password-cracking

Leaks at Equifax, Tarte Cosmetics, and over 35 other examples which made headlines almost weekly in 2017 represented a clear lesson for attorneys: If you're not paying attention to security, you're not paying attention. The value of a strong cybersecurity stance in all types of organizations, from law firms to corporations to government entities, is higher than ever.

While some may consider security the purview of IT or litigation support teams, 2017 was rife with examples where cybersecurity breaches implicated both e-discovery and liability competence. The reality of today's modern business and security landscape is putting proof to technology competence requirements at the state and federal level, making a strong security policy the responsibility of counsel at every level.

As you forge into 2018, here are six trends for senior counsel to keep on your radar.

1. Rise of multi-party suits: Cloud-based e-discovery platforms allow litigants to easily add new collaborators and experts to cases in multi-party suits. This makes the process of securing and managing permissions for sensitive data easier than ever. Many firms have long partnered with attorneys general to secure justice for citizens in antitrust cases, and the widespread adoption of tools allowing remote collaboration will make these multi-party suits even easier to manage in 2018.

2. Nowhere for wrong-doers to hide: As LTN has explored, attempts to cover up data breaches prompt regulatory and federal scrutiny. Previously “dark” or less searchable data—such as instant messages, foreign-language content, and audio and video files—no longer provides cover for instigators hoping their wrongdoing will be overlooked, as e-discovery vendors add support for discovery and search of these increasingly common files. Investigators have the most powerful and responsive tools at their disposal to uncover the crucial moments as they explore case timelines.

3. Greater consumer and constituent awareness of breaches: Forty-eight U.S. states rolled out data breach notification laws by December 2017. The European Union's GDPR, which takes effect in May, enforces steep fines for noncompliance that may reach 4 percent of annual global revenue. And US regulators are looking to the GDPR model, as evidenced by Congressional committee hearings in late November. Similar fines and enforcement may ensure greater reporting and compliance requirements.

4. Re-examination of data collection practices: As the GDPR deadline looms, compliance officers will repeat a common refrain: “Does our team truly need to collect this data?” Data protection by design, the practice of implementing privacy as a feature, rather than trying to address it post-release, will ensure the most effective compliance. Product vendors and consumer-facing applications in banking, retail, financial services, real estate, health services, and other verticals will be affected by this process. The data mapping which informs this protective approach also provides an opportunity to reduce extraneous sensitive data which make servers a target for breaches. Expect to see the quantity of data collected shift, and the types of data available in evidence review change in step with this transformation.

5. Rise of cloud-based software adoption: The Public Technology Institute's Cyber Security Awareness poll showed high percentages of government agencies lacking department-wide network security audits, cyber liability or data breach insurance, or breach response policies. Consider, too, the 37 major corporations which LTN reported experiencing breaches in 2017. Project managers worried about data-sharing within large organizations may opt for vendor solutions in the public cloud which provide more robustly-audited and encrypted homes for sensitive data.

6. More complex login procedures: Software on all types of devices, from mobile apps to desktop solutions, now offer multi-factor authentication. The Federal Trade Commission reported in August 2017 that phone hijacking attacks more than doubled between 2013 and 2016, with leading government technologists among those affected. Time-based one-time passwords (TOTP or OTP) offer the strongest protection against phone porting or hijacking. Many vendors of both enterprise and consumer applications are adding these protections to their login protocols, and smart organizations are moving quickly to incorporate these strengthened login procedures into their own security protocols.

2018 dawned on an interconnected world with ever-greater opportunities and challenges for IT managers in the legal sector. With the modern arsenal of tools and vendors, the smart legal operations department can prepare for the impending challenges. Monitoring these six trends will contribute towards a more strategic response, and save your team headaches throughout the year.

Jon Kerry-Tyerman is Vice President of Business Development for Everlaw. Previously, he served as a Senior Director in the Innovation practice at LexisNexis, where he chaired the Digital Culture Task Force. Jon served over eight years as a Professor of Law at the University of San Francisco, where he worked in the Internet and Intellectual Property Justice Clinic.