Rogue data access in the legal industry: When the “enemy is us”
All the recent coverage around hacks and breaches got me thinking recently about—of all things— the classic newspaper comic strip, Pogo.
This comic strip used to be fairly well-known in its day, and should still ring a bell with readers of a certain age. For some reason, hearing so much about password insecurity—and the simple things that users fail to do to protect themselves—I felt compelled to share this comic strip. (The key frame is excerpted below.)
While high-profile security breaches continue to make headlines, the “enemy amongst us” poses a far greater security threat—as described by our recent Rogue Access study.
Here’s why this is relevant, especially to firms in the legal industry: ex-employees can cause lots of damage.
If you’re in the legal arena, you may have read this recent article in Law Fuel. Here’s an excerpt:
“The risks of Rogue Access are endless. Disgruntled ex–employees could steal money from PayPal, falsify financial details in Quickbooks, or post inappropriately on company social media. Well–intentioned ex–employees might purge important files from their personal cloud storage. And there are legal risks as well, such as the inability to complete eDiscovery or the failure to comply with regulatory obligations to protect sensitive data.
‘I’ve heard a lot of stories about sales people who export customer lists or users who wipe all their data,” says Felix Yanko, president of Pittsburgh–based ServNet Tech, an IT consultant and Intermedia partner. “For a small business particularly, ‘Rogue Access’ creates a huge risk: if something happens that affects their clients and they get sued, they usually go out of business.’”
And here’s one from Third Certainty (which has a very clever name, by the way—as in death, taxes and data breaches):
“Companies risk losing trade secrets to competitors as well as getting slapped with sanctions for violating federal health records privacy laws and state data loss disclosure rules. And some companies are ripe targets for revenge…Out-and-out sabotage is a real risk, especially for small and medium-sized businesses.”
Finally, here’s a quote from The National Trial Lawyers:
“These risks have both technical and procedural causes. In fact, one of the weakest points identified in the report is the lack of formal “IT offboarding” procedures: 60% of respondents said they were not asked for their cloud logins when they left their companies.”