Data Management for Law Firms: Preventing Data Theft

In August 2021, 4.3 million people quit their jobs, which amounts to 2.9% of the American workforce. Many workers quit to pursue job opportunities that offer higher pay, flexible hours and hybrid or fully remote work. As many Americans pursue new jobs and organizations experience higher employee turnover rates, there’s an increasing amount of pressure on organizations to protect their data, making successful data governance increasingly vital. The following are key policies for law firm data management amidst workforce volatility.

Cloud Applications for Data Management

As a result of increased remote work, organizations are using cloud applications for many corporate technology needs. Cloud storage, including Google Drive and Microsoft’s OneDrive, are becoming especially crucial to replace the functions of beefy desktop hard drives and network file servers. It is important to embrace solutions where administrator accounts have higher-order access and can implement granular data management security policies on users and overall data footprints to minimize losses.

Local storage is still a necessary workplace feature but should be controlled. Microsoft Group Policy and Active Directory are programs that centralize computer management on an organization’s network without having to physically configure each computer individually. Both can be leveraged to limit employee use of external media devices or block access to cloud sites outside company standards. These programs can control activities like communicating with email domains known to be sources of suspicious activities, transferring mass data to external storage devices or locations, or visiting unapproved or unsafe websites.

Secure Personal Devices Used for Work

To keep law firms data safe is vital to secure and manage employees’ devices in the ever-growing “bring your own device” (BYOD) corporate landscape. Allowing employees to use personal devices reduces costs for employers and offers workers the flexibility to select their preferred devices. However, because personal devices are not strictly used for work, employees naturally operate without consistent adherence to the organization’s security policies. Attackers exploit the reduced security of personal devices and can exfiltrate sensitive corporate data. Corporate data stolen from unmanaged devices may be harder to recover.
In a whitepaper published for the International Association of Privacy Professionals (IAPP), experts from Citrix note that sensitive company data accessible on personal devices, or on devices supplied by the company but that allow user customizations, must be governed using technology that enables complete device-independent computing. Independent computing allows a program to run on different types of devices regardless of the device’s operating system or native language.
As Citrix points out, complete device-independent computing can be achieved through enterprise mobility management (EMM), Windows desktop and app virtualization, and secure file sharing supplemented by online collaboration and remote support services. This allows organizations to permit user freedom while keeping data secure. Single-click secure access with single sign-on configurations simplifies users’ experiences while the IT governance team gains a distinct point of control to allow or disallow applications and terminate user access, when needed.

Preserve Data on Suspicious Employee Activity and Departing Employees’ Devices

If you suspect an employee has been abusing company policies or engaging in data theft, it’s important to act quickly to preserve all devices to which they have access. It is also vital to preserve an ex-employee’s information if he or she left the company under circumstances that may warrant litigation.

The best next step is to engage a digital forensics expert to properly preserve device content, as well as cloud application locations to which the employee has known access. Digital forensics experts will analyze the systems’ logs for user behavior that matches suspicious patterns.

It’s also recommended to enforce a legal hold on the employee’s Microsoft 365 profile. Consider upgrading your organization’s licensure to MS 356’s E5 licensing, particularly if your organization is federally regulated, maintains highly sensitive data, or is a frequent subject of litigation.

In the event of an internal breach, there are a few steps you can take to mitigate damage. Suspend any system activity log overwriting and work with your IT team and digital forensics expert to create defensible exports that can be analyzed for instances of suspicious behavior. Heed Microsoft 365 search limitations when collecting environment data for your general counsel or outside counsel. Note that Microsoft 365 does not index all file types and email messages, and thus may not be fully text searchable. Therefore, consider leveraging add-on tools like Mimecast and Barracuda that both journal and index mail traffic and attachments for additional search functionality. An eDiscovery partner can share best practices for reducing outbound data as defensibly as possible and recommend tools built for complex and high-volume data searching.
As workplaces evolve, data security techniques must change, too. Now is the time to evaluate and enhance data governance policies to adapt successfully.Kyle Campbell is the Vice President of Litigation Support Services at Frontline Managed Services.


Reprinted with permission from the Wednesday, May 25th issue of the Legal Intelligencer on © 2022 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.