Showing posts with label Data Breaches. Show all posts
Showing posts with label Data Breaches. Show all posts

Legaltech Super Session Panel Recap: Adam Isles, Ed McAndrew, Scott Carlson and Chris Dale Discussed Data Security and Risk

High-profile breaches have thrust security and risk into the spotlight. Despite this, many organizations are failing to prioritize risks and take a proactive approach to information governance, ensuring that sensitive data is identified, classified and remediated. According to the 2015 Data Breach Investigations Report, 99.9 percent of exploited vulnerabilities were compromised more than a year after they were published.

Risk was top of mind for panelists in our Super Session at Legaltech New York. “Time is Not on Your Side When it Comes to Data Security” was moderated by Chris Dale and featured Adam Isles, principal at the Chertoff Group; Ed McAndrew, partner at Ballard Spahr; and Scott Carlson, partner at Seyfarth Shaw.

There’s been a tendency to segment risk with various departments shouldering the responsibility, Scott noted. For instance, companies have grappled with the issue of whether risk is - an IT issue or business operations’ responsibility.

“It’s one thing for the CISO to understand risk, but everyone needs to understand risk,” he said. Engaging business leaders in discussions about cybersecurity and risk is a critical component in identifying key assets such as intellectual property that need to be safeguarded. “The private sector is in the crosshairs,” Ed said. “Threats are constantly evolving.”

He went on to note that data is also in numerous locations and that the aggregation and collection of data is also constantly transforming. The regulatory landscape is also more complex. When he was working as an Assistant U.S. Attorney specializing in cybercrime, Ed said, the businesses with whom he interacted ranged in terms of preparedness for a cyber incident. Too many times, they were starting from a place of crisis when it came to incident response.

Best practices for minimizing future risk and making sure your organization is better equipped to deal with a cyber incident include:

  • Identify your key assets;
  • Assess threat, vulnerability and consequences of compromised data;
  • Implement key policies and standards;
  • Conduct audits and penetration;
  • Participate in incident response activities.

Adam recommended that organizations hold tabletop discussions running through various cyber threat scenarios. Such drills can help organizations address potential issues before an incident or attack occurs.

Scott also recommended determining an organization’s obligations before a breach. For instance, there is no uniform data breach notification law in the United States. Companies should become familiar themselves with what their state requires and what triggers breach notification requirements.

If an organization is breached it should resist the urge to hack back or use compromised systems to communicate. In some instances, hackers have remained in the infected system and monitored communications after a breach was detected.

By reducing the surface area of risk, organizations can significantly mitigating potential damage from breaches and improve their ability to comply with global data protection mandates.

Learn more about EnForce Risk Manager, the only automated solution to proactively identify, categorize, and remediate sensitive data on our website and sign up for the latest updates.

EnForce Risk Manager: Redefining Data Privacy & Compliance

Have you ever asked yourself if your organization has control over its data? Data breaches, privacy concerns, and growing e-discovery costs continue to evolve how organizations approach controlling their business data while balancing worker productivity. At the same time, the amount of data stored on electronic systems continues to grow at an exponential rate, making the task of controlling sensitive information embedded within this data more challenging.

EnForce™ Risk Manager is the only automated solution to proactively identify, categorize and remediate private or sensitive data across the enterprise. Our solution offers the deepest level of insight and control of electronic data across all endpoints, including structured and unstructured data repositories, from anywhere. This enables organizations to improve business intelligence, ensure compliance and mitigate many types of risks.

Our 360-degree visibility enabled by our expertise in forensic security, coupled with our patent-pending, next generation EnForce technology allows you to:

  • Find sensitive data
  • Locate where it’s stored
  • Classify and quantify data assets
  • Take action based on your business goals

Key benefits of EnForce Risk Manager include:

  • Protect Sensitive Data – Organizations can identify and safeguard valuable corporate assets – intellectual property, proprietary client lists, trade secrets, confidential information and sensitive customer information – from data breaches, rogue employees, lost devices and human error.
  • Ensure Compliance and Mitigate Risks – Better equip organizations to comply with external data privacy regulations and polices such as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard) as well as internal policies.
  • Optimize Storage – By systematically deleting data that is old, no longer needed or has no current business value, organizations can reduce current and future storage costs.
  • Improve Business Intelligence – Organizations can gain insights into the flow of sensitive data as it is used and manifested throughout the enterprise. Removing aged data will leave organizations with higher quality data to help them make more accurate and better informed decisions, driving greater business performance.

Visit our website to learn more about EnForce Risk Manager and sign up to hear about the latest updates.

Panel of Experts from Dropbox, Seyfarth Shaw, and the eDisclosure Information Project to Discuss 2015 E-Discovery Survey Results


Collecting data from cloud repositories, a myriad of mobile devices, and social media artifacts is challenging enough for most corporate counsel. Add the possibility of a data breach and resulting litigation, and the situation calls for the sharing of emerging best practices. Our 2015 E-Discovery Survey uncovered some valuable results, and you’re invited to hear our panel of e-discovery and security experts discuss them.

Heavy Hitters On Board to Share Unique E-Discovery and Legal Insights at CEIC 2015


If you come to CEIC every year to hear from the industry’s movers and shakers in the legal realm, you're in for a treat this year at CEIC in Las Vegas, May 18 – 22. We’ve secured big talent and big topics in the track called E-Discovery: Legal Issues, Technical Challenges and Solutions, including legal issues related to data breaches and information governance.