Anywhere there’s sensitive information on the Internet, there is also a chance of a data breach. Recently, companies such as Under Armour, Panera and Macy’s have made headlines due to data breaches. They’re becoming a regular occurrence for companies and consumers.
The Identity Theft Resource Center has been tracking data breaches since 2005. From 2005 to Aug. 31, 2018, there have been a total of 9,395 data breaches, exposing more than 1 billion records.
While consumer data breaches related to big B2C brands are highly publicized, corporate eDiscovery data presents another target for hackers. Data involved with the eDiscovery process often contains valuable information such as intellectual property and trade secrets. Therefore, it’s important to take the proper steps to protect it.
Here are four ways to protect corporate eDiscovery data.
A Culture of Security
Sensitive data is easier to protect when everyone in the company is on board. This is the foundation of secure data. Employees—no matter their status—have to be aware of the ways they could potentially put their company at risk.
Executives are often targets because of their access to valuable knowledge and influence within organizations. Despite this, many are not invested in cybersecurity. A survey of 9,500 executives found only 39 percent have a hand in setting cybersecurity policies and just 31 percent actively review cybersecurity risks.
Get everyone on the same page with a formal internet policy for your organization. Make it clear what practices—say, accessing personal email accounts—are not allowed at the office nor on any company devices. It might be helpful to consult an IT specialist when drawing up these rules. If you already have a policy in place, regularly communicate with employees about cybersecurity risks, hold meetings and ask the IT department to speak about the issue.
This way, everyone from top to bottom will feel a duty to keep data safe.
Hygienic and Secure Collection
As John deCraen, senior director at Alvarez & Marsal, and Nik Balepur, solutions architect at Relativity®, discussed in their talk about cybersecurity and eDiscovery, you can mitigate risks with hygienic and secure collection methods.
What does this look like?
During collection, equipment with no other data on it should be used. Data should also be saved with encrypted media and standardized methods, such as randomly generated passwords. If the data is encrypted at the time of collection, it should protect personal or sensitive data. In case of hardware failure during transit, copies should be made of the data being collected.
Additionally, as deCraen and Balepur note, advanced malware scanning should be employed for imports and infected file protocols, and reporting should be clearly stated so infected files can be dealt with expediently and effectively, too.
Secure collection protects data, but an emphasis on security must also continue after collection
Controlled Data Access
The more people involved with handling eDiscovery data, the more opportunities there are for data breaches.. Once the data has been collected, access should be strictly limited to staff working directly on the case. Make sure your permissions are set up correctly via user/role-based accesses to accomplish this.
Naturally, eDiscovery providers should have high security certifications and the infrastructure necessary to keep data safe.
A Trusted, Certified Partner
Your data, and your clients’ data, is too important to leave in the hands of someone you don’t trust. This is why Trustpoint.One offers industry-leading security across our entire hosted platform environment, including Relativity and other eDiscovery tools.
Furthermore, our operating environments are certified with these security protections: certified SOC 2 Type 2, ISO 27001, Privacy Shield and HIPPA certified. Not every company has all of these protections to limit access to data.
If you have eDiscovery needs and want to stop worrying about your data, contact Trustpoint.One. We make sure you data is secure, so you feel the same way