E-Discovery and E-Investigations Forum 2013
Visits to countless hotels with their endless Las-Vegan style psychedelic carpets, exchanging a metric ton of business cards with sales folk in shiny suits, shinier badges and yet shinier teeth and a veritable bounty of canapés and foods on sticks that so epically fail to satiate one’s hunger. All of the above can only mean one thing…conference season is well and truly upon us.
That time of year where the legal technology industry crams in a quarter’s worth of conferences in to a 3 week period, so that everyone can feel slightly more comfortable with the fact that everyone will be mentally checked out from mid-November until we’re safely into 2014 and our New Year’s resolution requires us to work harder.
But the season isn’t all pretentious canapés and teeth whitening, it can’t all be fun and games! Occasionally, as a subject matter “expert” in one’s field, you are asked to share your knowledge with a room full of strangers; and that is precisely what I was asked to do when chairing a panel discussion entitled “Protecting data in business and in investigations”. I was joined by Martin Pratt, Head of the Employment Group at Gordon Dadds Solicitors in Mayfair and E.J Hilbert, Head of Cyber Security at Kroll Advisory Solutions and regular creator of audible gasps as he tells people of his 8 years spent as an FBI secret agent countering international hacking (no prism jokes please).
The discussion was incredibly well received and the feedback has been overwhelmingly positive. Huge thanks for this must go to the two gentlemen mentioned above, whom I, in a Dimblebyesque way, merely pointed in what I hoped to be an interesting direction and let their vast experience and expertise come across to the audience. I know from feedback, that some even took some helpful hints back to office with them that day. I can hear you all thinking “Luke, helpful takeaways from a conference seminar? Such a thing does not exist, I just go for the chicken ballotine with quince jelly.”
At a high level, the points are basic. For external threats, it’s all about educating staff. The identity of external threats may have shifted, but their methods continue to be repeated ad nauseam. As long as people are still using their dog’s name or favourite football team as their password, hackers will always be able to crack it. As long as people follow links, even those that appear to come from a trusted source, their ‘email to click’ ratio will remain high and this method remains viable. So change your obvious password to a phrase instead. You won’t forget “tobeornottobe” in a hurry, but it’s infinitely harder to crack. Instead of clicking that link you’ve been sent, Google the name, find the original source and then decide whether to trust that email or not.
For internal threats the messaging is more important than ever: control who can access data. Categorise it so that staff have access to data required for their job but nothing else and ensure that your employment contracts are fit for the modern workplace, and regularly updated.
We have been asked to present further on this topic of data theft/loss in business at both the E-Crime forum in Amsterdam on the 28th November 2013 and as the final part of our current Webinar series which is set to broadcast in early December. They promise to be excellent discussions and if at all possible I strongly urge people to register and listen in.
Until then, look after yourself and each other.