cybersecurity
cybersecurity ()

Today’s news reports are filled with seemingly unending storylines involving hacking victims, data leaks, ransomware attacks and similar events impacting everything from individual consumers to international companies and from governmental agencies to national political campaigns. According to IBM, in the month of September 2016 alone, a full 62 percent of spam contained malicious software designed to block access to files, or an entire computer, until a ransom was paid.

Those reports have focused mainly on how hackers are continuing to target U.S. government and private sector computer networks in ever more sophisticated cyber-attacks that especially target financial and trading information, intellectual property, email and anything else of perceived value. But not much has been said about how those events can impact e-discovery processes, procedures and responsibilities. As it turns out, e-discovery stakeholders also have much to lose.

What’s more, while hacks and ransomware can severely and adversely affect an individual’s or organization’s ability to fulfill retention and disclosure obligations, some of the solutions being used by individuals and companies to address those concerns can further complicate e-discovery.

Driven at least somewhat by a desire to avoid hackers and seeing their private communications splashed across the headlines, over a billion individuals, including employees at organizations large and small, routinely use encrypted messaging applications, such as WhatsApp, to collaborate and communicate. And that number is growing at a steady clip. And more and more organizations are making data and device encryption a standard on every device, often complicating the collection, processing, review and production of critical information.

In organizations that allow their employees, contractors and others to use their own devices (often called BYOD), the use of such encrypted and often ephemeral applications can lead to a total disappearance of corporate information and communications from corporate systems, creating a lack of awareness—a virtual digital black hole—that can further complicate and endanger e-discovery processes. Indeed, even in organizations with a strict policy against the use of personal devices, individual users will often still employ personal devices, cloud resources and more.

So, today’s e-discovery practitioners must not only be aware of and prepared to deal with potential data loss from hacking and similar security threats, but they must also be on the constant lookout for the continually expanding universe of exactly where and how that data may reside. To help combat those concerns, here are some suggestions that can be implemented:

Hackers & Ransomware: In the context of the overall business, the impact of hackers, and ransomware in particular, is growing and multifaceted. Past scenarios have typically involved only one machine, but hackers are getting more ambitious. These attacks often now infect a single machine that spreads the infection to multiple machines on the network, including your servers.

While organizations often consider the ransom money as the actual cost of ransomware, the legal and financial impact can be significant if the data made inaccessible are vital to a litigation, for example. Not only could a company face potential sanctions for the inability to produce otherwise relevant information, but the information they may need to prove their case or mount their defense could be compromised as well.

From the e-discovery practitioner’s point of view, the first thing recommended is that the organization build into its incident response procedures a notification of the hacking or ransomware event to outside counsels and vendors involved in any pending or potential litigation. Likewise, e-discovery practitioners should make it part of their standard matter initiation process to inquire whether any such events have taken place that might affect data retention and disclosure obligations.

Armed with the knowledge of the event, e-discovery practitioners can look for alternative data sources, such as backups or other such resources, and more importantly, can proactively address those issues with the opposing parties, regulators, and the court. A hacker intrusion or ransomware attack can be devastating. Don’t let a lack of proper inquiry make it worse.

Hidden Data Sources, Encrypted Communications and Similar Applications: Encrypted (and often “hidden”) communication solutions are a growth market, not just for individuals, but for corporate users as well. In 2016, WhatsApp alone added over 300 million users. While encryption is great for security, and can even help allay some of the fears of hacking, applications like WhatsApp, Viber, Line, and their ilk can pose a major threat to organizations in terms of both data leakage, and document and communication retention.

And, when it comes to e-discovery in particular, unauthorized (or often more importantly unknown), use of such applications can significantly complicate or even compromise an organization’s ability to meet their legal obligations to collect, process, analyze, and review data that may be subject to a litigation or investigatory matter. Such documents might also leave along with the device when the employee exits the organization and be lost forever.

For example, if an organization fails to identify and disclose the use of such solutions by a critical employee or group of employees, let alone the data that may be preserved, collected, and produced from those solutions, the result could be case-ending sanctions. Thus, identifying the existence of such solutions and how to handle the resulting data has quickly become a critical aspect of any competent e-discovery process.

Organizations and e-discovery practitioners should be proactively surveying employees about their usage of encryption applications and technologies in advance of an actual discovery need. Your e-discovery provider vetting process should include questions about that organization’s experience in identifying, collecting and handling cloud and encrypted data sources. Once a matter has started, even if it’s believed that all resources are known and have been identified, a simple custodian questionnaire or interview should be conducted in each case to close the loop and ensure that a comprehensive and defensible effort has been made to identify all potential data resources.

Law Firm Hackers, Espionage, and Data Leakage: In 2016, there were several high-profile attacks on law firms by hackers in search of trade secrets and other sensitive information about their corporate clients, including details about undisclosed mergers and acquisitions that could be used for insider trading.

Just like many organizations have been doing with IT, data center, and other technology vendors for years, it’s essential that all those involved in the e-discovery process (including experts, e-discovery providers, and law firms) be similarly vetted on how they secure and protect sensitive client data. Questions should include specifics on topics like network protection; device encryption (including desktops, laptops, mobile devices, and various storage media); general policies, practices, and procedures; and plans for preventing, responding to, and notifying their clients in the event of intrusions, thefts, or data leakage.

Law firms and corporate counsel should seek the guidance of security and e-discovery professionals relating to these topics. With the news filled with such events on a nearly daily basis, today—more than ever—failure to heed such warnings and mitigate those risks nearly ensures unwanted notoriety, public embarrassment, regulatory and shareholder scrutiny, adverse litigation impacts and more.

