We've Moved! Visit Our New Blog

We’ve got a fresh new look! 

Please visit us at our NEW blog: https://www.guidancesoftware.com/resources/blogs

Legaltech Super Session Panel Recap: Adam Isles, Ed McAndrew, Scott Carlson and Chris Dale Discussed Data Security and Risk

High-profile breaches have thrust security and risk into the spotlight. Despite this, many organizations are failing to prioritize risks and take a proactive approach to information governance, ensuring that sensitive data is identified, classified and remediated. According to the 2015 Data Breach Investigations Report, 99.9 percent of exploited vulnerabilities were compromised more than a year after they were published.

Risk was top of mind for panelists in our Super Session at Legaltech New York. “Time is Not on Your Side When it Comes to Data Security” was moderated by Chris Dale and featured Adam Isles, principal at the Chertoff Group; Ed McAndrew, partner at Ballard Spahr; and Scott Carlson, partner at Seyfarth Shaw.

There’s been a tendency to segment risk with various departments shouldering the responsibility, Scott noted. For instance, companies have grappled with the issue of whether risk is - an IT issue or business operations’ responsibility.

“It’s one thing for the CISO to understand risk, but everyone needs to understand risk,” he said. Engaging business leaders in discussions about cybersecurity and risk is a critical component in identifying key assets such as intellectual property that need to be safeguarded. “The private sector is in the crosshairs,” Ed said. “Threats are constantly evolving.”

He went on to note that data is also in numerous locations and that the aggregation and collection of data is also constantly transforming. The regulatory landscape is also more complex. When he was working as an Assistant U.S. Attorney specializing in cybercrime, Ed said, the businesses with whom he interacted ranged in terms of preparedness for a cyber incident. Too many times, they were starting from a place of crisis when it came to incident response.

Best practices for minimizing future risk and making sure your organization is better equipped to deal with a cyber incident include:

• Identify your key assets;
• Assess threat, vulnerability and consequences of compromised data;
• Implement key policies and standards;
• Conduct audits and penetration;
• Participate in incident response activities.

Adam recommended that organizations hold tabletop discussions running through various cyber threat scenarios. Such drills can help organizations address potential issues before an incident or attack occurs.

Scott also recommended determining an organization’s obligations before a breach. For instance, there is no uniform data breach notification law in the United States. Companies should become familiar themselves with what their state requires and what triggers breach notification requirements.

If an organization is breached it should resist the urge to hack back or use compromised systems to communicate. In some instances, hackers have remained in the infected system and monitored communications after a breach was detected.

By reducing the surface area of risk, organizations can significantly mitigating potential damage from breaches and improve their ability to comply with global data protection mandates.

Learn more about EnForce Risk Manager, the only automated solution to proactively identify, categorize, and remediate sensitive data on our website and sign up for the latest updates.

EnForce Risk Manager: Redefining Data Privacy & Compliance

Have you ever asked yourself if your organization has control over its data? Data breaches, privacy concerns, and growing e-discovery costs continue to evolve how organizations approach controlling their business data while balancing worker productivity. At the same time, the amount of data stored on electronic systems continues to grow at an exponential rate, making the task of controlling sensitive information embedded within this data more challenging.

EnForce™ Risk Manager is the only automated solution to proactively identify, categorize and remediate private or sensitive data across the enterprise. Our solution offers the deepest level of insight and control of electronic data across all endpoints, including structured and unstructured data repositories, from anywhere. This enables organizations to improve business intelligence, ensure compliance and mitigate many types of risks.

Our 360-degree visibility enabled by our expertise in forensic security, coupled with our patent-pending, next generation EnForce technology allows you to:

• Find sensitive data
• Locate where it’s stored
• Classify and quantify data assets
• Take action based on your business goals

Key benefits of EnForce Risk Manager include:

• Protect Sensitive Data – Organizations can identify and safeguard valuable corporate assets – intellectual property, proprietary client lists, trade secrets, confidential information and sensitive customer information – from data breaches, rogue employees, lost devices and human error.
• Ensure Compliance and Mitigate Risks – Better equip organizations to comply with external data privacy regulations and polices such as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard) as well as internal policies.
• Optimize Storage – By systematically deleting data that is old, no longer needed or has no current business value, organizations can reduce current and future storage costs.
• Improve Business Intelligence – Organizations can gain insights into the flow of sensitive data as it is used and manifested throughout the enterprise. Removing aged data will leave organizations with higher quality data to help them make more accurate and better informed decisions, driving greater business performance.

Visit our website to learn more about EnForce Risk Manager and sign up to hear about the latest updates.

Wishing you a happy and prosperous 2016!

Finding those Easter Eggs?

UPDATE: We have our three winners! Thanks for playing and helping us celebrate our new look and logo, everyone.

