Security

Solargate: A Global Trojan Horse in the Supply Train

Good summary and perspective by Doug. First a bit of context and techno translation. The Orion Platform is SolarWinds’ primary systems management bundle for on-premise and hybrid environments. SolarWinds’ products cover the breadth of IT management. That means the hacked version of Orion gave the hackers potential access to servers, applications, databases, storage and more. I have struggled to keep up with the new [...]

By |2020-12-17T11:27:47-06:00December 17th, 2020|Compliance, News, Privacy, Security, Architecture|0 Comments

Label Trade Secrets to Protect Them

The matter and article highlight the increased risk that corporate trade secrets and confidential data may be disclosed by the largely remote corporate workforce. I appreciate the well-structured guidance and concrete action steps proposed. The authors recommendation to perform an IP audit is a good starting point. However, I would add the need for automated categorization solutions that flag and highlight files and communications [...]

Time to Change your Legal Hold Notice Routing

The legal hold notice market is dominated by cloud services that use a wide variety of security methods to send out your notices from their trusted domains. Having implemented a large number of these systems recently, I can tell you how difficult it can be to establish that trust relationship and bypass all the spam/virus/phishing filters to ensure that all custodians receive their hold [...]

By |2020-12-02T13:28:16-06:00December 2nd, 2020|News, Legal Holds, Security|0 Comments

The Civil Discovery Impact of 50,000+ Smart Phone Extractions

Good find by Doug (who credits his wife) on Upturn.org’s new report on the widespread use of Mobile Device Forensic Toolkits like Cellebrite or Access Data by law enforcement. Aside from the civil liberties issues, I want to draw corporate litsupport/compliance/security attention to the logical progression that looms. The latest Gallup poll shows that 58% of employees work remote sometimes or always. I can [...]

Does Your BYOD Policy Cover Device Upgrades and Disposal?

Back in 2014 I wrote a piece on how Avast! pulled personal information from wiped Android phones sold on eBay to demonstrate the dangers of selling off your old smart phone. Now it seems that trading in your iPhone with Apple has not been safe since 2015. The improvements in device encryption may severely limit the potential exposure of corporate email, texts and credentials [...]

Connectors are Key to Unified Data Management

Many years ago as a product manager at Symantec (now Veritas again), I advocated for the acquisition of Globanet because they were a key partner in so many of our compliance-eDiscovery deals. The Veritas Compliance Portfolio covers the core enterprise unstructured data sources (file shares, Office365, Box, Exchange, SharePoint and many more) with a variety of solutions. Their eDiscovery Platform even does remote laptop [...]

Time to Update Your WhatsApp Usage Policy Again

When is a business chat a record? That question has plagued my consulting practice since I first collected and processed native email for a client back in 1993. Now your policies, protocols and security controls have to address multiple chat apps that support ‘vapormail’ disappearing messages. WhatsApp adds this capability to over 2 BILLION users. When you add FaceBook, Instagram, Signal, Viber and WeChat [...]

FCPA Compliance Key – Mapping Players to Transactions

Having supported far too many FCPA investigations over the last 30 years, the hardest initial step is untangling the key employees, contractors, agents and foreign players involved in doing business overseas. The TGC article provides a solid checklist for compliance defensibility that many corporate clients would shy away from because of the heavy manual overhead required. Most enterprise content management systems now include categorization/tagging [...]

Minimizing Risk in Separation of Employment

We are living in an age of unprecedented layoffs, work stoppages, downsizing, and general unemployment. I frequently call out weak corporate termination policies/protocols during discovery health assessments. It is a complicated process with many players, data sources and heightened emotions. Most people hate confrontations or making a scene. Any fuzziness in your separation protocols may result in former employees walking away with corporate data [...]

Go to Top