News & Press: Affiliates in the News

Victoria Blake, Zapproved: In-House Legal Security: Control Data Access to Manage Risk

Friday, August 7, 2020   (0 Comments)
Share |

Zapproved

Extract from Victoria Blake's article "In-House Legal Security: Control Data Access to Manage Risk"

User Privilege, Identity, and Risk
As the legal office moves more and more into the Governance, Risk, and Compliance (GRC) space, legal departments are more and more being asked to understand and move fluidly in the GRC functions. At the heart of the GRC function is security: protecting against liability, protecting against threat, protecting against chaos. And at the heart of security is the concept of privilege and identity, e.g., some users can do what others can’t. Many of the most common security threats come via compromise of a privileged user. Each additional node of privilege increases the risk to the entire system.

Consider this use case:

Somebody in the legal department clicked on the link in that phishing email. They unwittingly installed malware on their machine, which tracked keystrokes and captured their passwords. In the background, a malicious third-party signs into their account as a fully accredited user. Deepening on the level of access the person had, the malicious actor can now download huge amounts of data, can see and export personally identifiable information (PII), and might even be able to access the communication layer by digging into the API (a method of communication between two different software systems). 

Read more here


What our customers say?

©2018 Association of Certified E-Discovery Specialists
All Rights Reserved