Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Law Firm & Legal Department Security & Practice In The Real World

172 views

Published on

This session was presented at ACREL and covered the industry trends and real world challenges that are being addressed around Security today. How can we improve security? Are passwords going away? What is better than passwords? What can I do to be more secure today? How can we securely share information? These questions and more were addressed in this presentation and the follow up workshops/breakouts.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Law Firm & Legal Department Security & Practice In The Real World

  1. 1. LAW FIRM SECURITY & PRACTICE IN THE REAL WORLD Presented By: Richard Harbridge (@RHarbridge) #ACREL
  2. 2. @RHarbridge #SPSNH RICHARD HARBRIDGE My twitter is @RHarbridge, I’m super friendly & I am proud to work at 2toLead. CTO & MVP | SPEAKER & AUTHOR
  3. 3. Life is full of risks, but you can’t always prevent them. Many believe even it does happen, it won’t happen to us, or it certainly won’t be because of me. IT WON’T HAPPEN TO ME…
  4. 4. Sometimes it is our fault directly, but it’s always our fault if we don’t take action to protect ourselves and our ogs. Source of breach data – breachlevelindex.com HOW DO DATA LEAKS HAPPEN? MALICIOUS INSIDER ACCIDENTAL DATA EXPOSURE MALICIOUS OUTSIDER 59% 23% 14%
  5. 5. Employees believe that their passwords are secure. They know they should rotate them and make them complex, but that’s it right? PASSWORDS ARE SECURE?
  6. 6. But passwords suck, management and leaks cost us tons of money and it’s the biggest gap still in security. NO ONE LIKES PASSWORDS… #1 COST 686K $12M+
  7. 7. The problem with 2 Factor Authentication is that users find it adds effort/friction to the login or authentication process. Sure it’s better, but it has a cost. 2 FACTOR AUTH TO THE RESCUE?
  8. 8. You can create your own model where 2 factor auth or advanced security is only needed when not at the Office, on unmanaged devices, etc. CONDITIONAL ACCESS HELPS…
  9. 9. We can use techniques that reduce our reliance on the password and use more secure multi-factor (or 2 factor+) authentication. IT IS GETTING BETTER… 37M 200+ Passwordless authentication User-friendly experience Enterprise grade security
  10. 10. © 2017 Microsoft Terms of Use Privacy & Cookies Cancel Need Help? Making sure it’s you janetsmith@contoso.com Follow the instructions on the Microsoft Authenticator app and enter the number you see below. 4026 Contoso janetsmith@contoso.com More options for the second factor of authentication that are both more secure and faster/easier such as using your fingerprint to access with a simple motion. EVEN MORE SEAMLESS… Phone sign-in using Microsoft Authenticator Passwordless authentication Public / Private key exchange
  11. 11. The reality is that users are continually at risk. With more advanced scams and so many external threats we have to pro-actively manage risks. THE REALITY IS THAT USERS ARE AT RISK…
  12. 12. It’s not our job to worry about security. The organization has to manage and handle security. I just need to get my work done. IT’S THE ORGANIZATION’S RESPONSIBILITY…
  13. 13. devices datausers apps On-premises / Private cloud In the past, the firewall was the security perimeter. EXCEPT THE WORLD HAS CHANGED…
  14. 14. On-premises Now there’s fewer boundaries, more data, more complexity. THE WORLD HAS CHANGED…
  15. 15. We need to get our work done faster, from wherever we are, and with more people than we ever had to before. IT security will just have to catch up. IT’S OKAY TO SOMETIMES GO AROUND THE SYSTEM…
  16. 16. There are plenty of ways to make external sharing easier from Outlook, Extranets, professional personal file sharing services like OneDrive for Business and more. WE NEED TO GIVE PEOPLE BETTER OPTIONS…
  17. 17. We can protect against many threats, even when they are not initially detected. PROTECT BEHIND THE SCENES…
  18. 18. Data is created, imported, & modified across various locations Data is detected Across devices, cloud services, on-prem environments Sensitive data is classified & labeled Based on sensitivity; used for either protection policies or retention policies Data is protected based on policy Protection may in the form of encryption, permissions, visual markings, retention, deletion, or a DLP action such as blocking sharing Data travels across various locations, shared Protection is persistent, travels with the data Data is monitored Reporting on data sharing, usage, potential abuse; take action & remediate Retain, expire, delete data Via data governance policies The lifecycle of sensitive content now needs to account for data leaving the org boundaries and being protected in a more intelligent way. SO WE NEED TO PROTECT THE CONTENT NOT JUST THE SYSTEM…
  19. 19. This is very achievable with today’s technology while still enabling users. It just means we have to be modern and leverage the power of the Cloud. SO WE NEED TO PROTECT THE CONTENT NOT JUST THE SYSTEM… Drive encryption Remote wipe Business data separation File encryption Permissions and rights-based restrictions DLP actions to prevent sharing Policy tips & notifications for end-users Visual markings in documents Control and protect data in cloud apps with granular policies and anomaly detection Data retention, expiration, deletion Devices Cloud & on-premises
  20. 20. Get started by enabling great modern Extranet solutions, great file sharing like OneDrive for Business, & pro-active actionable protection via identity protection. YOU CAN GET STARTED TODAY…
  21. 21. Thank You! Acrel’steamformakingthispossible. 180+AwesomePresentationsAt.. Slideshare.Net/RHarbridge 300+PagesOfWhitepapersAt.. 2toLead.com/Whitepapers WhenToUseWhat.com Office365Intranets.com Office365Metrics.com Office365Campaigns.com Office365Extranets.com Office365Resources.com Message Me On LinkedIn or Email Richard@2toLead.com CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY Twitter: @RHarbridge. More to come on our blog at http://2toLead.com.

×