ILTA Voices
Episodes
Thursday Oct 12, 2023
Risks in the Use of ChatGPT
Thursday Oct 12, 2023
Thursday Oct 12, 2023
In this podcast interview, the speaker will highlight in-depth what are the risks in the use of ChatGPT for corporations.
Questions the moderator will ask the speaker:
-We are hearing a lot about Generative AI and AI assistants like ChatGPT. Is this another hype as Blockchain and Metaverse?-If it is something that will stay. What is the probable impact on the legal world?-A lot of people and companies are concerned about data privacy. What is true and what is false in this theme?-How do we use that? I see that some lawyers in the US had issues using that in the wrong way.-How do we get updated about this technology?
Moderator:@Marcelo Cardoso - Legal Ops Supervisor, Mercado Livre
Speaker:@Leonardo Toco - Founder and CEO at GPTLAW - a LegalTech focused on GenAI
Recorded on 10-12-2023
Tuesday Jun 27, 2023
Should You Phish In Your Own Pond?
Tuesday Jun 27, 2023
Tuesday Jun 27, 2023
Are controlled phishing campaigns against your members the best way to keep your respective firm secure from phishing? This podcast session will look at phishing simulation tools, their overall pros/cons and alternatives available to keep your members secure from getting hooked with that phish.Questions the moderator asked the speaker: 1. Phishing is thought to have originated in 1995 and love bug struck in 2000. Here we are today in 2023 and phishing is still our number one vector of compromise. We've been able to reduce the risk of malware: why is phishing such a struggle?2. All security programs preach the importance of user awareness training, and it's been a requirement of clients and regulations for many years now. The majority of user awareness programs utilize phishing simulations. So, I guess the questions is, Are phishing campaigns still a good route forward? Are they being successful at training our users not to fall for that phish?3. What's the best approach for including phishing awareness into your program? Is it best to continuously cast a line or occasionally try your luck at the phishing hole?4. I've been hearing more lately about User coaching and how technology can be leveraged to protect users from themselves while presenting coaching opportunities when they do things that they shouldn't. Is this a strategy that's effective in reducing the risk of phishing? I'm not sure it would be a technology talk if we didn't speak about AI. How do you feel the future of AI impacts the threat of phishing and what steps should we be thinking about now to try and get in front of it?Moderator:@David Whale - Director Information Security, Fasken Martineau Dumoulin LLPSpeaker:@Manuel Sanchez, Information Security & Compliance Specialist, iManageRecorded on 06/27/2023
Wednesday May 24, 2023
Legal Operations and eDiscovery
Wednesday May 24, 2023
Wednesday May 24, 2023
Legal Operations is a broad emerging discipline that encompasses all aspects of the business of law including litigation support, technology, service delivery and more. Thus, eDiscovery is a major operational consideration for law firms and corporate law departments tasked with managing and securing data. Organizations typically handle eDiscovery along a spectrum where they insource or outsource certain elements of the process. What are the risks and benefits of different eDiscovery service models? How might development of key personnel to manage aspects of service give firms a competitive advantage?
Questions Ann asked the speakers:
-How would you describe the significance of eDiscovery services as a component of legal operations for a law firm or corporation?
-What are some of the costs associated with developing talent to manage eDiscovery within the firm, and how are those costs justified?
-What additional considerations should be weighed when determining how much of the eDiscovery process to insource?
-Once you start a team, how can you grow the team and what additional areas could the group serve?Moderator:
@Ann Halkett - Director, SOLVED eDiscovery Services, a division of AHBL MLPSpeakers:
@Joy Holley - Legal Operations Consultant, Vertex Advisor
@Richard Robinson - Director of Legal Operations and Litigation Support, Toyota North AmericaRecorded on 05/24/2023
Tuesday Oct 04, 2022
InfoSec Risk Reduction 101 for Remote & Hybrid Document Review Operations
Tuesday Oct 04, 2022
Tuesday Oct 04, 2022
In this podcast interview session, the speakers discussed some challenges and solutions when implementing security in a hybrid/remote environment. In addition, they spoke about cybersecurity, regulatory issues, and ethical considerations when client data in discovery and internal investigations is accessed temporary contract attorneys working from home.Questions Jordan asked the speakers:
First, describe your roles at your respective organizations and specifically how you are involved in doc review projects
How have the information security elements of these projects, or your infosec concerns, changed over the last couple years?
