Digital White Papers

SC24

publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/1519635

Contents of this Issue

Navigation

Page 14 of 22

I L T A W H I T E P A P E R | S E C U R I T Y & C O M P L I A N C E 15 U S I N G E M P L O Y E E E N G A G E M E N T A N D T E C H N I C A L C O N T R O L S T O R E D U C E I N S I D E R R I S K Scott Busch brings over a decade of leadership in international team management across the legal, real estate, and tourism sectors. As a member of Ogletree Deakins' information security team, Scott focuses on Governance, Risk Management, and Compliance (GRC), and third-party risk management. His career demonstrates strategic vision and dedication to excellence, and his diverse experience is complemented by a commitment to lifelong learning. One of the best ways to reduce insider risk is to eliminate the risk before it can materialize. Implementing thorough background checks and vetting procedures during hiring should be standard practice for most organizations. Organizations can identify potential red flags early on by conducting comprehensive screenings, including criminal background checks, reference verifications, and employment history checks. Verifying educational and professional credentials helps ensure that employees possess the qualifications and integrity for handling sensitive legal matters. Similarly, exit interviews and offboarding procedures offer a last chance to prevent data loss. Organizations should conduct thorough exit interviews and ask departing employees to sign, confirming no company files are being taken. Additionally, offboarding procedures should ensure that all access to sensitive information is revoked promptly. This process helps to mitigate the risk that former employees may still have access to company systems or data after their employment has concluded (SP 800-53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations | CSRC (nist.gov), Personnel Screening and Personnel Termination). Conclusion Both technical and non-technical measures are vital for reducing insider risk in the legal industry and play a crucial role in fostering a culture of security awareness to minimize the likelihood of security breaches. Law firms and corporate legal departments can effectively mitigate insider risk and safeguard sensitive information by implementing adequate technical controls, promoting a positive work environment, addressing resentment and discontent, and strengthening employee engagement. ILTA Ethan Powell is an IT Security Analyst at Ogletree Deakins, focusing on incident response and vulnerability management in the legal environment. He can adapt to many situations and is dedicated to consistent and continuous learning about the ever-changing security landscape. Joshua Smith is an experienced information security manager with a demonstrated history of success in higher education and legal verticals. He holds a CISSP and is skilled in information security operations, GRC, and problem-solving, as well as solution development and customer service. Dedicated to continuous improvement through learning and contributions to the profession, Joshua currently leads the Information Security GRC team at Ogletree Deakins.

Articles in this issue

Links on this page

Archives of this issue

view archives of Digital White Papers - SC24