4 Common Data Security Pitfalls
(and How to Avoid Them)
Data security breaches are the stuff of not just nightmares, but also front page headlines – and that’s a whole lot of grief and bad publicity that you could do without.
Nowhere is this more true than in the legal sector, where confidentiality and the ability to effectively manage sensitive client information is vital to building trust – which is the lifeblood of business relationships.
In short, your levels of client service are dictated by your levels of data security.
If you don’t work on building super-strong foundational security protocols and procedures, your entire business framework can come crashing down around you.
This is true whether you’re part of a dedicated legal firm or in-house counsel for a business in another sector.
Unfortunately, many legal teams that suffer at the hands of a data breach often do so due to a number of common pitfalls.
We’ve compiled those pitfalls in this handy checklist, with additional details on what you can do to avoid them.
So read on if you want to fortify your data security practices and keep your business out of danger (and out of the headlines).
1. Thinking it won’t happen to you
It sounds obvious, but unfortunately, this is still one of the most common causes of critical data security breaches in eDiscovery projects.
Many legal teams neglect or overlook aspects of data security, thinking that cyberattacks are only a risk for large corporations, or firms working with financial institutions.
This is a dangerous assumption to make. And not only that, the truth is often a complete inversion of it.
Smaller legal teams are actually prime targets for hackers as they tend to be perceived as easier targets than larger companies, who are more likely to have robust data security protocols as standard.
The lesson here is: no one can afford to be more negligent than their peers. Cybercriminals target legal teams of all shapes, sizes and sectors.
If you think it can’t happen to you, it’s more likely that it will.
2. Not conducting due diligence on eDiscovery vendors
Whether you’re enlisting a third-party specialist for a managed document review or investing in new eDiscovery technology, always assess the security credentials of the vendor before committing to a purchase.
Once you’re in talks with a sales or new business contact about potentially investing in their product or service, we recommend submitting them a pre-written questionnaire.
This can include vital questions about their safety standards, internal processes, regulatory controls etc. – you can even go one step further, and ask them to provide sufficient evidence that these policies and procedures are operating as stated.
Developing such a questionnaire gives you a detailed and automated approach to screening tech or service partners, allowing you to assess their calibre of data security on a deeper level.
Also, look for vendors with key security accreditations, such as an ISO certification or SOC-2 Type II.
3. Only thinking about the security of YOUR environment
Lawyers working on litigation cases have a legal duty to protect the confidentiality of their clients, and the information surrounding their case.
But this isn’t just limited to your own working environment – your client’s data could be targeted via your opposing counsel’s database too!
When incidents like this do occur, there are serious ramifications for both parties involved, regardless of which one was subject to the actual breach.
This is because it is the collective responsibility of all parties involved to ensure that all client data is kept safe.
If you want to protect client data from all sides, the best thing you can do is ensure the topic of data security is discussed by yourself and the opposing party as early on in the process as possible – whether that’s in an introductory email, or at the meet and confer.
4. Storing data in too many places
While there are countless advantages to digitally-enabled communications, the more remote, decentralised and fragmented these communications are, the greater risk they can carry for businesses and legal teams.
A lack of protocol with regards to version control and the storage of files and documents can unwittingly leave you more open to the likelihood of a breach, by providing cybercriminals with several potential avenues of attack.
In the case of document review for example, if you have multiple paralegals and associates downloading, resending and printing documents independently, you can quickly lose track of who has access to these documents, and which version is the original.
Consolidating and centralising data is key to keeping it as secure as possible.
Once upon a time this meant keeping it on servers on site. Now though, cloud technology is a far superior option.
Cloud-based eDiscovery platforms like RelativityOne use smart end-to-end encryption, which keeps data highly secure and ensures that only the right pairs of eyes are able to see certain documents. Plus, they also eliminate the need to create numerous copies.