November 15, 2020
A recent data breach was reported by one of Google’s partner law firms, Fragomen, Del Rey, Bernsen & Loewy. On October 23, 2020, this law firm filed a public notice of a data breach with the state of California.
On September 24, 2020, the firm discovered that an unauthorized third party had successfully gained access to a file containing thousands of personal information records relating to I-9 employment verification services. This leaked file contained the personal information of “a discrete number of [current and former] Googlers” (employees of the tech giant). To recap, Google, one of the biggest companies in the world, with access to every security resource and safeguarding practice, had employee personal data breached through a third-party of their third party. Somehow, their vendor’s vendor gained unauthorized access and breached the confidential PII information.
Unfortunately, IBM's Cost of a Data Breach Report 2020, states the global average cost of a breach in 2020 is $3.86M, with an average cost of $137,000 just due to the nuances and difficulties of remote working. 76% of respondents concur that remote work would increase the time to identify and contain a data breach, but nowadays we have even less of an option to avoid it. Due to our new at-home set-ups and with most corporate employees out of company's offices, any breaches, cyber attacks, or suspicious activity may be harder to spot, increasing risks, vulnerability, and loss.
Another unforeseen and unaccounted for a challenge that remote working presents us with is the increase in online transactions. With more and more transactions, whether internal communication and file sharing, external collaboration, sales, and so much more, there are significantly more opportunities to intercept a lot more of our confidential business data. Many older or temporary processes set up to quickly adapt to the push to cloud computing may easily buckle under increased firewall attacks, phishing attacks, and more.
Not to mention the importance of ramping up vendor risk management in today’s virtually connected workspaces. To meet third-party risk management requirements, law firms are expected to comply with corporate client data privacy policies and security, which is often much more advanced and involved than most of the resources mid-size firms have available to them. Both conducting thorough third-party risk assessments on 100s of vendors and law firms, and responding to these assessments with hundreds of questions, which is traditionally done with tools like email and Excel, is very time consuming and hard to maintain.
Counself Risk™ has been designed to assist Legal Departments in streamlining this manual process, with a secure, collaborative, and automated workflow, reducing the time needed to do the due diligence by 50%. Our goal is not to provide software, but a solution with a set of best practice forms, questionnaires, and templates designed specifically for corporate law departments and their law firms. Let us know if you like to see a demo.