How Outsourcing Can Protect You From Cyberattack
As universities, law firms, hospitals and businesses around the world recover from a global hack that has locked up at least 250,000 machines since mid-May, US companies and law firms are going through much the same process. Many are trying to determine if they have lost any data or if their own systems are safe. Some are trying to figure out whether they should pay the ransom, or whether they have backups that will allow them to avoid giving in.
WannaCry, the name given to the ransomware, was created from the latest batch of Hacking tools leaked from the NSA (this should really emphasize the complexity). This ransomware is unique in that not only does it lock down your machine, but it attacks any vulnerable machines on local networks.The good news is that a young security researcher found a “Kill Switch” which he exploited and essentially shut the Virus down. The bad news is that once this got out into the wild, the race was on to modify the code and create a new variant that has no “Kill Switch.”
In a world where any email attachment could be carrying malicious software that could go viral, how can corporations and law firms made up of individuals specializing in areas other than cybersecurity be certain they are protected? Considering that almost half of U.S. organizations experienced a data breach or failed compliance audit in the last year, the simplest answer is to outsource non-core functions to companies that specialize in the service and bring credentials like SOC2 Type 2 certifications to the table.
This article speaks to eDiscovery and litigation support services as today’s eDiscovery service marketplace allows corporations and law firms to contract with service providers that are certified by third party audit & review agencies. By ensuring a defined set of security standards and practices during the vetting stages, corporations and law firms can consolidate eDiscovery services with an outsourced, cloud-based service provider that offers a heightened level of attention to security protocols as cybersecurity stands as one of their primary value propositions.
While many eDiscovery service providers tout their security procedures, only a select few have subjected themselves to the strict oversight, costly approval process and ongoing auditing required for certification under recognized standards. If a vendor lacks independently validated security certifications, it can be difficult to discern the level of security it is capable of providing. Selecting vendors that meet standards like SOC2 and have demonstrated success handling matters means that you can be confident data security is a priority.
By requiring data security certification standards and expectations during e-discovery, you not only fulfill your professional obligations, but you also take proactive steps to manage critical company information and direct litigation approaches and strategy.
Keep in mind that maintaining security is a constant task - one that is rarely rewarded when it is maintained, yet harshly judged and punished when it is not. At IST Discover-E, we recognize that by selecting partners that place a similar premium on data integrity, our clients can help ensure that a breach will not happen on their watch. IST Discover-E take this responsibility very seriously and is a SOC2 Type 2 organization dedicated to adhering to stringent administrative, physical and technical safeguard standards all working in synchrony to give our clients peace of mind as their data leaves their offices. This includes:
At IST Discover-E, we are vigilant in protecting our clients’ most precious assets by continuously improving our physical and operational security processes. By working with IST Discover-E, your trusted eDiscovery service provider, you can feel more confident that those who handle the data during litigation have hired the right people and follow pre-established procedures.
IST Discover-E White Paper: