Thursday, September 22, 2011

Security Risks of Online Review



http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?
id=1202515702531&Security_Risks_of_Online_Review&slreturn=1

Article by Albert Barsocchini published on law.com on the LTN webpage.

As the article states, there are risks associated with the security of attorney reviews performed online. The article mentions the rise in hacking incidents, and states, "When sensitive intellectual property leaves the firewall of an organization, corporate legal has both an ethical and legal obligation to zealously protect client confidences and secrets. This can be a daunting task -- security risk points include the cloud storage server, review workstations, the pipeline between the review workstation, and the servers -- and access control and security credentials of employees and reviewers."

The article provides some advice on how to deal with increased security threats, "Documents stored on a server should always be encrypted, and protected by layers of both perimeter and "end-point" security. Discuss with the vendor what will happen to the electronically stored information once the case is over and how it will be deleted from the server. Undetected malware is the most common way to extract information from servers, and it can lay dormant for months, or even years. Absent contractual restrictions, once you load ESI onto a third party's server you essentially lose the ability to monitor who has access to the data. Risks increase when your data is processed outside the United States."

In addition, some points are provided to be addressed with any potential service providers that provide hosting or processing for ESI, "Here are issues to discuss with the potential vendor (and to address in contracts).
  • How will the information be secured?
  • When were the security protocols last audited?
• Is the ESI a high-valued target that requires additional security?

• Ask for details about vulnerability management, security testing, and intrusion protection protocols

• How is the review workstation secured and how often is it audited?




No comments:

Post a Comment