As an enterprise security professional managing information and cyber security, your duty is to protect your company’s data and confidential communications from theft or loss. The challenges are daunting. Despite defenses and precautions, hackers have stolen over a trillion dollars’ worth of intellectual property from the U.S. government and American companies, according to Ponemon. Yet while you fortify firewalls, encrypt data, and install the latest technologies, important confidential data may be regularly leaving your control in the legal process.
Hackers have discovered that law firms can be easier targets than the companies they serve. The FBI recently met with more than 200 New York law firms to warn them that they were being targeted for cybercrime. Mandiant estimates that at least 80 major law firms have been hacked, some by nation-states, Bloomberg reports. The discovery process requires that data potentially relevant to litigation be preserved and collected. Often this data is sent to law firms for review before it is shared with opposing counsel. Law firms often subcontract to e-discovery service providers for assistance in this review.