Legal firms remain concerned about cloud privacy

Lawyers are a conservative group when it comes to adopting new technology. This continue to hold true for the ever popular cloud technologies. Concerns about privacy and security related to data breaches are holding some firms back from transitioning over to cloud storage and services. In a 2015 Cloud Security Survey released Netwrix reveals the concerns around cloud adoption among lawyers include: security and privacy of data (26 percent), migration costs (22 percent) and loss of physical controls (17 percent). Moreover, security risks include unauthorized access (32 percent), insider misuse (18 percent) and account hijacking (18 percent.)

Alex Vovk, CEO and co-founder of Netwrix, told Legaltech News “Legal departments will be reluctant to entrust their valuable data and customers’ sensitive information, until they are absolutely sure that cloud providers can offer better security than the company can ensure on-premises.” Although data security is a privacy issue for all industries, legal departments are less likely to adopt technologies that do not guarantee full protection for their data.

Law firms may be cautious, but that doesn’t mean that they are uninterested in cloud technologies. According to the survey, 44 percent of the respondents indicated they their firms were in a stage of evaluation and discovery concerning cloud services. “This indicates that [law firms] are potentially ready to invest more in additional cloud security and consider various cloud options,” Vovk said. In fact, when it comes to hybrid cloud models, legal entities have the same interest in making the transition as private companies. In addtion, 37 percent of those surveyed favor a private cloud model.

Vovk summed up by stating that “… as soon as cloud providers are ready to provide additional security measures and to some extent ease the compliance burden …lawyers would become less skeptic[al] about cloud adoption.”

Article via Legaltech News, 3 December 2015

Photo: Cloud Solutions via NEC Corporation of America [Creative Commons Attribution-NonCommercial-NoDerivs]

Boyden report shows need for technology officers

With companies and law firms around the world encountering problems with how to deal with cybersecurity, it’s no surprise that a report released by the international executive search firm Boyden indicates a growing need for technology officers. Not only that, but a statement released by Tim McNamara, co-founder of Boyden’s Risk Management and Security Sector, reveals that finding technology officers who are knowledgeable about all the intricacies of cybersecurity is difficult. McNamara states, “It’s a very complicated sector with bifurcated responsibilities. Consequently, there are multiple strategies to address cybersecurity needs among the commercial, military and defense, and intelligence segments.”

Basically, each company is going to face different risks when it comes to cybersecurity, and each company needs a unique strategy to prevent cyber attacks. Companies are especially in need of technology officers that can also hold leadership positions. It’s important for executives and other officials to be tech-savvy and understand the importance of cybersecurity, since the effects of a cyber attack are not limited to the IT department. Richard Fudickar, managing partner of Boyden Germany, explains that, “management must understand that this issue is about people and behaviors, not just technology.” This involves trusting chief information security officers and and chief security officers to influence executive decisions and be an active part of senior leadership teams. Ken Rich, a partner at Boyden New York, sums it up, saying, “Companies that have embraced the strategy of giving the CISO (Chief Information Security Officer) a seat at the executive table are better equipped to prepare for any breaches in cybersecurity.”

Finding technology officers with the leadership skills necessary to fill that seat may be hard to find, though. The Boyden report indicates that more than half of companies do not feel that they employ enough security officers. Companies may have to start hiring additional technology officers to fulfill the growing need to understand cybersecurity.

Article via Legaltech News, December 1, 2015

Photo: In the Digital Age via Ohad Ben-Yoseph [Creative Commons Attribution-NonCommercial-NoDerivs]

NSA ceases bulk data collection

The National Security Agency has been collecting metadata, which is information such as phone numbers and duration of calls, since shortly after the attacks of September 11. The collection of this metadata has ceased as of November 28th. So what changed?

There is a new law in place, known as the USA Freedom Act of 2015. This law is being seen as a victory for privacy activists and tech companies looking to protect their user data. The USA Freedom Act of 2015 came about as a response to the revelations of Edward Snowden, a former NSA contractor that revealed the deep surveillance of the NSA on the American people. This new law prohibits the bulk collection of phone data previously done by the NSA. Although the agency won’t keep the bulk data, investigators will still have access to these types of records when they are investigating a particular person, or targeting specific groups. The existing metadata that has been captured during the last 5 years will be kept until next February 29th in order to ensure a smooth transition.

National Security Council spokesperson Ned Price stated that this new law, “struck a reasonable compromise which allows us to protect the country while implementing various reforms”.

Some have concerns, since the new law is going into effect so soon after the terrorist attacks in Paris. At a time when America is scaling back its surveillance, countries like England and France are considering new bills to enhance surveillance. Since American companies like Verizon would be involved, it may mean the creation of new treaties between Great Britain and the United States.  It is likely that this type of confounding circumstance will present itself more in the future due to the international nature of terrorism.

