Defending against insider data breaches

by |

Last month, ALM Intelligence released a survey which highlighted cyber-security as a weakness among leading law firms. What’s more, almost three quarters of survey respondents said that clients had exerted pressure on them to increase internal data security.

In recent times, cyber-security discussions in the legal space have focused on the impact of imminent data breach notification legislation. While this is an important and transformative piece of legislation, it is also time we shone the spotlight on data security inside the legal profession itself.
Almost all (94%) top ASX listed companies, including some law firms, have been exposed to an internal data leakage in the last year, according to research commissioned by global cyber-security firm Forcepoint. Internal data leakage can take a number of guises, including the negligent employee who leaves a USB stick lying around; the malicious employee who transfers confidential data to a personal server for their own future gain; or the targeted employee who falls victim to a phishing email.

Internal data breaches have the potential to damage reputation and incur significant financial loss – not only for law firms but clients too. As highlighted by the Panama Papers, the impact of an insider cannot be underestimated. An anonymous source from within Panamanian law firm Mossack Fonseca was able to leak an unprecedented 11.5 million documents over the course of a year, with consequences that reverberated across the globe. Of course, this is an extreme example, but it does serve to highlight the danger posed by an insider who can go undetected for long periods of time.    

While there is no silver bullet, there are steps that every law firm can take to reduce the risk of internal data leakage – and these aren’t constrained to the IT department.

Put in place data loss prevention controls
Data loss prevention technology can classify and “fingerprint” different types of data held in an organisation. It is used by companies to prevent data from leaving a private network and getting out into the public sphere. It is an essential first line of defence.

Look out for suspicious employee behaviour
Is an employee connecting to an unauthorised server after hours? Are they transferring large volumes of information to a USB? Being able to separate risky behaviour from the noise of innocuous activities is a good way to isolate and protect data from insiders who act maliciously.

A technology solution recently made available in Australia combines this type of behavioural analytics with a video playback function that starts to record when the system identifies suspicious activity taking place. This video evidence is admissible in court.

Educate employees on security threats
Employee education and training around the threats related to security can go a long way. The vast majority of internal data leakages are from the careless and targeted insider. Ensuring employees understand how to handle sensitive data and can identify phishing scams are an important part of any data security strategy.

And if a breach happens? Be prepared to limit the fall-out
Once a breach has taken place, the key is to focus on reducing the time between the discovery of a breach and resolution. Having the right policies and escalation procedures in place is important to contain the threat and to control the overall damage.

Don’t wait for a breach to happen before you get your cyber-security practices up to speed. Take control and put in place measures that reduce the risk to your organisation and clients.

Guy Eilon is the Country Manager of Forcepoint in Australia & New Zealand