Does Your BYOD Policy Cover Device Upgrades and Disposal?
Back in 2014 I wrote a piece on how Avast! pulled personal information from wiped Android phones sold on eBay to demonstrate the dangers of selling off your old smart phone. Now it seems that trading in your iPhone with Apple has not been safe since 2015. The improvements in device encryption may severely limit the potential exposure of corporate email, texts and credentials [...]
Connectors are Key to Unified Data Management
Many years ago as a product manager at Symantec (now Veritas again), I advocated for the acquisition of Globanet because they were a key partner in so many of our compliance-eDiscovery deals. The Veritas Compliance Portfolio covers the core enterprise unstructured data sources (file shares, Office365, Box, Exchange, SharePoint and many more) with a variety of solutions. Their eDiscovery Platform even does remote laptop [...]
Time to Update Your WhatsApp Usage Policy Again
When is a business chat a record? That question has plagued my consulting practice since I first collected and processed native email for a client back in 1993. Now your policies, protocols and security controls have to address multiple chat apps that support ‘vapormail’ disappearing messages. WhatsApp adds this capability to over 2 BILLION users. When you add FaceBook, Instagram, Signal, Viber and WeChat [...]
FCPA Compliance Key – Mapping Players to Transactions
Having supported far too many FCPA investigations over the last 30 years, the hardest initial step is untangling the key employees, contractors, agents and foreign players involved in doing business overseas. The TGC article provides a solid checklist for compliance defensibility that many corporate clients would shy away from because of the heavy manual overhead required. Most enterprise content management systems now include categorization/tagging [...]
Minimizing Risk in Separation of Employment
We are living in an age of unprecedented layoffs, work stoppages, downsizing, and general unemployment. I frequently call out weak corporate termination policies/protocols during discovery health assessments. It is a complicated process with many players, data sources and heightened emotions. Most people hate confrontations or making a scene. Any fuzziness in your separation protocols may result in former employees walking away with corporate data [...]
Separation of Employment: Risk Assessment Workflow
Session workflow or check list to review separation of employment policies and protocols from a discovery readiness perspective. This is not actual policies or protocols. Instead, it is an extended bullet list of separation scenarios to consider and decision elements that your policies/protocols should cover. Every work environment has unique data systems, business models, risks and corporate cultures that must be considered when developing [...]
PII in Your Discovery?
Epiq’s “Ruyk” ransomware attack in February cut off customer access to their hosted discovery matters for roughly three days. This outages constitutes a major service interruption and violation of normal Service Level Agreements for one of the largest global legal service providers. Beyond SLA penalties, missed production deadlines and unhappy customers, Epiq is now facing a potential class action suit under the new California [...]
My Take on O365’s Insider Risk Management
The headline got me excited that this new MSFT O365 package might enable my clients to better monitor policy and data management compliance. The reality seems pretty weak. Agentless monitoring of desktop and MS Edge actions such as downloads, forwards to banned domains, etc. We have been able to see those in logs for years and to create custom log based alerts. The new [...]