cybersecurity
• Industry certification and classification
• Cyber insurance
19. September 15, 2016 COPYRIGHT NUIX 2016 19
Addressing the threat – things to think about
• Who do we tell?
• Who has access to it?
• Where is the data stored?
• Who is collecting the data?
• Where does this data reside while it is being processed?
• Who are the people authorised to receive and work with the data?
• How should we transport the data to third parties? Is it encrypted?
• Who in the organisation is accountable for monitoring and
overseeing the process?
20. September 15, 2016 COPYRIGHT NUIX 2016 20
Summary - Security
Create a good security posture
– Know where your data is
– Manage accounts
– Control access
– Control methods of exfiltration
– Monitor for inappropriately stored data
– Educate your users
– Make sure people know who to talk to
when they see a problem
21. September 15, 2016 COPYRIGHT NUIX 2016 21
Summary- eDiscovery
Secure your data collections
– Ensure timely collection
– Collect once
– Encrypt in transit
– Air gap systems if data is in clear
– Implement access controls on collected
data
– Monitor activity
– Regularly review and update controls as
needed