The Truth About Predictive Coding: Getting Beyond the Hype

If you’re reading this blog post, chances are you are an e-discovery practitioner, the keywords “predictive coding” caught your eye, you’re cautious about computer-assisted review (CAR), and curious about the constant hype that hangs over this topic.  You’re not alone!  One of the most highly acclaimed sessions at CEIC® 2015 (now Enfuse®) was the session called “The Truth About Predictive Coding: Getting Beyond the Hype.” 

Beyond the hype, this lecture laid out some practical reasons why predictive coding is not catching on faster and is being used in only a minority of cases. It went on to explode some of the myths about practical CAR approaches and how you can leverage the power of analytics and predictive coding today. 

Panel of Experts from Dropbox, Seyfarth Shaw, and the eDisclosure Information Project to Discuss 2015 E-Discovery Survey Results

Collecting data from cloud repositories, a myriad of mobile devices, and social media artifacts is challenging enough for most corporate counsel. Add the possibility of a data breach and resulting litigation, and the situation calls for the sharing of emerging best practices. Our 2015 E-Discovery Survey uncovered some valuable results, and you’re invited to hear our panel of e-discovery and security experts discuss them.

New Research: In-House Legal Teams Reveal Top Trends in E-Discovery

We're happy to be publishing the results of the 2015 Guidance Software Second Annual E-Discovery Survey.  Responded to by nearly 100 people from in-house legal departments and e-discovery service providers this survey shows some key trends with e-discovery teams, such as:

Heavy Hitters On Board to Share Unique E-Discovery and Legal Insights at CEIC 2015

If you come to CEIC every year to hear from the industry’s movers and shakers in the legal realm, you're in for a treat this year at CEIC in Las Vegas, May 18 – 22. We’ve secured big talent and big topics in the track called E-Discovery: Legal Issues, Technical Challenges and Solutions, including legal issues related to data breaches and information governance.

P&G E-Discovery Manager Outlines How to Streamline In-House E-Discovery

One of the high points of our 2014 Guidance Software E-Discovery webinar series was when Scott Van Nice, E-Discovery Manager for Procter and Gamble (P&G), outlined his process for enabling P&G to revamp their e-discovery model, reducing their e-discovery spend by fifty percent in the first eight months and compressing a four-to-six-week case start-up schedule to just two days.

Now there’s even better news, which is that e-discovery veteran Scott Van Nice has documented this knowledge in a new case study that explores in more detail how Procter & Gamble, the world’s largest consumer goods company, tackled a hefty in-house e-discovery process and now supports e-discovery for the company with a lean team of two.  

E-Discovery 201 Webinar Series: Evidence Admissibility, Expert Witnesses, Data Breaches

Judi Uttal

For the last three months we've been hard at work designing what we consider one of the best e-discovery webinar series available today. Working in concert with Joshua Gilliland of Bow Tie Law, we've assembled a team of experts to focus on the details of three advanced topics. This complimentary E-Discovery 201 webinar series features leading legal experts, including judges, specialist attorneys, and e-discovery consultants. Just as importantly, Continuing Legal Education (CLE) credits are available to those who attend the live event.

Strategies for Mitigating Business Risks Associated with Cloud Repositories

You may be among the many organizations who are considering deploying enterprise file synchronization and sharing solutions (EFSS) or cloud repositories to empower your mobile workers, implement BYOD policies, and support collaboration. You’re in good company.  Cloud adoption rates are rising as more and more companies deploy file synchronization and share capabilities, and the reasons for doing so are important: To enable their users to have access to data anywhere and to easily share that information and collaborate with their colleagues, partners and customers.

It’s working in their favor. According to Forrester:

91% of companies reported increased productivity thanks to file sync and share

70% of employees using file sync and share reported using it every day, while nearly one in five use it hourly.

But the challenges are also obvious:

• Security teams haven’t been able to determine with certainty whether sensitive data is in the cloud
• Performing e-discovery search and collections in a way that a court will accept could be both time-consuming and fraught with peril
• Best practices for reducing risk when negotiating cloud vendor contracts are in the beginning stages of development.

In fact, at Guidance Software, we’ve been integrating with leading EFSS and cloud collaboration systems like Dropbox for Business to make it all easier—and fully defensible from a legal standpoint. Take a look at our new paper, where we define the critical business requirements related to cloud and EFSS solutions and offer some advice on how to negotiate them into vendor business agreements. It also covers the challenges of collecting ESI from the cloud for purposes of e-discovery and highlights the integrations of EnCase® eDiscovery with Amazon S3, Box, Dropbox, Google Drive, and Office 365.

Download the paper here

Comments? Have best practices of your own? We welcome your thoughts in the Comments section below.

