The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
best practices • Safeguard Data During Exchanges: One of the key security risks affecting IT and information security departments and third-party providers is the exchange or transfer of data from one entity to another. It is not unusual for data to pass from one organization to another (e.g., corporation to vendor) or to a number of different entities (e.g., corporation to law firm to vendor one to vendor two). Each transfer creates additional risk as information security policies and procedures, or lack thereof, may vary significantly for each entity involved in the process. The vested parties can take immediate steps to decrease the risk of a data security breach as information is exchanged by encrypting data up to the point of access. • Limit and Track Data Copies: A major risk occurs when an organization's information security practices have no procedures to adequately track where data are copied or limit the number of copies being made. A similar problem is when there are few to no controls in place to determine whether data are actually deleted when required or desired. This problem is often compounded when information security policies are not centralized. The first step to protect against excessive copies of data is for IT to provide mechanisms that limit and track the number being created. CorpSync SEAMLESSLY INTEGRATES YOUR CORPORATE CONTACTS WITH SMARTPHONES OR TABLETS •Push external and internal contacts to smart devices automatically as they change in the source system (i.e. CRM, HRS, etc) •Receive updated contact information as employees join or leave the company. •Resume communications and exchange critical information with other users during network outages. •Increase productivity of your field workers and employees who are frequently away from the office. •Browse contacts even when there is no network connection. •Seamlessly integrates with Exchange Server and BlackBerry Enterprise Server (BES). For more information please contact us or visit www.CorpSync.com • Control Access: Controlling who accesses certain information and under what circumstances is critical in preventing theft and unauthorized access. Documenting who has access rights and how data are accessed and transferred is necessary to provide a level of control, oversight and auditability. Audit the destruction policies of third- party vendors to ensure they properly dispose of sensitive information. • Destroy and Dispose of Data Appropriately: When rushing to move on to the next data response initiative, organizations often do not focus on the protocols necessary to address the return or destruction of data that still reside outside the firewall, on network servers or on other storage devices. If data are not properly disposed of or accounted for, an organization may inadvertently be exposing itself to the risks associated with over-retention. To avoid these complications and keep storage costs down, security policies should be created that delineate the method of data disposal, and, at minimum, thoroughly audit the destruction policies of third-party vendors to ensure they properly dispose of sensitive information in a timely fashion. • Enforce Policies and Training: A strong information security policy can be offset by poor human judgment or lack of experience. Therefore, a process-driven approach impacting the entire organization is required. Information security is only successful if employee training and awareness results in better judgment and consistency in overall execution of the policy and its procedures. An effective information security policy must include regular risk assessments, defined preventive and corrective action plans, ongoing training, and regular internal and external audits. www.PaayaTech.com | 1-800-905-4252 | 416-840-0257 14 Peer to Peer