What are the important items to consider when planning for a remote document review project?
Differences between “secure VPN”, SessionGuardian, other options? What are different infosec and DLP approaches and technologies you see in the market?
What are some practical, tactical, day-to-day challenges found managing WFH doc review teams … and how does enhanced attention to infosec and careful application of good tools and protocols help?
Describe the roles, goals, and challenges of the law firm, the client, the hosting provider and the doc review staffing provider in today's remote doc review project
Moderator:@Jordan Ellington - Founder and CEO, SessionGuardian
Speakers:@Scott Bilbrey - CEO, Vigilant@Todd Mattson - Chief Practice Systems & Services, Covington & Burling LLP
Recorded on 10-04-2022
Friday Sep 23, 2022
Protecting Your Custom Software-Security Scanning and Runtime
Friday Sep 23, 2022
Friday Sep 23, 2022
This podcast reviews the various categories of vulnerability tools that should be used against custom software web applications and describe a couple of the vendors in each space. The types of scanners that will be covered include Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), and hiring a company to perform penetration testsQuestions that Corey will ask speaker:• What is the state of web application vulnerability testing tools today?• If you are on a tight budget, where would you consider using open source solutions over vendor offerings?• Is there a scanning category where you would not compromise, and absolutely would use a vendor solution? If so, why?• What are some of the limitations that people should be aware of when using various vendor scanning tools?• How has deploying web applications in a cloud infrastructure changed web application scanning?Moderator:@Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories
Speaker:Atahan Bozdag - Director of Information Security,MedeAnalytics Recorded on 09-23-2022
Friday Sep 09, 2022
Has the Time Come for Passwords to Take a Back Seat to Security
Friday Sep 09, 2022
Friday Sep 09, 2022
The majority of breaches today no longer come through delivered malware as our systems have become very strong with detecting and blocking these resulting in more effort than value for the attacker. Instead, it’s easier, faster and more economical to just try and steal your password, or better yet have you provide it yourself. This podcast takes a look at the security risks that are actually derived from one of our more important security controls… passwords; and look at what we can do to minimize those risks moving forward.
Questions Dave will ask the speakers:
A recent study by Verizon found that more than 80 percent of breaches through hacking involve brute force or the use of lost or stolen credentials. Microsoft estimates that there are 921 password attacks per second. We’ve been educated for years by the security industry and our awareness programs that passwords are the most crucial component to protecting our environments and our information. How is it that this sacred key to our kingdom is actually resulting in opening so many doors for attackers?
NIST has taken steps to try and reduce the bleeding with their new Password guidelines and best practices which encourage passphrases of more characters, less complexity and less changes. Are these steps in the right direction to actually keeping us secure?
Many security tools are now providing artificial intelligence around login requests that look to see if the member is coming from a known device and location prior to providing access. Would implementing these types of risk based controls with MFA and a passphrase by the answer to our problems?
Biometrics for authentication always seemed to be the next logical step for passwords. We have our basic biometrics on devices however, those are all back supported by a password or PIN. Will we ever get to a place where we’re truly only using biometrics for all authentication?
I understand that Apple, Google and Microsoft are working on a solution together that will get rid of passwords. Instead, they will just leverage the biometrics on your phone as your access code to everything. With this in mind do we just need to sit tight and all our troubles will soon be fixed?
Moderator:@David Whale - Director Information Security, Fasken Martineau Dumoulin LLPSpeakers:Sohail Iqbal - CISO, VeracodeEldon Sprickerhoff - Founder and Chief Innovation Officer, eSentirePhillip Solakov - Director, Client Solutions, Optiv, Inc.Recorded on 09-09-2022
Monday Aug 15, 2022
Monday Aug 15, 2022
Lawyers have always been held to a high standard of care to secure information and maintain the confidentiality of client-related information.However, meeting these requirements has become much more complex since shifting to a hybrid working environment.This podcast panel interview addresses the ever-growing client, regulatory and other requirements and how the introduction of new technologies, the ongoing need to balance the transition from paper to electronic and other considerations impact our approach to securing information while balancing the need provide effective client service.
