As businesses generate more data and developers create better security measures to protect it, hackers have also grown more sophisticated and clever. Indeed, 2017 was jam-packed with high-profile data breaches, from Equifax to Yahoo! to voter registration data. And in 2018, maintaining security will become even more urgent: with the launch of the European Union’s General Data Protection Regulation (GDPR) in May, penalties for violating the privacy of European residents will reach astronomical levels.
Not only is data security vitally important to good eDiscovery practices, but the process of eDiscovery itself opens up myriad opportunities for that security to be breached. Make sure that your eDiscovery software is doing all it can to keep your information secure. Look for the following features when selecting your platform so that it enhances rather than undermines your efforts.
Encrypted Data Transfers
Just like wagon trains were susceptible to attack in the Old West, data is vulnerable when it is in transit between different locations. Unfortunately, the entire point of eDiscovery is to produce information to an opposing party, so data transfers can’t be avoided. So, how do you protect your data while it’s being transferred?
Although the protocols for file transfers have confusing alphabet-soup designations, the concepts are simpler than the names. The classic file transfer protocol (FTP) is open and unsecured. The next iteration, file transfer protocol with security (FTPS), adds a layer of protection by requiring that all connections be authenticated with user identifications, passwords, certificates, or similar “keys.” The gold standard today is secure shell (SSH) file transfer protocol (SFTP). This protects both the data and the certification during transfer, providing the highest available level of security.
Of course, data isn’t only susceptible during transfers: the majority of breaches likely occur while data is at rest in storage. Look for software that promises encryption of data at rest, which generally occurs via data segregation. Air-gap separation, for example, isolates a secure network from any unsecured connections, ensuring that unauthorized users cannot access stored data. Consider also whether software offers data segregation at the client and case level to avoid cross-matter vulnerabilities.
Secure Server Facilities
If your data will be stored in a secure server facility, ensure that the facility has a Tier 4 ranking according to the standards developed by the Telecommunications Industry Association (TIA). These facilities provide 24/7/365 security, with multifactor authentication that may include access codes and biometric scanning for physical access. Any data storage center should also offer a fully documented data recovery plan that incorporates continuous audits, testing, and upgrades.
Thankfully, you can also look for certifications and standards that ensure a technology company is staying up-to-date with data security and providing best-in-class security services. Look for companies that offer SSAE 16 certification in the U.S. or comply with ISO/IEC 27001, the standard for information security in Europe.
Client-Facing Security Measures
Finally, make sure that your own office doesn’t become the weakest link for data security! Your eDiscovery software should include client-facing application security measures such as multifactor authentication and should be configurable to limit external connections by user identification, company, or region.
Need more help deciphering security mumbo-jumbo? We can help you accelerate eDiscovery—while keeping your information secure. Please contact us to learn more.