Article via ABAJournal, 30 November 2015

Photo: National Security Agency Seal via Donkey Hotey [Creative Commons Attribution-NonCommercial-NoDerivs]

Akerman Data Law Center makes cybersecurity law accessible

Virtually all industries are being affected by the complexities of cybersecurity and privacy law. In addition to being somewhat confusing, aspects of cybersecurity and privacy law can change practically overnight. With this in mind, the international law firm Akerman now offers a constantly updating web-based legal knowledge platform on cybersecurity and privacy law named the Akerman Data Law Center. Developed in conjunction with Thomson Reuters and Neota Logic, the platform makes the international rules and regulations regarding cybersecurity more accessible. This tool will be useful for law firms everywhere, since cybersecurity and privacy are “likely to have accelerated growth in the law market for 2016,” as explained by Akerman’s Data Law Practice co-chair, Martin Tully. In addition to always being up-to-date, the platform can be used to research changes that only pertain to specific regions or industries. This could be extremely useful to law firms that operate in several jurisdictions and want to be able to keep track of the differences in regulations between regions.

Though access to the research compiled in the Akerman Data Law Center will require a subscription fee, Akerman states that the platform will save users up to 80% on research costs. When compared to the number of hours associates could spend accumulating the research already available within the platform, the Akerman Data Law Center is more efficient and less expensive. To make the platform even more user friendly, Akerman even allows users to contact them directly for particularly challenging questions, which will prove useful for firms that do not have the funds to consult with experts constantly.

Article via Legaltech NewsNovember 20, 2015

Photo: Chained and locked via Vivek [Creative Commons Attribution-NonCommercial-NoDerivs]


New bill protecting companies from cyberattacks compromises individual privacy

The US Senate voted this past Tuesday to pass the Cybersecurity Information Sharing Act (CISA), which allows companies to share evidence of cyberattacks with the US government, even if that data includes the personal information of individuals.

Those in favor of the bill argue that CISA will help the government protect companies. Most big tech companies comprise the opposition, and say that the new act is another loophole that allows the US government to snoop on citizens. President Obama supports CISA.

Al Franken, a senator from Minnesota and one of 21 who voted against the bill, said in a statement following CISA’s passing, “There is a pressing need for meaningful, effective cybersecurity legislation that balances privacy and security. This bill doesn’t do that.”

Companies are supposed to remove personal information about customers—such as emails and text messages—before sending data to the government. Currently, however, no accountability system exists to ensure that personal identifiers are in fact deleted before reaching government databases.

CISA was most likely passed in response to recent high-profile hackings, such as those committed against Sony Pictures, Ashley Madison, and United Airlines.

“With security breaches like T-Mobile, Target, and [the US government’s Office of Personnel Management] becoming the norm, Congress knows it needs to do something about cybersecurity,” said Mark Jaycox, Legislative Analyst of the Electronic Frontier Foundation. “It chose to do the wrong thing.”

Article via CNET, October 27, 2015

Photo: The Capitol, in Washington, D.C. US Senate and The House of Representatives via DeusXFlorida [Creative Commons Attribution-NonCommercial-NoDerivs]

US Senate passes controversial cybersecurity bill

On Tuesday, October 27, the US Senate voted to pass the Cybersecurity Information Sharing Act.

This bill allows companies to share evidence of cyber-attacks to the US government even if it violates a person’s privacy. Supporters say this act will make it easier for the government to monitor threats and responses across companies. Others like Apple and other top tech companies argued that this bill could give government more liberty to spy on US citizens.

US Chamber of Commerce President and CEO Thomas Donohue said this legislation is a “positive step toward enhancing our nation’s cybersecurity.”

21 Senators voted against the act. Among them was Minnesota Democrat Al Franken who believes there is a need for “effective legislation that balances security and privacy” and “the CISA does not do that.”

Just last year, the CISA was first introduced and passed by the House but it did not go through the Senate. High profile cyberattacks on companies like Sony Pictures, United Airlines, and Ashley Madison may have prompted the Senate to approve it this time around.

The issue at hand is that personal identifiers such as text messages and e-mails may slip through when sending information to law enforcement and intelligence agencies, even though companies are supposed to delete that information.

US Department of Homeland Security acknowledged that the bill does raise “privacy and civil liberty concerns.”

CISA is now going to a Congressional Conference whose members must match the passed Senate and House bills before sending it to President Obama.

Article via CNET Security News , October 27, 2015

Photo: Washington DC – Capitol Hill: United States Capitol via Wally Gobetz [Creative Commons Attribution-NonCommercial-NoDerivs]