Information Management for Professionals
Specialists in document production and management solutions, Ascertus offer a full range of professional services and software solutions, which allow professional knowledge workers across all sectors to demonstrate and justify their value to their company, effectively manage their costs, mitigate their risks, and enhance their efficiency and productivity.
Ascertus featured in The Global Legal Post: Information Governance: Minimising the Risk of a Data Breach
By Roy Russell, CEO, Ascertus Limited and originally published on The Global Legal Post on 21st October 2016.
Linking email security with email and document management processes is fundamental to preventing and mitigating the effects of cyberattacks, writes Roy Russell.
Given the frequency with which we hear about cyberattacks, security breaches might soon begin to lose their news value. Despite this, many security professionals acknowledge that at some point a security breach will happen, so organisations need to focus on minimising the impact ‘when’ it does.
There is a wide variety of security attacks today – phishing, spear-phishing, ransomware and whaling are all widespread and persistent. It’s noteworthy that they are all email scams. According to Mimecast, an email security services provider, 91 per cent of attacks start with an email. Also, law firms are a lucrative target for hackers, given the highly confidential nature of information they hold on their clients and the fact that they are cash-rich. Recently it was reported that cyber criminals had targeted 48 top law firms for inside information on mergers and acquisitions. Business advisors Hazelwoods believe that losses to UK law firms due to cyber-fraud alone has jumped by 40 percent in the last year.
Legal services providers need to create a strong security foundation – adopting a layered approach to building defences so that in the unfortunate event of a breach, critical business data is ring fenced. Additionally, such measures will support law firms’ compliance with regulations. Most regulations today are moving away from the prescriptive model, allowing organisations the flexibility to choose their own approach to data protection, but in doing so placing the onus of data protection solely on the shoulders of individual businesses. The EU General Data Protection Regulation (GDPR) is a case in point – a potential fine of up to 4 per cent of global revenue for non-compliance would pinch any law firm.
Email security – the first layer
From a data security standpoint, email security is the first layer. Many law firms are already deploying best-of-breed email security solutions to prevent infiltration of malware and rogue email scams into the network. Such solutions are critical, as they automate processes to detect suspicious URLs, identify keywords and match known sources of scams and threats to a blacklist. The hackers who are able to penetrate an organisation’s network are those who have successfully exploited a gap in the enterprise procedures. So, email security systems not only help establish best practices around people and processes, but in the event of a human error, also ensure that the technology steps in to protect the data and the organisation.
A tightly bolted down email and document management system – the core layer
But cyber criminals are upgrading their arsenal, often faster than most organisations. Therefore, should hackers break into a law firm’s network, an email and document management system can prevent them from gaining access to business-critical information. The issue of course is that not all law firms deploy such solutions. In failing to do so, they are invalidating any security measures they may be taking to protect their organisation and its data.
Many law firms still use standard file shares or ‘lightweight’ document management modules supplied with their practice or case management systems for document storage. In these scenarios, due to the fact that there tend to be multiple locations for and multiple versions of the same documents, there isn’t a single version of the truth. Furthermore, user-held passwords are relied on for security, which is far from satisfactory. People easily lose passwords or share them with other team members, negating the secrecy of the keyword. Where law firms deploy best-of-breed email and document management solutions, on the other hand, all the data is stored in the system and accessible only through it. Information is shared via links, so even if criminals gain access to those links, they will not be able to access the documents due to the security applied to them at electronic file, sub folder, individual document and email level. Law firms can also set up ‘ethical walls’ to protect data and against conflicts, i.e. data can be compartmentalised on a need to know basis. This is further enabled by applying file encryption based on a set of rules for critical data including client information, matter type, practice area, employee information and such. This is especially pertinent for complying with data protection regulations.
In the event of a hack, one of the biggest challenges organisations face is determining precisely what data has been breached. Due to the processes within email and document management systems, there is full auditability – who has opened the emails/documents, how many times, how many views, date and time stamps and so on. This makes it easy to detect where unusual activity has taken place and what information has been stolen. If critical data is simply stored on a network, it is near impossible to detect malicious activity.
Furthermore, the ability to identify that a breach is in progress is key to minimising the impact of the attack. FireEye research indicates that the average time that an attack goes undetected in a customer network is around 150 days. Today, advanced email security and document management technology offer analytics to help detect unusual activity. By combining data and behavioural patterns of employees via machine learning, law firms can have visibility of the attack in motion with actionable insights to mitigate the potential losses. More importantly, such insight significantly improves a law firm’s ability to detect future attacks.
QBE, which insures more than one in 10 law firms in England and Wales, says that approximately £85m has been stolen across the legal market in the past 18 months. Integrated email security and email and document management processes facilitate information governance, which must form a key part of firms’ overall security strategy. It is essential for loss mitigation and even prevention. Most crucially, this approach is proven as the ‘low hanging fruit’ for a more robust and effective security policy. It should be a no brainer.
Following the success of Ascertus’ ChalkTalk launch training on Improved Search Techniques for iManage Work users; by popular demand, the next webinar is on Top Email Management Tips. This free training for iManage Work users is scheduled for Thursday, November 10th at 2:30 PM.
This demonstration-led, 30-minute webinar will offer iManage Work users practical tips and tricks on how they can better manage their email inbox, in turn saving them valuable time and making them more productive and responsive. For instance, suggested filing is an excellent functionality that allows users to efficiently manage inbox overload. Similarly, ‘send and file’ is a superb timesaving feature in iManage Work that is often under-utilised.
The Ascertus ChalkTalk training is a rolling webinar series. It is ideal for users who are looking for a refresher course in iManage Work; as well as for those individuals who are users, but haven’t had the opportunity for formal training on the system.
“We are delighted with overwhelmingly positive response we have received for this initiative,” says Jon Wainwright, Sales Director at Ascertus Limited. “Like with any software, most users only scratch the surface when it comes to using the capabilities it offers. These webinars are truly informative and are entirely designed with the user in mind. You will leave with constructive tips and tricks that will make your day to day work life easier. We invite all iManage Work users to attend these sessions, regardless of whether they are Ascertus customers or not.”
Ascertus’ training team welcomes input from iManage Work end-users on the topics they would like covered in these webinars. Please email us at firstname.lastname@example.org with your ideas.