SlideShare a Scribd company logo

Securing Your Digital Files from Legal Threats

Download as PPTX, PDF
A
Abbie Hosta

Get ready to learn some immensely powerful tips and management approaches designed to safeguard your digital files firm from today’s growing cyber threats. Dive into Worldox technology and how it helps clients ensure compliance with ABA rules and protect your documents. We’ll offer practical guidance and strategies for Worldox users, law firm administrators, and IT managers looking to secure their documents and protect their sensitive client, business and employee information.

Technology
1 of 32
Cybersecurity Roadshow SecuringYour Digital Files from CyberThreats
Rebecca Sattin Chief Information Officer World Software Corporation SecuringYour Digital Files from CyberThreats Joseph Marquette President AccellisTechnology Group John Roth Document Management Consultant AccellisTechnology Group 2 Presenters
Topics • Cybersecurity in the Legal Industry:Trends • Cybersecurity as understood by Defense in Depth • Best Practices for Securing your Digital Files (but don’t forget paper) • Conclusion 3SecuringYour Digital Files from CyberThreats
Cybersecurity in the Legal Industry: Trends 4
FBI Warnings to Law Firms 5SecuringYour Digital Files from CyberThreats
FBI Warnings to Law Firms 6SecuringYour Digital Files from CyberThreats
• Law firms have access to a vast amount of valuable information (data gold) and don’t realize it • Financial • Digital ecosystem • Information Why does security matter to law firms? 7SecuringYour Digital Files from CyberThreats
Inheriting Regulatory Concerns HIPAA SOX PCI GLBA FINRA 8SecuringYour Digital Files from CyberThreats
ABA Model Rules Rule 1.1 – Competence To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing Legal education requirements to which the lawyer is subject. 9SecuringYour Digital Files from CyberThreats
ABA Model Rules Rule 1.6 – Confidentiality of Information The unauthorized access to, or the inadvertent or unauthorized disclosure of, confidential information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). 10SecuringYour Digital Files from CyberThreats
ABA Cybersecurity Resolution 109 “RESOLVED, That the American Bar Association encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations and is tailored to the nature and scope of the organization and the data and systems to be protected.” 11SecuringYour Digital Files from CyberThreats
Why isn’t everyone doing it? SECURITY CONVENIENCE 12Securing Your Digital Files from Cyber Threats
Cyber-Insurance Risk Assessment • What sensitive information do you have? • How sensitive is it? • Information Governance: is it organized logically? • How is it collected, protected, used, shared, destroyed? Exposure • Danger of public relations issues? • Are you or your client a target? • Danger of operational disruption? Can you prove it? 13SecuringYour Digital Files from CyberThreats
Defense in Depth 14
Benefits of a Cybersecurity Plan  Understand your threat profile  Ability to implement the tools, policies, procedures and technology needed to protect your firm  Improves visibility of risks across the firm  Preparedness for breach response  Prevent loss of reputation and lower recovery costs 15SecuringYour Digital Files from CyberThreats
Cybersecurity as Understood by Defense in Depth • Data • Application security • Infrastructure security • Training, Policies & Procedures • Validation &Testing 16SecuringYour Digital Files from CyberThreats
Know Your Data (Information Governance) • Recognize what confidential /private data you maintain • Social Security Numbers • Personally Identifiable Information (PII) • Protected Health Information (PHI) • Intellectual Property • Where does it reside in space and time? • Is it organized in such a way that it can be easily secured? • Law firms are not exempt from litigation holds 17SecuringYour Digital Files from CyberThreats
Application Security • Least privilege • Individual accounts • Login protocols • Pass through authorizations 18SecuringYour Digital Files from CyberThreats
Harden Your Defense (Infrastructure Security) 1) Complex passwords 2) Spam filters 3) Encryption 4) Multifactor authentication 5) Off-site backups (more for disaster recovery) 6) Remote Access Policy 7) Patching servers and workstation 8) Firewalls 9) Virtual Private Network (VPN) 10) Group Policy 11) WSUS 12) Network Access Control (NAC) 13) Vulnerability scanning 14) Mobile device management 15) Security Information & Event Management (SIEM) 19SecuringYour Digital Files from CyberThreats
Training, Policies & Procedures • Training - Ensure employees understand the rules and why they are important; security awareness will benefit them at work and at home • Usage, access and system management policies 20SecuringYour Digital Files from CyberThreats
Program Validation & Breach Planning • Usage, access and system management policies • End-user training • Physical security • Breach planning 21SecuringYour Digital Files from CyberThreats
Best Practices For SecuringYour Digital Files 22
Use a Document Management System • Control where data lives • Central management of IP and PII • Enforceable firm standards • Audits and reporting • Compliance 23SecuringYour Digital Files from CyberThreats
Internal DMS Configurations • Create user groups • Restrict access to cabinets • Document retention and archive policies • File security templates (based on AoP) • Ethical walls • Audit trail • Security groups • Profiling • Numbering and naming schemes • Delete security • Export security • UNC mapping • Dedicated administrators • Password protect the system • Encryption • AD Integration • Folder and drive level security • Third-party integration • Updates • User management 24SecuringYour Digital Files from CyberThreats
What about paper? 25 • Scanning to DMS from MFD • Scanning to DMS from personal device • Sony Digital Paper SecuringYour Digital Files from CyberThreats
Mobility • Unified Remote Access Policy, firm owned devices • Peripheral devices – servers, laptops, mobile devices • Remote Access • Web Mobile • Enterprise • RDP • Terminal Server • Citrix • iOS App • Physical documents and Sony Digital Paper • Encryption in transit 26SecuringYour Digital Files from CyberThreats
Training & Education • Password protect documents • Check-in / check-out • Annual Refresh training • Onboarding procedure for new hires • Remote Policies • Email important files 27SecuringYour Digital Files from CyberThreats
Preventing Data Loss • Examine applications for leakage potential • Risk assessment on each to determine potential exposure • Application analysis for leakage potential • Procedural analysis for leakage potential • Ongoing risk assessment • Shadow IT 28SecuringYour Digital Files from CyberThreats
Conclusion 29
 Recognize that your DMS is where the vast majority of sensitive information can be accessed.  Create a cyber militia  Have a plan, any plan – just have one!  Remember that security is almost always in direct opposition to convenience. 30SecuringYour Digital Files from CyberThreats
Additional Resources • “Ouch!” SANS Security Awareness Newsletter (sans.org) • Verizon Data Breach Investigations Report (verizonenterprise.com) • Accellis Cybersecurity Policy Handbook (accellis.com) • Worldox to Debut Enhanced Encryption Feature (buyerslab.com) • ABA Cybersecurity Handbook (americanbar.org) • World Software Corporation (Worldox.com) • AccellisTechnology Group (accellis.com) 31SecuringYour Digital Files from CyberThreats
Questions? 32 Slides available @ http://bit.ly/1FIJZ3X Rebecca Sattin Chief Information Officer World Software Corporation rsattin@worldox.com Joseph Marquette President AccellisTechnology Group, Inc. jmarquette@accellis.com John Roth Document Management Consultant AccellisTechnology Group, Inc. jroth@accellis.com

