Ah, summertime . . . Colleagues and friends are heading to the beach, gathering up their summer reading collection. But right now I’m not focused on page-turning thrillers or rom-com novels. Instead, I’m thinking about data security and privacy. I’m exploring the factors that heighten the risk of a data breach, the staggering impact a breach can have on an organization, and how companies can minimize their risk of a breach. So I thought I’d create a summer reading list of my own, and share it here. (I recommend tackling this list with a cool beverage in hand and your toes in the sand.)
- According to a report by Juniper Research, new research suggests that by 2020, the average cost of a data breach will exceed $150 million. Five years from now, the collective global impact of data breaches will exceed $2 trillion annually, almost four times the current cost of breaches. Read more at Corporate Counsel: Data Breaches on Track to Cost Companies $2.1 Trillion
- Why is the risk of data breaches growing? For one, hackers and fraudsters constantly find new ways to breach systems by targeting human users – but we users don’t seem to be getting better at detecting and preventing those vulnerable points of entry. In a quiz created by CBS News and Intel Security, 80 percent of people were fooled by fake email and fell for a phishing scam. Why are we so gullible? Partly because “phishers are getting better and better at making their traps look real, copying logos and creating sham urls and email addresses that look like actual corporate credentials.” Read more at CBS News: Majority of Americans Fall For Email Phishing Scams
- Another reason data breaches are on the rise: Hacking is becoming more and more profitable. A hacker can secure an ROI of more than 1,500 percent on data breaches using ransomware, a method that essentially takes data hostage by encrypting it until the owner pays a hefty ransom. Read more at Corporate Counsel: As Data Breaches Go On, Hackers See Big Profits
- The costs involved in keeping pace with the latest cybersecurity threats and preventing breaches also are rising. A study by RAND projects that the cost to businesses of managing cybersecurity risk will increase 38 percent over the next ten years. Read more at TechWeek Europe: Cybersecurity Costs ‘to Soar 38 Percent’ Over the Next Decade
- But there’s good news: Cybersecurity is getting the focus it deserves. Not just from IT, and not just from the legal department, but from boards of directors and C-suite executives. Read more at Inside Counsel: Cybersecurity Isn’t Easy, but a Strict Security Focus is Necessary
- In her article in Today’s General Counsel, Lisa Berry-Tayman recognizes that a significant risk to data security comes from “malicious insiders”—current or former employees, contractors, or business partners with access to the organization’s sensitive information. Working from the premise that companies should treat insiders like the TSA treats travelers (we’re all potential threats), she offers some good advice for minimizing the risk from inside. Read more at Today’s General Counsel: Protecting the Company Against Malicious Insiders
- In another helpful piece, Corporate Counsel suggests six questions legal departments should ask before engaging a Software-as-a-Service (SaaS) provider to handle the company’s sensitive data. The questions are aimed at determining if the provider truly understands where the biggest security threats come from, and how to use layers of security to safeguard against those threats. Some of the practice points focus specifically on SaaS providers, but others apply more generally to any third party provider—including a law firm—that will have access to sensitive information. Read more at Corporate Counsel: 6 Security Questions to Ask Software-as-a-Service Vendors
Interested in learning more specifically about data privacy and security in the context of litigation and regulatory e-discovery? Come join us at LegalTech West on July 14, 2015, in San Francisco. I’ll be moderating a panel titled “Beyond the Corporate Walls: Managing Data Security and Privacy in Discovery.” Experienced in-house counsel will discuss strategies for protecting a company’s most valuable information assets during discovery.
At DiscoverReady, we recognize that data security and privacy top the list of concerns for many of our corporate clients, and we’ve developed an industry-leading information security program. Read about it here, and learn why our enterprise clients trust us to protect their most private, sensitive, and valuable information.