A few weeks ago New Zealand’s stock exchange was forced to close for four days due to a concerted cyber attack. Cyber attackers target law firms as well. Remember the ‘Panama Papers’ incident from a few years back? In that case, tens of thousands of confidential and privileged documents located in a now discredited and wound up law firm were released, partly due to software that had not had necessary updates in several years.
In this blog post, I take a look at some of the cyber security risks that affect organizations involved in ediscovery processes and responses organizations can make to those risks.
In ediscovery, it is common to use a third-party vendor with a collaborative platform for parties to access. This platform, could in principle be subject to a range of attacks and vulnerabilities, including:
Distributed Denial of Service (‘DDOS’) attacks. In this attack, a secure platform might be flooded with incoming traffic from various different sources, effectively shutting the system down;
Malware. Malicious software such as viruses could be slipped into a system or device involved in the ediscovery process and thereby corrupt/disturb essential applications or files;
Phishing. In a phishing scam, attackers might attempt to get access to an ediscovery information platform (e.g., login credentials) through impersonating a trusted individual;
Data leakage. This is not a cyber attack per se, but rather some feature of your system (like access through unsecured personal devices), which leaves the platform open to attack.
What can you do to ensure a robust cyber security defence (aka ‘reducing the attack surface’)? Important initial steps include:
– An agreement between counsel at the pre-trial conference or meeting about how cyber security and data protection will be ensured;
-Careful selection of ediscovery vendors to ensure that they have robust cyber security protections in place.
For specific cyber defence procedures, one useful place to start is the CIS 20. The first six controls in that list are considered ‘basic’ and should be implemented by all organizations to prevent cyber security attacks:
Inventory and control of hardware assets. This means that parties need to maintain active control over all devices that are able to access the ediscovery platform and ensure that only authorized devices are connected;
Inventory and control of software assets. All software must be actively monitored and tracked to ensure that no unauthorized software is installed to the secure network;
Continuous vulnerability management. This means continuously assessing and taking action with respect to any aspects of the system which have been identified as vulnerable;
Controlled use of administrative privileges. This means having the right processes in place to ensure that only those who are required to have a high degree of administrative power within the IT system, do so.
Secure configuration for hardware and software on mobile devices, laptops, workstations, and servers. All devices and access points need to be checked to ensure that they are switched to a safe security configuration;
Maintenance, monitoring and analysis of audit logs. This is the regular review of the systems in place to determine if there have been any cyber attacks or identified vulnerabilities that the organization needs to immediately respond to.
When using a collaborative platform as part of an ediscovery process, it is impossible to completely eliminate the possibility of a cyber attack. However, by ensuring that opposing counsel are on the same page, that a trusted ediscovery vendor is used, and that stringent controls are in place, the risks can be significantly reduced.