Recommended

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
Data security
Data securityData security
Data securitySoumen Mondal
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputationNikec Solutions
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 

Recommended

Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
Data security
Data securityData security
Data securitySoumen Mondal
 
3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputation3 ways to secure your law firm’s information and reputation
3 ways to secure your law firm’s information and reputationNikec Solutions
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Securitydocomusa
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and driversFreeform Dynamics
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security OverviewSupriyaGaikwad28
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 

More Related Content

What's hot

Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Securitydocomusa
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and MoreCommunity IT Innovators
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and driversFreeform Dynamics
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security OverviewSupriyaGaikwad28
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 

What's hot (20)

Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Security
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
 
Information Security Overview
Information Security OverviewInformation Security Overview
Information Security Overview
 
Information security
Information securityInformation security
Information security
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 

Similar to Securing Your Digital Files from Legal Threats

Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 

Similar to Securing Your Digital Files from Legal Threats (20)

Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Securing Your Digital Files from Legal Threats

  • 2. Rebecca Sattin Chief Information Officer World Software Corporation SecuringYour Digital Files from CyberThreats Joseph Marquette President AccellisTechnology Group John Roth Document Management Consultant AccellisTechnology Group 2 Presenters
  • 3. Topics • Cybersecurity in the Legal Industry:Trends • Cybersecurity as understood by Defense in Depth • Best Practices for Securing your Digital Files (but don’t forget paper) • Conclusion 3SecuringYour Digital Files from CyberThreats
  • 4. Cybersecurity in the Legal Industry: Trends 4
  • 5. FBI Warnings to Law Firms 5SecuringYour Digital Files from CyberThreats
  • 6. FBI Warnings to Law Firms 6SecuringYour Digital Files from CyberThreats
  • 7. • Law firms have access to a vast amount of valuable information (data gold) and don’t realize it • Financial • Digital ecosystem • Information Why does security matter to law firms? 7SecuringYour Digital Files from CyberThreats
  • 8. Inheriting Regulatory Concerns HIPAA SOX PCI GLBA FINRA 8SecuringYour Digital Files from CyberThreats
  • 9. ABA Model Rules Rule 1.1 – Competence To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing Legal education requirements to which the lawyer is subject. 9SecuringYour Digital Files from CyberThreats
  • 10. ABA Model Rules Rule 1.6 – Confidentiality of Information The unauthorized access to, or the inadvertent or unauthorized disclosure of, confidential information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). 10SecuringYour Digital Files from CyberThreats
  • 11. ABA Cybersecurity Resolution 109 “RESOLVED, That the American Bar Association encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations and is tailored to the nature and scope of the organization and the data and systems to be protected.” 11SecuringYour Digital Files from CyberThreats
  • 12. Why isn’t everyone doing it? SECURITY CONVENIENCE 12Securing Your Digital Files from Cyber Threats
  • 13. Cyber-Insurance Risk Assessment • What sensitive information do you have? • How sensitive is it? • Information Governance: is it organized logically? • How is it collected, protected, used, shared, destroyed? Exposure • Danger of public relations issues? • Are you or your client a target? • Danger of operational disruption? Can you prove it? 13SecuringYour Digital Files from CyberThreats
  • 15. Benefits of a Cybersecurity Plan  Understand your threat profile  Ability to implement the tools, policies, procedures and technology needed to protect your firm  Improves visibility of risks across the firm  Preparedness for breach response  Prevent loss of reputation and lower recovery costs 15SecuringYour Digital Files from CyberThreats
