e-Discovery 101: I See Two-Thirds of you Breaching Security

Magic_mirror3 I wouldn't write about it if you weren't doing it.  What's "it"?  Taking a lackadaisical approach to data protection.  The reality, as this study establishes, is that 66% of you aren't taking proper precautions; and your employers/clients are the ones who will suffer.

Obviously you will, too, but I don't think I need to point that out.

It's not surprising to me.  It's exactly what I've observed over my many years in corporate environments.

2 thoughts on “e-Discovery 101: I See Two-Thirds of you Breaching Security”

  1. I’m not an IT expert, but I work with many very intelligent networking folks and engineers, and have had many discussions around data security. From what I understand, most data security threats/breaches occur through social engineering, rather than direct attacks. What’s your take on best practices for preventing social engineering attacks? Any advice beyond creating solid policies around working from home and/or discussing internal information externally?

  2. Hi Sarah – greetings from San Francisco:

    As much as we wish we could be the ‘conduct police’ there’s no way to accomplish it fully (unless one spies on those entrusted with one’s data 24 hours a day, which is completely unrealistic). It’s important to remember that policies are in place to accomplish two goals:

    1) The ‘obvious’ goal: Protection of the data, and,
    2) The ‘not-so-obvious’ goal: A defensible legal strategy should a breach occur.

    You want to establish safe harbor and a foundation from which to argue on behalf of the client, so you make the best, good faith effort you can.

    On that note, I have no compunction making sure the data custodians understand that if they make a foolish ‘mistake’ (euphemistically), no matter where they are or what product they’re using, it may result in a subpoena and/or being hauled into a deposition and/or court to testify – never mind being named as a party.

    Did I mention the other risks, such as public disclosure of private facts, lengthy litigation, losing said litigation…

    Hopefully, this will serve as a sufficient deterrent for most people. The rest? You’ll have to deal with them on a case-by-case basis.

Comments are closed.