Today’s news reports are filled with seemingly unending storylines involving hacking victims, data leaks, ransomware attacks and similar events impacting everything from individual consumers to international companies and from governmental agencies to national political campaigns. According to IBM, in the month of September 2016 alone, a full 62 percent of spam contained malicious software designed to block access to files, or an entire computer, until a ransom was paid.

Those reports have focused mainly on how hackers are continuing to target U.S. government and private sector computer networks in ever more sophisticated cyber-attacks that especially target financial and trading information, intellectual property, email and anything else of perceived value. But not much has been said about how those events can impact e-discovery processes, procedures and responsibilities. As it turns out, e-discovery stakeholders also have much to lose.

What’s more, while hacks and ransomware can severely and adversely affect an individual’s or organization’s ability to fulfill retention and disclosure obligations, some of the solutions being used by individuals and companies to address those concerns can further complicate e-discovery.

Driven at least somewhat by a desire to avoid hackers and seeing their private communications splashed across the headlines, over a billion individuals, including employees at organizations large and small, routinely use encrypted messaging applications, such as WhatsApp, to collaborate and communicate. And that number is growing at a steady clip. And more and more organizations are making data and device encryption a standard on every device, often complicating the collection, processing, review and production of critical information.

In organizations that allow their employees, contractors and others to use their own devices (often called BYOD), the use of such encrypted and often ephemeral applications can lead to a total disappearance of corporate information and communications from corporate systems, creating a lack of awareness—a virtual digital black hole—that can further complicate and endanger e-discovery processes. Indeed, even in organizations with a strict policy against the use of personal devices, individual users will often still employ personal devices, cloud resources and more.

So, today’s e-discovery practitioners must not only be aware of and prepared to deal with potential data loss from hacking and similar security threats, but they must also be on the constant lookout for the continually expanding universe of exactly where and how that data may reside. To help combat those concerns, here are some suggestions that can be implemented:

Hackers & Ransomware: In the context of the overall business, the impact of hackers, and ransomware in particular, is growing and multifaceted. Past scenarios have typically involved only one machine, but hackers are getting more ambitious. These attacks often now infect a single machine that spreads the infection to multiple machines on the network, including your servers.

While organizations often consider the ransom money as the actual cost of ransomware, the legal and financial impact can be significant if the data made inaccessible are vital to a litigation, for example. Not only could a company face potential sanctions for the inability to produce otherwise relevant information, but the information they may need to prove their case or mount their defense could be compromised as well.

From the e-discovery practitioner’s point of view, the first thing recommended is that the organization build into its incident response procedures a notification of the hacking or ransomware event to outside counsels and vendors involved in any pending or potential litigation. Likewise, e-discovery practitioners should make it part of their standard matter initiation process to inquire whether any such events have taken place that might affect data retention and disclosure obligations.

Armed with the knowledge of the event, e-discovery practitioners can look for alternative data sources, such as backups or other such resources, and more importantly, can proactively address those issues with the opposing parties, regulators, and the court. A hacker intrusion or ransomware attack can be devastating. Don’t let a lack of proper inquiry make it worse.

Hidden Data Sources, Encrypted Communications and Similar Applications: Encrypted (and often “hidden”) communication solutions are a growth market, not just for individuals, but for corporate users as well. In 2016, WhatsApp alone added over 300 million users. While encryption is great for security, and can even help allay some of the fears of hacking, applications like WhatsApp, Viber, Line, and their ilk can pose a major threat to organizations in terms of both data leakage, and document and communication retention.

And, when it comes to e-discovery in particular, unauthorized (or often more importantly unknown), use of such applications can significantly complicate or even compromise an organization’s ability to meet their legal obligations to collect, process, analyze, and review data that may be subject to a litigation or investigatory matter. Such documents might also leave along with the device when the employee exits the organization and be lost forever.

For example, if an organization fails to identify and disclose the use of such solutions by a critical employee or group of employees, let alone the data that may be preserved, collected, and produced from those solutions, the result could be case-ending sanctions. Thus, identifying the existence of such solutions and how to handle the resulting data has quickly become a critical aspect of any competent e-discovery process.

Organizations and e-discovery practitioners should be proactively surveying employees about their usage of encryption applications and technologies in advance of an actual discovery need. Your e-discovery provider vetting process should include questions about that organization’s experience in identifying, collecting and handling cloud and encrypted data sources. Once a matter has started, even if it’s believed that all resources are known and have been identified, a simple custodian questionnaire or interview should be conducted in each case to close the loop and ensure that a comprehensive and defensible effort has been made to identify all potential data resources.

Law Firm Hackers, Espionage, and Data Leakage: In 2016, there were several high-profile attacks on law firms by hackers in search of trade secrets and other sensitive information about their corporate clients, including details about undisclosed mergers and acquisitions that could be used for insider trading.

Just like many organizations have been doing with IT, data center, and other technology vendors for years, it’s essential that all those involved in the e-discovery process (including experts, e-discovery providers, and law firms) be similarly vetted on how they secure and protect sensitive client data. Questions should include specifics on topics like network protection; device encryption (including desktops, laptops, mobile devices, and various storage media); general policies, practices, and procedures; and plans for preventing, responding to, and notifying their clients in the event of intrusions, thefts, or data leakage.

Law firms and corporate counsel should seek the guidance of security and e-discovery professionals relating to these topics. With the news filled with such events on a nearly daily basis, today—more than ever—failure to heed such warnings and mitigate those risks nearly ensures unwanted notoriety, public embarrassment, regulatory and shareholder scrutiny, adverse litigation impacts and more.