Maintaining Security in the Face of Change
Over the last several weeks, we’ve seen companies of all shapes and sizes across the country make a fast and unexpected pivot to remote workplaces. Many of us are still sorting out what the short- and longer-term impact will be on our teams and our organizations.
For corporate legal teams, this shift to a remote workforce introduces new and complicating factors into the already-complex operations of litigation management. Many companies quickly adopted new collaboration tools like Slack, Microsoft Teams, and Zoom to maintain communications, but without the full security review typically handled by IT and Legal.
Suddenly, legal teams are faced with more data sources generating discoverable information in more places without the typical oversight we’d find in a physical office, with firewalls, secure networks, and shared repositories.
However, remote workforce or not, securing data is not optional in the world of ediscovery. Ediscovery data frequently includes an organization’s most sensitive, mission-critical information and must be handled defensibly and with common-sense security to protect your matters and your company from risk.
It’s easy to get overwhelmed by data security, but don’t worry! All these changes make it the perfect time to look at your data security and take some simple steps to get a handle on it. To get started, legal teams should conduct a security audit to ensure that the organization’s data is protected. This isn’t meant to catch entire departments or individual employees engaging in poor practices, but rather it’s a way to measure, test, and shore up security protocols. Vulnerabilities uncovered in an audit are an immediate opportunity for improvement, and even a small fix can have huge impact.
How to Get Started
We’ve created a simple guide to help you conduct an ediscovery data security audit that looks at potential security risks and vulnerabilities, explains how to set up security audits that address those risks, and makes recommendations for evaluating your vendors as part of the process. For example:
- What should you audit?
- Internal policies, people, infrastructure, and applications
- Third-party vendors, service providers, and outside counsel
- Who should conduct your audit?
- In-house resources: less expensive and potentially less disruptive, but may be limited by bandwidth or expertise
- External auditor: more expensive, but may be used to supplement more frequent audits by in-house resources
- When should you do an audit?
- Annual security audits are frequent enough to be thorough yet sufficiently spaced out to allow for systematic improvements between audits.
Every improvement in data security matters, and a thorough security audit will help you better understand your data and systems as you navigate the new remote world.