Replicating data and sending it offsite for analysis creates unnecessary risk by exposing personal data outside the enterprise. However, there is a way to avoid risk caused by data duplication.
The risk of 3rd party investigations
Companies purchase cyber risk insurance which covers them for breach events and fines related to data leakage, ransomware attacks and data privacy violations. As the amount of data is growing exponentially, the quantity of personal and confidential data is growing. This means a constantly expanding exposure to potential risk and harder times for compliance teams.
For decades when a corporation had an internal investigation, litigation or cyber event they sent documents and files outside the firm to trusted third parties. Whenever a situation occurred, files were sent to law firms, forensic companies and the Big Four accountancies. Sending files externally replicates personal and confidential data for analysis by legal, accounting and forensics experts.
Why create copies of documents that contain personal and sensitive company data for sending to external consultants? This massively increases risk as third parties also have their vendors and suppliers who are recipients of company documents for analysis. Personal data is being replicated over and over again. One should ask how is data privacy maintained by this food chain of suppliers: law firms, legal service providers, forensic companies and data analytics vendors?
Giving access to data within own systems
Do these companies delete all information received from their clients after the forensic and litigation work has been completed? Could they, if asked, find all confidential files containing personal data that may reside in file servers, e-mail inboxes, WebEx platforms, discovery platforms, data rooms and AI analytic tools? Probably not, and this means increased risk and exposure to the company and the forensics food chain. Risk can be costly as cyber insurance only covers the first couple of days after an event, after that the company is paying fines out of their own pockets.
Therefore, companies benefit from keeping all their data within their own systems and should consider giving access to their systems to forensic consultants and law firms so not to duplicate documents over and over again.
The solution is a matter of trust
There is available technology and it’s simply a matter of trust and changing long standing work practices. While these work practices were previously respected, particularly when they were paper-based, with digitalization the replication of files on external, 3rd party systems creates unnecessary risk.
It is possible to conduct forensics and investigations using 3rd parties without moving data, avoiding unnecessary data leakage, so we should.
To learn more about how Ayfie's solution can help you share data safely when conducting 3rd party investigations, click below.