Vote for the Biggest E-Discovery Challenges of 2015

New trends in TAR, collecting ESI from the cloud, BYOD… When it comes to e-discovery, what’s keeping you up at night? With just a few keystrokes, you can make your concerns heard by participating in the second annual e-discovery professional’s survey. The survey is short, it’s focused, and all participants will see the results after analysis. To answer this brief survey, click here. To see last year’s results, click here.

The “Shellshock” BASH Vulnerability and EnCase Products

Ken Basore

We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.

“E-Discovery Best Practices for IT” Webinar Highlights

Jason Pickens

IT teams are the unsung heroes of litigation, spending many hours searching for relevant electronically stored information (ESI), helping the legal team “herd cats” to ensure that custodians respond to litigation holds, and preparing massive files for both review and production phases. Having spent time with many legal and IT teams across North America and Canada, I’ve compiled a few best practices after some discussion with my recent webinar co-presenter and former colleague, Carl Wong, who’s an adjunct professor in forensic computing at the John Jay College of Criminal Justice.

#1 – Bring Preservation and Collection In-House

Lowering costs relative to both software and a streamlined collection process are big benefits, but not the only ones. No one understands your IT landscape better than you do, and it makes sense for you to be the drivers of a repeatable and defensible process that’s part of a total response plan. Bringing the oversight of the process in-house doesn’t mean your team has to do all the work, but rather that you should have control over the process for greater efficiency and lower risk.

CEIC 2014: Highlights of “The Intersection of Privacy, Security and E-Discovery” Session

Recent news stories have sparked a worldwide debate about the right to privacy for both individuals and businesses. As the European Union pushes for greater safeguards, tech giants like Google are struggling with the potential implications of the “right to be forgotten.” Here in the United States, several high-profile breaches raised the issue of consumers’ right to know when sensitive information about them has been accessed.

In their discussion at CEIC 2014, 451 Research Analyst and Counsel David Horrigan and Assistant U.S. Attorney Edward McAndrew highlighted several developments that could impact e-discovery and investigations. 

On OpenSSL Security Advisory CVE-2014-0224

After the well-documented, highly publicized Heartbleed flaw in OpenSSL was made public, many of our customers reached out to Guidance Software to confirm whether our products were affected.  At that time, we confirmed: Guidance Software products do not use OpenSSL at all.

On June 5th, 2014, another OpenSSL vulnerability was published: CVE-2014-0224. Once again, Guidance Software confirms our products do not use OpenSSL and are therefore unaffected by the latest published vulnerability in OpenSSL.

Questions? Comments? Add below or reach out to us on Twitter @EnCase. 

Case in Point: Litigation Cash Cow

Out of Cold Storage and Onto Your Screen: Why In-House E-Discovery Review is Taking Hold

Bringing e-discovery review in-house is becoming more common by the week. The days of sending legal assistants and paralegals away to “storage camp” are becoming history not just because of the reality that the overwhelming amount of our business information is stored electronically. It’s because bringing review in house makes sense in terms of early case assessment as well as costs and time.

A few developments in the legal industry are fueling this trend, too. Inside counsel are becoming both savvier about technology and more impatient with the inability to gain oversight on the process when review is always and only outsourced. When counsel asks, “How far along are we in the review process?” and receives an answer like, “Um, it’s hard to quantify exactly,” it’s time to get a different system in place.

Learn New Options from a Field Expert

Betsy McCabe, a principal business consultant for Guidance Software with plenty of hands-on review experience, will present a webinar on Wednesday, April 16^th called, “Taking Control: Benefits and Best Practices for Bringing Review In-House.” 

Join her for a look at research on the expectations of increased corporate litigation, how you and your ever more technologically proficient colleagues now have a number of options for performing review, and how to establish a methodology for secure, flexible multi-party, multi-matter review. You can register here. We hope to see you there.

Comments? We welcome discussion in the Comments section below.

Highlights of the Sedona Conference Institute Program on “eDiscovery in a New Era”

Chad McManamy

Last week I attended the 8^th Annual Sedona Conference Institute Program, “eDiscovery in a New Era: New Technologies, New Media, New Rules.” During the initial session, leaders polled the audience as to how many were first-timers at the event, and a significant number of attendees raised their hands. I've attended the annual event for the past four years, and am encouraged to see more people taking an interest in improving their e-discovery processes.

Zubulake Opinions Still the Standard

This year’s program focused on drawing a finer point on specific issues. Case law is always of interest, but discussions still mostly continue to refer back to cases such as the now classic Zubulake v. UBS Warburg, which led to the issuance of a groundbreaking series of opinions on electronic discovery from Judge Shira Scheindlin prior to the 2006 amendments to the Federal Rules of Civil Procedure (FRCP). At the 2014 Sedona Conference Institute Program and going forward, we are simply further defining the questions at issue. No sea change in opinion or ramifications of these opinions was in evidence this week.