We've Moved! Visit Our New Blog
Legaltech Super Session Panel Recap: Adam Isles, Ed McAndrew, Scott Carlson and Chris Dale Discussed Data Security and Risk
High-profile breaches have thrust security and risk into the spotlight. Despite this, many organizations are failing to prioritize risks and take a proactive approach to information governance, ensuring that sensitive data is identified, classified and remediated. According to the 2015 Data Breach Investigations Report, 99.9 percent of exploited vulnerabilities were compromised more than a year after they were published.
Risk was top of mind for panelists in our Super Session at Legaltech New York. “Time is Not on Your Side When it Comes to Data Security” was moderated by Chris Dale and featured Adam Isles, principal at the Chertoff Group; Ed McAndrew, partner at Ballard Spahr; and Scott Carlson, partner at Seyfarth Shaw.
There’s been a tendency to segment risk with various departments shouldering the responsibility, Scott noted. For instance, companies have grappled with the issue of whether risk is - an IT issue or business operations’ responsibility.
“It’s one thing for the CISO to understand risk, but everyone needs to understand risk,” he said. Engaging business leaders in discussions about cybersecurity and risk is a critical component in identifying key assets such as intellectual property that need to be safeguarded. “The private sector is in the crosshairs,” Ed said. “Threats are constantly evolving.”
He went on to note that data is also in numerous locations and that the aggregation and collection of data is also constantly transforming. The regulatory landscape is also more complex. When he was working as an Assistant U.S. Attorney specializing in cybercrime, Ed said, the businesses with whom he interacted ranged in terms of preparedness for a cyber incident. Too many times, they were starting from a place of crisis when it came to incident response.
Best practices for minimizing future risk and making sure your organization is better equipped to deal with a cyber incident include:
- Identify your key assets;
- Assess threat, vulnerability and consequences of compromised data;
- Implement key policies and standards;
- Conduct audits and penetration;
- Participate in incident response activities.
Adam recommended that organizations hold tabletop discussions running through various cyber threat scenarios. Such drills can help organizations address potential issues before an incident or attack occurs.
Scott also recommended determining an organization’s obligations before a breach. For instance, there is no uniform data breach notification law in the United States. Companies should become familiar themselves with what their state requires and what triggers breach notification requirements.
If an organization is breached it should resist the urge to hack back or use compromised systems to communicate. In some instances, hackers have remained in the infected system and monitored communications after a breach was detected.
By reducing the surface area of risk, organizations can significantly mitigating potential damage from breaches and improve their ability to comply with global data protection mandates.
Learn more about EnForce Risk Manager, the only automated solution to proactively identify, categorize, and remediate sensitive data on our website and sign up for the latest updates.
- Posted by: guidancesoftware101
- On: 2/12/2016
- No comments
- Categories: Adam Isles , Ballard Spahr , Chertoff Group , Chris Dale , Cybersecurity , Data Breaches , Data Risk , Data Security , Ed McAndrew , EnForce Risk Manager , Legaltech , Scott Carlson , Seyfarth Shaw
EnForce Risk Manager: Redefining Data Privacy & Compliance
Have you ever asked yourself if your organization has control over its data? Data breaches, privacy concerns, and growing e-discovery costs continue to evolve how organizations approach controlling their business data while balancing worker productivity. At the same time, the amount of data stored on electronic systems continues to grow at an exponential rate, making the task of controlling sensitive information embedded within this data more challenging.
EnForce™ Risk Manager is the only automated solution to proactively identify, categorize and remediate private or sensitive data across the enterprise. Our solution offers the deepest level of insight and control of electronic data across all endpoints, including structured and unstructured data repositories, from anywhere. This enables organizations to improve business intelligence, ensure compliance and mitigate many types of risks.
Our 360-degree visibility enabled by our expertise in forensic security, coupled with our patent-pending, next generation EnForce technology allows you to:
- Find sensitive data
- Locate where it’s stored
- Classify and quantify data assets
- Take action based on your business goals
Key benefits of EnForce Risk Manager include:
- Protect Sensitive Data – Organizations can identify and safeguard valuable corporate assets – intellectual property, proprietary client lists, trade secrets, confidential information and sensitive customer information – from data breaches, rogue employees, lost devices and human error.
- Ensure Compliance and Mitigate Risks – Better equip organizations to comply with external data privacy regulations and polices such as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard) as well as internal policies.
- Optimize Storage – By systematically deleting data that is old, no longer needed or has no current business value, organizations can reduce current and future storage costs.
- Improve Business Intelligence – Organizations can gain insights into the flow of sensitive data as it is used and manifested throughout the enterprise. Removing aged data will leave organizations with higher quality data to help them make more accurate and better informed decisions, driving greater business performance.
Visit our website to learn more about EnForce Risk Manager and sign up to hear about the latest updates.
- Posted by: guidancesoftware101
- On: 2/04/2016
- No comments
- Categories: Compliance , Data Breaches , Data Privacy , E-Discovery , Endpoint , EnForce Risk Manager , Guidance Software , Information Governance , Intellectual Property , Privacy , Remediation , Risk , Risk Management