Cybersecurity and eDiscovery: What you need to know about your vendor
Baker McKenzie recently released their sixth annual edition of ‘The Year Ahead: Global Disputes Forecast’ in which senior legal and risk leaders share what they expect to see in the coming year. From an overarching perspective, disputes volume is expected to increase and, much like the rest of the world, legal and risk experts are keeping a cautious eye on the economy.
Also of note, cybersecurity and data matters top the list of expected dispute types. Law firms and legal teams are especially vulnerable as attacks shift their focus from personal information to trade secrets, commercial data, and supply chain systems, the type of highly sensitive information legal teams house.
Cybersecurity incidents are only increasing and a breach can be costly. In its yearly Cost of a Data Breach report, IBM notes that the average cost of a data breach in the United States is $9.44 million. For law firms the monetary cost is coupled with reputational damage.
When it comes to confidentiality, the American Bar Association requires counsel to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
While in simpler times that may have meant not talking about a case in the middle of a busy steakhouse, today it means making thoughtful, strategic decisions about who touches your data and where it’s stored. Firms will be under increasing scrutiny for cybersecurity compliance and that means taking extra care in selecting an e-discover partner.
Go ahead, ask them.
Cybersecurity is not a place for being shy or assuming the best from all parties. You need to ask tough questions. If you are vetting a new ediscovery partner, having an open and direct dialogue about cybersecurity is a critical step in the process. Some questions to ask:
- What is your approach to cybersecurity and data governance?
- What security measures do you have in place?
Do you provide cybersecurity education and training to your employees? - What types of offensive security measures do you have in place?
- Do you have any cybersecurity or compliance certifications? If not, are you working toward any?
Before choosing a ediscovery partner you should feel confident in their approach to safeguarding your highly sensitive information.
This is covered, right?
Cybersecurity regulations are evolving to meet the changing threat landscape, as are cybersecurity insurance policies. If your firm has such coverage, check your policy to understand the steps you should take when vetting new vendors. It is also worth understanding your regulatory or compliance requirements when it comes to cybersecurity. In many cases your due diligence extends to your vendor selection.
Is everyone here?
Information security matters to your business, and you likely have someone whose job it is to care even more than you. Perhaps you employ an IT professional or contract with an outside firm. Whatever the case, make sure that these folks are also involved in vetting your new eDiscovery provider.
This collaborative approach is especially important for organizations with a robust technology stack or with hybrid work environments. The more that happens in the cloud, the better understanding your team should have about how information is connected and how thoroughly those connections are protected.
Strong cybersecurity practices need everyone to work together. So start with collaboration in mind, and involve stakeholders early rather than trying to reverse engineer a security plan after the partnership starts.
Through the discovery process legal teams amass an astonishing volume of information much of which makes them a lucrative target for cyber attacks. When choosing an e-discovery partner, understanding their approach to cybersecurity is vital.
Need a partner you can trust with all of the above? Array’s eDiscovery team makes security a top priority, with services powered by a SOC2 certified data center with 99.99 percent uptime. All of your data isn’t just kept confidential and secure, but you have round-the-clock access. Talk to Array and ask us your important questions.