Is Your eDiscovery Vulnerable to Hacking?

By William Vogeler, Esq. on February 17, 2017 | Last updated on March 21, 2019

In earthquake-prone California, it's become commonplace for residents to say, "Not if, but when the Big One strikes."

The threat of a massive earthquake hitting Los Angeles has spanned generations -- from Charlton Heston's "Earthquake" to Dwayne Johnson's "San Andreas." But the impact lasts only two weeks at the Box Office, at best. If a quake registers less than 5.0, Californians don't even get out of bed to put their shoes on.

The same can be said for cybersecurity breaches, especially at large companies like Yahoo. If the next email hack doesn't hit 1 billion users, consumers may not even change their passwords.

But for lawyers -- the gatekeepers of confidential information -- this is not the time to sit back and wait for the next big breach. It's not if, but when. This even applies to eDiscovery, which might be the next frontier for hackers.

Absurd and Risky

Cybersecurity experts warn that law firms and in house counsel are not doing enough to protect their clients' information, particularly through eDiscovery. Attorneys may be good at dealing with the legal issues, the experts say, but lawyers know virtually nothing about security problems with digital discovery.

For example, many attorneys think that it is best to mail hard drives to avoid internet risks to confidential data.

"That's absurd and risky," says Andy Wilson, CEO and co-founder of Logikcull. He said information is most susceptible when it is in motion.

The problem is that the whole process of digital discovery is fraught with security issues. Given the explosion of data and the complexity of the types of data subject to discovery, eDiscovery poses a growing technical and security challenge for law firms and service providers.

"It's an incredibly risky process because, often, that information is sent through insecure channels, such as unencrypted email, file sharing services and via physical media, like DVDs or hard drives," Wilson said. "All of those channels expose information to breach."

Encrypted Platforms

The most secure eDiscovery or legal intelligence platforms eliminate the risk inherent to discovery by providing one central hub for information. That's where all data should be securely hosted, and all channels in and out of the database secured.

The data must be encrypted at rest -- before it moves. Then when it is shared with opposing parties, it should go through encrypted channels -- such as a secure, permissions-based link whereby requesting parties can access the data remotely and instantly.

Lael D. Andara, a partner at Ropers Majeski with key responsibilities for eDiscovery, said lawyers often guard their clients' most valuable asset -- information. With hackers looking for that information, lawyers have to protect just like their clients do.

"Think of it as mining for gold, business data is piles of paydirt that is yet to be processed, and law firms are the sluice box that sift through the business data and pull out the gold nuggets," he said. "The irony is those piles of paydirt typically have better security than the law firms."

Related Resources:

China Stole Data From Major U.S. Law Firms (Fortune)
Global Cybersecurity Threats Are Coming (FindLaw's In House)
Global Cybersecurity Threats Are Coming (FindLaw's In House)
HP Holds Back Fees to Encourage Diversity (FindLaw's In House)