Co-Moderators:@Leigh Isaacs - Director, Information Governance, DLA Piper@Reggie Pool - Senior Director, HBR Consulting LLC
Speakers:@Doug Landin - Chief Information Security Officer, Brownstein Hyatt Farber Schreck@James Merrifield - Director of Information Governance & Business Intake, Robinson & Cole LLP
Recorded on 08-15-2022
Friday Jun 17, 2022
Mobile Devices: We Use Them All Day Long - When Do We Start Protecting Them?
Friday Jun 17, 2022
Friday Jun 17, 2022
This podcast interview session will take a look into our mobile devices (super computers in our pocket) and the built in (or lack there of) security around them.Can we rely on our devices out of box as long as they’re managed or has the time come where we need to take mobile security to the next level?Questions that David will ask speaker:1. Mobile devices are essentially a smaller version of a computer that can fit in your pocket. They’re on us and in use almost all the time. Confidential information flows to, from and through them, yet we don’t seem to secure them to the same level as a computer. Is that because they’re just secure out of the box? Or are we missing something?2. What types of threats and attacks should we be concerned about with our mobile devices?3. A lot of organizations may say we use MDM (mobile device management) to secure our mobile fleet of devices. Is an MDM sufficient?4. If out of the box security and usage of an MDM is not quite enough, what addition protections should we be looking at?5. How should different usage patterns and user interfaces of mobile devices factor into an organization's model of the mobile security threat and mobile security solutions?6.Obviously budgets and staff have an influence on just how much security you can deploy and manage. What would be the top 3 items that all businesses and mobile users should put into place to help protect their mobile devices?
Moderator: @David Whale - Director Information Security, Fasken Martineau Dumoulin LLP
Speaker:@Seth Hallem - CEO & Chief Architect, Mobile Helix
Recorded on 06-17-2022
Friday Mar 04, 2022
Security, Privacy and Compliance Tools in M365
Friday Mar 04, 2022
Friday Mar 04, 2022
Microsoft’s M365 solution includes a growing and evolving number of security solutions. These include MFA, Exchange On-Line Protection, Advanced Threat Protection and others, some new, some improved.
This podcast will be an overview of the solutions in M365 today, solutions that are either baked in to our existing M365 licenses at no additional cost or available at a nominal cost, that offer the possibility to retire and displace more expensive 3rd party solutions.
Moderator:@Mark Manoukian - IT Director, Kegler, Brown, Hill & Ritter
Speaker:Paul Edlund - Chief Technologist - Midwest, Microsoft
Recorded on 03-04-2022
Thursday Oct 21, 2021
Common Security Worst Practices
Thursday Oct 21, 2021
Thursday Oct 21, 2021
This topic was one of ILTACON 2021's most popular conference sessions, and as security is a concern to many the original panel has reunited for a follow-up podcast.
Security is complex and when left without robust resources of money, knowledge, and people we sometimes revert to the ostrich head in the sand approach. Even though we try to do our best, we sometimes fall into bad habits.This podcast session is the opposite of sharing best practices . . . we will call out the absolute worst mistakes. Without mentioning any entity or name, we will discuss the criticality of certain practices. Our goal is to give you the opportunity to walk away with a private GOLD STAR or perhaps the feeling of "oh no, I do that and better fix that" without having to admit it to your peers.Moderator:@Corey Reitz - Cyber Assurance Architect, Sandia National LaboratoriesSpeakers: @James McKenna - Chief Information Officer, Fenwick & West LLPMelodi (Mel) Gates - Senior Legal Editor, Privacy & Data Security, Thomson Reuters@Rebecca Sattin - Chief Information Officer, Worldox@Robinson Roca - Practice Lead, Infrastructure Services, Helient Systems LLC@Heather Morrow -Director, Project Management & Training, Loeb & Loeb LLP.Recorded on 10-21-2021
Thursday May 06, 2021
Data Retention – How Do Law Firms Get Away from Keeping Everything Forever
Thursday May 06, 2021
Thursday May 06, 2021
Without information, law firms wouldn’t exist. Information is front and center and critical to everything we do. As Law firms progress further down their digital road maps, it presents us with an opportunity to revisit our retention requirements and strategies to ensure they’re still relevant.In this podcast session, the speaker will offer best practice recommendations for law firm data retention. Are we better to keep more or less? What must we keep and for how long? How do we get to a place where we’re only retain the minimal data footprint required?Moderator:@David Whale, Director Information Security , Fasken Martineau Dumoulin LLPSpeaker:@John Churchill, Records Department Manager, Nelson MullinsRecorded on 05-06-2021