Ediscovery Pest Control – Dealing with the Internet Explorer Bug

Do you sometimes feel like you are an ediscovery exterminator?

Just when you think you have a handle on the Heartbleed vulnerability and its impact on your legal software applications, ediscovery professionals have a couple new bugs to exterminate. 

On April 26, 2014, Microsoft publicized a vicious bug in its Internet Explorer (IE) browser. Microsoft reported, the bug “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”  A couple days later, Adobe issued a security bulletin, detailing how a vulnerability in its Flash Player could allow an attacker to take control of the affected system.  It does not take much imagination to picture the mayhem that these software bugs are causing for security officers and IT teams around the world.

Another week, another security concern for legal professionals

Unfortunately, the Heartbleed, IE, and Adobe bugs are merely the latest in a long line of security threats.  But, if you think information security is not something legal professionals need to worry about, think again.

The FBI has one message for legal professionals, “hackers see attorneys as a back door to the valuable data of their corporate clients.”  Cybersecurity is a new ethical obligation for lawyers in the digital age.  The excuse, “I cannot seem to recall taking ‘InfoSec 101’ in law school” will get you nowhere.  As noted by a recent e-Discovery Team blog, “[f]or this system of open justice to continue in the new emerging cyber world the legal profession must quickly adapt to the times.”

So, what’s a lawyer to do? 

A solid partnership between Legal and IT is a part of the bedrock of any organization’s information security practices.  If you are not friends with IT already, make haste to develop some new relationships.  Some of the things you can talk about with respect to these specific IE and Adobe breaches include:

• Workstation security. Know what legal software tools you leverage on a day-to-day basis.  Most will require some interaction with IE or Adobe. Your IT security team can provide you with the proper directives regarding these recent vulnerabilities, and they can keep you updated on the patches for these bugs as they become available.

• End-of-life programs: Know what software versions you are using.  If you are using end-of-life programs (e.g., programs that are no longer supported by their manufacturers, such as Windows XP OS or IE 7 and below), it’s advantageous that you work with IT to move off these unsupported platforms as they may not be supported by the legal software systems you use.    Further, unsupported programs are a huge security risk, as most of the time, security patches for bugs will not be offered by the software manufacturers.

• Anti-virus protection: Talk with IT about the anti-virus or malware applications in your organization, and ensure that your protections are regularly updated for all the devices you use.

Security is always top-of-mind at Kroll Ontrack

As an ediscovery software provider, security is paramount.  But, let me put it in context. Kroll Ontrack has four data centers on three continents, hosting over 20 petabytes of data.  (Just for your edification, a petabyte is more than four times the U.S. Library of Congress.)  Watching over all of this important litigation data is a service operations center (SOC) staff, an information security officer that leads a security program, and some of the smartest software engineering wizards on the planet.

As such, even before the news of the IE and Adobe bugs, Kroll Ontrack was working to identify and block attacks.  For these “bugs-de-jour”, Kroll Ontrack’s security and IT teams ensure that the necessary security patches will be applied as they become available.  At the end of the day, hackers – like the most annoying pests – are working 24x7 to infiltrate critical data.  Don’t have your law firm or in-house legal department be caught off guard!