  • 16. Cybersecurity as Understood by Defense in Depth • Data • Application security • Infrastructure security • Training, Policies & Procedures • Validation &Testing 16SecuringYour Digital Files from CyberThreats
  • 17. Know Your Data (Information Governance) • Recognize what confidential /private data you maintain • Social Security Numbers • Personally Identifiable Information (PII) • Protected Health Information (PHI) • Intellectual Property • Where does it reside in space and time? • Is it organized in such a way that it can be easily secured? • Law firms are not exempt from litigation holds 17SecuringYour Digital Files from CyberThreats
  • 18. Application Security • Least privilege • Individual accounts • Login protocols • Pass through authorizations 18SecuringYour Digital Files from CyberThreats
  • 19. Harden Your Defense (Infrastructure Security) 1) Complex passwords 2) Spam filters 3) Encryption 4) Multifactor authentication 5) Off-site backups (more for disaster recovery) 6) Remote Access Policy 7) Patching servers and workstation 8) Firewalls 9) Virtual Private Network (VPN) 10) Group Policy 11) WSUS 12) Network Access Control (NAC) 13) Vulnerability scanning 14) Mobile device management 15) Security Information & Event Management (SIEM) 19SecuringYour Digital Files from CyberThreats
  • 20. Training, Policies & Procedures • Training - Ensure employees understand the rules and why they are important; security awareness will benefit them at work and at home • Usage, access and system management policies 20SecuringYour Digital Files from CyberThreats
  • 21. Program Validation & Breach Planning • Usage, access and system management policies • End-user training • Physical security • Breach planning 21SecuringYour Digital Files from CyberThreats
  • 23. Use a Document Management System • Control where data lives • Central management of IP and PII • Enforceable firm standards • Audits and reporting • Compliance 23SecuringYour Digital Files from CyberThreats
  • 24. Internal DMS Configurations • Create user groups • Restrict access to cabinets • Document retention and archive policies • File security templates (based on AoP) • Ethical walls • Audit trail • Security groups • Profiling • Numbering and naming schemes • Delete security • Export security • UNC mapping • Dedicated administrators • Password protect the system • Encryption • AD Integration • Folder and drive level security • Third-party integration • Updates • User management 24SecuringYour Digital Files from CyberThreats
  • 25. What about paper? 25 • Scanning to DMS from MFD • Scanning to DMS from personal device • Sony Digital Paper SecuringYour Digital Files from CyberThreats
  • 26. Mobility • Unified Remote Access Policy, firm owned devices • Peripheral devices – servers, laptops, mobile devices • Remote Access • Web Mobile • Enterprise • RDP • Terminal Server • Citrix • iOS App • Physical documents and Sony Digital Paper • Encryption in transit 26SecuringYour Digital Files from CyberThreats
  • 27. Training & Education • Password protect documents • Check-in / check-out • Annual Refresh training • Onboarding procedure for new hires • Remote Policies • Email important files 27SecuringYour Digital Files from CyberThreats
  • 28. Preventing Data Loss • Examine applications for leakage potential • Risk assessment on each to determine potential exposure • Application analysis for leakage potential • Procedural analysis for leakage potential • Ongoing risk assessment • Shadow IT 28SecuringYour Digital Files from CyberThreats
  • 30.  Recognize that your DMS is where the vast majority of sensitive information can be accessed.  Create a cyber militia  Have a plan, any plan – just have one!  Remember that security is almost always in direct opposition to convenience. 30SecuringYour Digital Files from CyberThreats
  • 31. Additional Resources • “Ouch!” SANS Security Awareness Newsletter (sans.org) • Verizon Data Breach Investigations Report (verizonenterprise.com) • Accellis Cybersecurity Policy Handbook (accellis.com) • Worldox to Debut Enhanced Encryption Feature (buyerslab.com) • ABA Cybersecurity Handbook (americanbar.org) • World Software Corporation (Worldox.com) • AccellisTechnology Group (accellis.com) 31SecuringYour Digital Files from CyberThreats
  • 32. Questions? 32 Slides available @ http://bit.ly/1FIJZ3X Rebecca Sattin Chief Information Officer World Software Corporation rsattin@worldox.com Joseph Marquette President AccellisTechnology Group, Inc. jmarquette@accellis.com John Roth Document Management Consultant AccellisTechnology Group, Inc. jroth@accellis.com

