Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1356436
66 Check before connecting When any kind of data storage device is received, keep them isolated and run security checks before plugging them into a network-connected device. Ban loose papers It's common to include loose papers when sending a data storage device, but this constitutes a potential security breach. Instead, send the papers digitally over a secured connection or include the information on the device itself. Use a keypad USBs are small, convenient, and simple—and a potent danger to compliant data handling. Instead of ordinary USBs, standardize your organization on keypad-secured devices to prevent a lost or stolen device from triggering a data breach or a compliance audit. Prioritize patch management Today, we are seeing a greater sense of urgency around this issue and many companies are now spending more time and money on fixing known vulnerabilities in a more systematic way, but there's still room for improvement. Continually monitor all systems and software Online accounts and software users can easily slip out of compliance, so monitoring of systems and software should be frequent and ongoing. Limit vulnerabilities by ensuring that every instance of software is authorized and the data owner of each approved system is defined and current. Perform annual audits and immediately shut down inactive accounts. We also recommend that every company conduct mandatory third-party vendor assessments every year and enforce breach notification as a requirement for all vendors. One of my company's best practices is to maintain a clean roster of vendors through a formal, collective effort. Move data to the cloud In the new remote working culture, there are typically far fewer IT support personnel on the premises to take care of data center issues. Now is a good time for legal organizations to reconsider cloud data storage and cloud-based applications. Many traditional software providers now offer hosted versions of their products, joining a large number of companies that focus solely on the cloud. These solutions are ideal for maintaining tight security controls over remote work while providing anytime/anywhere access, low cost of entry, predictable monthly expenses, automatic data backup, and more robust security than most legal organizations can provide on their own. Cloud providers use industry-recognized, enterprise-grade information security for network monitoring and infrastructure protection. With most legal professionals continuing to operate in isolation, reinforcing best practices for data handling is more important than ever. When you're in the business of managing other people's data, as we do, it's second nature to be obsessive about handling data properly. As COVID-19 forced so many of our clients to work away from their normal office environment, we are paying even closer attention to overlaying robust technology with well- communicated and universally understood best practices. After all, even the most innocuous actions of employees can create unforeseen vulnerabilities in an era where hackers are increasingly sophisticated and attuned to new opportunities. It's time to be vigilant. ILTA 4 5 6 7 8 9 Sundhar Rajan is the Chief Information Officer at Casepoint. Prior to joining Casepoint, he spent more than 9 years at the Am Law 100 firm, Crowell and Moring LLP, where he was the Manager of Network Operations. Sundhar brings over 18 years of experience working in information security, leading infrastructure and security teams, and building highly scalable/secure application infrastructure.