Eight Ways to Prevent Data Breaches
Perimeter CTO Kevin Prince has kindly offered up several tips for preventing a data breach.
What do you do when your company experiences a data breach? Is there a plan in place? Do you know whom to call and how to document everything that will need documenting just in case the breach results in a lawsuit or two?
Mitratech's product marketing director, Scott Giordano, explains the typical scenario this way:
[Y]ou have a security incident in your company. You have an incident response team. They take down all the details; they kick the bad guys out. Then all that has to be documented. Normally what would happen is that they would be photocopying things, or they'd be copying and pasting things into an e-mail to send over to legal so they could tender that to the insurance company and deal with lawsuits from customers.
But the results from that kind of approach are none too good, especially if you need to get third parties in there to help with either the database cleanup or the litigation. How do you track who saw what or did what when? The paper trail can be endless, and often incomplete. Giordano goes so far as to say that that approach is hopeless. "You're going to miss things, and if you do go to trial ... you'll get killed," he added.
The right technology can take a lot of the pain out of data breach cleanup or litigation. And Giordano says Mitratech has it. The Los Angeles-based company offers "collaborative accountability" software and services for just those situations. He says the software allows everyone who needs to work on a case or to have access to a certain data set to do so, within a single interface. At the same time, they can only see what they have been authorized to work on or see.
According to Giordano, that capability results from a very flexible security model. He explained:
You can limit attorneys to certain causes of action. ... And then within those, you may have case assistants and paralegals that are only seeing certain records, and within those records, they're only seeing certain things. So, instead of throwing all this up on some kind of third-party preservation server or evidence server and managing everyone's accessibility and keeping up with what they can see and can't see, which is a full time job all by itself, it's just built into the system, and it's all role-based.
What's more, all activity within the system is tracked and documented, providing complete transparency. In the event of an audit or a discovery request, the system can tell you who did what when, or who didn't do what when they needed to do it. In some cases, Giordano said, it may be possible to tell who knew what when.
That way, he said, when documents are destroyed because someone didn't do a legal hold correctly, the event forensics model will tell you that.
You can say, "Your Honor, we have a very robust system to protect records from being destroyed, but they were destroyed irrespective of that system." That will keep you from getting severe sanctions because there's a safe-harbor provision in the discovery rule.