Editor's Notes

  1. Joe
  2. Joe
  3. Joe
  4. Rebecca
  5. Rebecca,
  6. Joe & Rebecca
  7. Rebecca: Despite the FBI warnings, the breaches and the Comments on the ABA Rules, many attorneys still didn’t take notice until their clients insisted on it. Security questions began to show up in RFPs from clients. Also, cyberinsurance policies require completion of security questionnaires.
  8. Joe: 2012 Comments added to ABA Model Rules Competence – attorneys must stay current on how to use technology required in their practice areas. (California added that this obligation can be met if an attorney competent in the technology assists.)
  9. Rebecca: 2012 Comments added to ABA Model Rules Confidentiality – (Attorney Client Privilege) – reasonable efforts to prevent access or disclosure of client data sensitivity of data extent to which privacy of communication is protected by law or confidentiality agreement It is now the ethical obligation of attorneys to stay current on the technology required for their practice and to make reasonable efforts to protect their clients data.
  10. Joe: The ABA published a much abridged version of their original draft of Resolution 109, encouraging “all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program.” While the language is not as strong as originally intended, we are all aware that client and customer security requirements are increasing daily and law firms have to maintain the same levels of security in order to keep their clients’ happy.
  11. Rebecca
  12. Rebecca: Risk Assessment should be an ongoing process that happens with each new technology being considered for adoption at a firm. The important thing that firms can do regardless of their size or budget is to ensure that processes and procedures are in place for risk assessment and information governance. There is a reason all the regulatory bodies use the word “reasonable” when describing the efforts required to maintain the security of client data. It is because reasonable efforts differ based on size and budget of a firm and by using that word, everyone should be able to comply.
  13. Joe & Rebecca
  14. Joe
  15. Rebecca
  16. Joe & Rebecca
  17. Joe & Rebecca - point out encryption (safe harbor), ethical responsibility
  18. Rebecca
  19. Joe
  20. John
  21. John, 10 Years after a matter is closed then Archive or Delete.
  22. John Law firm guests and loose papers in conference rooms. Don’t forget about video conferences, what is visible to the camera.
  23. Rebecca & John BYOD – Phones Personal Data vs Firm Data
  24. John Nobody remembers everything.
  25. Rebecca
  26. Joe and Rebecca