The Ashley Madison hack is the latest high profile data breach to hit the front page headlines. The extramarital dating site leaked the personal data of over 40 million users and as a result could be the subject of multiple litigations. One lawsuit claims that Ashley Madison’s parent company, Avid Dating Life, failed to protect sensitive data of clients and falsely advertised services claiming they would remove all record of use from company databases. Notably, a new lawsuit has been filed against data hosting providers and web services that have made the information stolen from Ashley Madison available online.
The Ashley Madison case shows the ripple of effect data breaches can cause in an interconnected world (in more ways than one). The case illustrates how the relationships companies have with other vendors, firms, and third parties can also affect client information. This is especially important in the legal world where law firms contain confidential and sensitive information of clients.
A recent study of 300 CIOs from medium and large businesses found that small and medium sized companies have less stringent security practices than larger businesses. This is largely because smaller companies have less resources to dedicate to security measures. As the study found, the lack of security measures makes the smaller and medium sized companies likely targets to cyberattacks especially since they may provide access to information about larger companies.
As discussed in a recent Conduent whitepaper, “In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost, and Risk,” this perceived vulnerability makes information security critical for law firms who handle clients’ e-discovery data – data which could include personal information, trade secrets and other sensitive information. As data grows exponentially and technology continues to evolve, cyber-threats will become more and more sophisticated requiring expertise and infrastructure to ensure the highest level of security. This implies significant cost and investment. The solution for many firms has been and will continue to be a move to a “security as a service” model where managed service providers are engaged to provide end-to-end e-discovery services (or at least hosting of sensitive data) in the cloud, behind the provider’s corporate firewall.
Unlike law firms, many e-discovery service providers are in the business of information security. With a “security as a service” model, law firms can leverage their provider’s information security expertise and also the benefits of state-of-the-art technology without having to invest in hardware, software and the IT and security experts to manage security and respond to threats. E-discovery service providers can also provide: software and resources to maintain technology and scale projects; budget predictability; and standardize processes across all cases while maintaining the highest level of security protection for firms and their clients.
As more data moves to the cloud and security risks increase, transferring some or all parts of data management—and corresponding security obligations–to an expert service provider can be an attractive alternative to building and managing a program in-house. For firms considering that move, having a security checklist to evaluate managed providers will be critical. Adequately preparing for security upfront can avoid compromising your client’s data down the road.
About the Author