Securing Your Digital Files from Legal Threats
Post on 13-Feb-2017
43 Views
Preview:
Transcript
Cybersecurity Roadshow
Securing Your Digital Files from Cyber Threats
2
Rebecca SattinChief Information Officer
World Software Corporation
Securing Your Digital Files from Cyber Threats
Joseph MarquettePresident
Accellis Technology Group
John RothDocument Management
Consultant Accellis Technology Group
Presenters
3
Topics• Cybersecurity in the Legal Industry: Trends• Cybersecurity as understood by Defense in Depth• Best Practices for Securing your Digital Files (but don’t
forget paper)• Conclusion
Securing Your Digital Files from Cyber Threats
4
Cybersecurity in the Legal Industry: Trends
5
FBI Warnings to Law Firms
Securing Your Digital Files from Cyber Threats
6
FBI Warnings to Law Firms
Securing Your Digital Files from Cyber Threats
7
• Law firms have access to a vast amount of valuable information (data gold) and don’t realize it• Financial• Digital ecosystem• Information
Why does security matter to law firms?
Securing Your Digital Files from Cyber Threats
8
Inheriting Regulatory Concerns
HIPAA SOX
PCI GLBA
FINRA
Securing Your Digital Files from Cyber Threats
9
ABA Model RulesRule 1.1 – CompetenceTo maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing Legal education requirements to which the lawyer is subject.
Securing Your Digital Files from Cyber Threats
10
ABA Model RulesRule 1.6 – Confidentiality of InformationThe unauthorized access to, or the inadvertent or unauthorized disclosure of, confidential information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).
Securing Your Digital Files from Cyber Threats
11
ABA Cybersecurity Resolution 109
“RESOLVED, That the American Bar Association encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations and is tailored to the nature and scope of the organization and the data and systems to be protected.”
Securing Your Digital Files from Cyber Threats
12
Why isn’t everyone doing it?
SECURITY
CONVENIENCE
Securing Your Digital Files from Cyber Threats
13
Cyber-InsuranceRisk Assessment• What sensitive information do you have?• How sensitive is it?• Information Governance: is it organized logically?• How is it collected, protected, used, shared, destroyed?Exposure• Danger of public relations issues?• Are you or your client a target?• Danger of operational disruption?Can you prove it?
Securing Your Digital Files from Cyber Threats
14
Defense in Depth
15
Benefits of a Cybersecurity Plan
Understand your threat profile Ability to implement the tools, policies,
procedures and technology needed to protect your firm
Improves visibility of risks across the firm Preparedness for breach response Prevent loss of reputation and lower
recovery costs
Securing Your Digital Files from Cyber Threats
16
Cybersecurity as Understood
by Defense in Depth• Data• Application security• Infrastructure security• Training, Policies & Procedures• Validation & Testing
Securing Your Digital Files from Cyber Threats
17
Know Your Data (Information Governance) • Recognize what confidential /private data you maintain
• Social Security Numbers• Personally Identifiable Information (PII)• Protected Health Information (PHI)• Intellectual Property
• Where does it reside in space and time?• Is it organized in such a way that it can be easily secured?• Law firms are not exempt from litigation holds
Securing Your Digital Files from Cyber Threats
18
Application Security• Least privilege• Individual accounts• Login protocols• Pass through authorizations
Securing Your Digital Files from Cyber Threats
19
Harden Your Defense (Infrastructure Security)1) Complex passwords2) Spam filters3) Encryption4) Multifactor authentication5) Off-site backups (more for
disaster recovery)6) Remote Access Policy7) Patching servers and
workstation
8) Firewalls9) Virtual Private Network (VPN)10) Group Policy11) WSUS12) Network Access Control (NAC)13) Vulnerability scanning 14) Mobile device management15) Security Information & Event
Management (SIEM)
Securing Your Digital Files from Cyber Threats
20
Training, Policies & Procedures
• Training - Ensure employees understand the rules and why they are important; security awareness will benefit them at work and at home• Usage, access and system
management policies
Securing Your Digital Files from Cyber Threats
21
Program Validation & Breach Planning• Usage, access and system
management policies• End-user training• Physical security • Breach planning
Securing Your Digital Files from Cyber Threats
22
Best PracticesFor Securing Your Digital Files
23
Use a Document Management System• Control where data lives• Central management of IP and PII• Enforceable firm standards• Audits and reporting• Compliance
Securing Your Digital Files from Cyber Threats
24
Internal DMS Configurations• Create user groups• Restrict access to cabinets• Document retention and archive
policies• File security templates (based on AoP)• Ethical walls• Audit trail• Security groups• Profiling• Numbering and naming schemes• Delete security
• Export security• UNC mapping• Dedicated administrators• Password protect the system• Encryption• AD Integration• Folder and drive level security• Third-party integration• Updates• User management
Securing Your Digital Files from Cyber Threats
25
What about paper?• Scanning to DMS from MFD• Scanning to DMS from personal
device• Sony Digital Paper
Securing Your Digital Files from Cyber Threats
26
Mobility• Unified Remote Access Policy, firm owned devices• Peripheral devices – servers, laptops, mobile devices• Remote Access
• Web Mobile• Enterprise• RDP • Terminal Server • Citrix• iOS App
• Physical documents and Sony Digital Paper• Encryption in transit
Securing Your Digital Files from Cyber Threats
27
Training & Education• Password protect documents• Check-in / check-out• Annual Refresh training• Onboarding procedure for new hires• Remote Policies• Email important files
Securing Your Digital Files from Cyber Threats
28
Preventing Data Loss• Examine applications for leakage potential• Risk assessment on each to determine potential
exposure• Application analysis for leakage potential• Procedural analysis for leakage potential• Ongoing risk assessment• Shadow IT
Securing Your Digital Files from Cyber Threats
29
Conclusion
30
Recognize that your DMS is where the vast majority of sensitive information can be accessed.
Create a cyber militia Have a plan, any plan – just have one! Remember that security is almost always in
direct opposition to convenience.
Securing Your Digital Files from Cyber Threats
31
Additional Resources• “Ouch!” SANS Security Awareness Newsletter (sans.org)• Verizon Data Breach Investigations Report
(verizonenterprise.com)• Accellis Cybersecurity Policy Handbook (accellis.com)• Worldox to Debut Enhanced Encryption Feature
(buyerslab.com)• ABA Cybersecurity Handbook (americanbar.org)• World Software Corporation (Worldox.com)• Accellis Technology Group (accellis.com)
Securing Your Digital Files from Cyber Threats
32
Questions?Slides available @ http://bit.ly/1FIJZ3X
Rebecca SattinChief Information Officer
World Software Corporation
rsattin@worldox.com
Joseph MarquettePresident
Accellis Technology Group, Inc.
jmarquette@accellis.com
John RothDocument Management
Consultant Accellis Technology Group, Inc.
jroth@accellis.com
top related