Bring your Geek to Court

Bring your Geek to Court

It’s LegalTech week. That’s the annual gathering in NYC where attorneys, corporate counsels, and IT people meet to discuss ediscovery, predictive coding, and whether it’s safe to delete a file. My first morning session was a keynote panel discussion that featured five federal judges.

It was fascinating to hear these legal eagles discuss a wide range of topics including  big data and the cloud, attorneys’ reluctance to learn new technology, as well as our blog’s favorite topic, data security and privacy.

The judges stressed that because of big data’s volume, velocity, and variety (on premises servers vs. the cloud), it’s incumbent on attorneys to be fluent in the language of tech. It’s not only a good idea, but it’s now actually a part of this profession’s ethical rules:  understanding and adopting new technologies is required of lawyers within the Model Rules.

Why master legal technology? The judges argued that by leveraging technology, such as locating more relevant and rich documents, you can spend more time doing “lawyerly things” and, um, more billing.

Hon. Andrew J. Peck of the US District Court of the Southern District of New York closed the discussion by reminding all attorneys to “bring your geek to court.” In other words, let the attorneys do their lawyering, and the tech people their IT-ing.

More Challenges: Protecting the Company’s Crown Jewels

In the second morning session, I learned more about the challenges attorneys  face in protecting the company’s crown jewels – sensitive intellectual property, CRM data, customer financial data, employee health data etc.

When an average company’s network is generating 10,0001 security events per day, you can’t investigate every single alert. (Well, there are, ahem, ways to get cleaner events.)  But attorneys have an ethical conundrum – how to satisfy technical duties of competence (see ABA Model Rules of Professional Conduct, Rule 1.1) and confidentiality (see ABA, Rule 1.6)?

To add to the challenges, here are the six data trends presented to the attendees:

  1. The average year over year growth rate of corporate data is 40-60%
  2. The cost to store 1TB of data for one year: $3,212.00USD
  3. The cost to review one GB of data: $18,000
  4. The number of companies that will store over 1 Petabyte of data by 2020: 100,000
  5. The percentage of all data that will live in or pass through the cloud by 2020: 40%
  6. The average cost of a data breach: about $194 for each compromised record: $5.5M

In short: data is growing and it’s getting somewhat expensive to deal with it, legally.

And who’s the greatest threat to a company’s crown jewels? The audience took a poll: 87% agreed that it’s insiders!

actors

Source: LegalTech audience poll

Solution: Encrypt or Delete?

However the audience was conflicted on how to protect their crown jewels from a breach. 64% said that they would encrypt the data.

save-for-breach

Source: LegalTech audience poll

An audience member brought up the problems of encryption – computational overhead as well as managing the encryption keys.  Encryption has its own problems: click here to learn why it might not be the answer.

Jason Stearns, Director of Blackrocks’s Legal and Compliance Group said that you can also delete the data. He shared, “There was a study in 2014. 70% of data that organizations keep is absolutely useless…You look at all the collections and obligations to keep this stuff. Regulation said to keep it for 6 years, but no one has taken a look at it, so get rid of it. Involve the executive, set up committee, whatever your organizational structure decides.”

Attorneys who are worried about duties to their clients and spoliation, can turn to Arthur Anderson LLP vs US for guidance – if you have a valid data retention policy, you can safely delete files.

Our Perspective on Protecting your Crown Jewels?

Organizations have found User Behavior Analytics (UBA) to be extremely effective. It emphasizes security on the inside – it identifies what the user is doing as well as his/her system and file activities: logins, apps launched, when the data or file been accessed, who accessed it, what was done to the file – copy, move, delete – and how frequently it was accessed.

Industry Analyst Rob Enderle said in CIO, “I recently attended an event where I was surprised to learn that of a number of companies that had deployed a UBA solution, 75 percent indicated they had caught a breach in progress with it. Makes you wonder how many breaches aren’t being caught in firms that haven’t deployed this technology… UBA builds a profile of each employee and if it sees an employee acting strangely it sends out an alert.”

Click here to learn six ways that UBA can help improve your organization’s defense, both inside and out.

Further reading:

 

1 http://www.securityweek.com/enterprises-generate-10000-security-events-day-average-report

Get the latest security news in your inbox.