ILTA Voices
Episodes
Friday Jan 05, 2024
”Shields Up” Developing Your Defenses Against Cyber Attacks!
Friday Jan 05, 2024
Friday Jan 05, 2024
In this podcast interview, the speaker will provide best cybersecurity practices for law firms.
Questions the moderator will ask the speaker:
-Law firms deal with a treasure trove of sensitive client information. What are the top cybersecurity threats they face, and how can they effectively guard against them in today's ever-evolving threat landscape?-Considering the interconnected nature of legal systems and the vast amount of data transmission, how can law firms ensure the security of client data, both in transit and at rest? Are there specific encryption methods or best practices they should be implementing?-Phishing attacks and social engineering are persistent threats, especially with employees as potential entry points. What strategies or training programs do you recommend for law firms to protect their staff from falling victim to these increasingly sophisticated attacks?-In the unfortunate event of a cybersecurity incident, what steps should a law firm take in terms of incident response and recovery? How can they minimize the impact and get back on their feet as quickly as possible?-Employee training and awareness play a crucial role in any organization's cybersecurity strategy. How can law firms foster a security-conscious culture among their staff, and what ongoing training initiatives would you recommend?
Moderator: Kevin J. Foster, Sr., - Cybersecurity Operations Coordinator, White and Williams LLP
Speaker: Dr. Eric Cole, Ph.D. - CEO & Founder of Secure Anchor
Recorded on 01-05-2024.
Wednesday Oct 25, 2023
Too Many Updates!
Wednesday Oct 25, 2023
Wednesday Oct 25, 2023
In this podcast panel session, the speakers will discuss the challenges of the continuous and increasingly more frequent update cycles of 3rd party software. How can IT keep up with all the changes across the environment and what strategies can be employed to better manage this crucial aspect of living in the cloud.
Questions the moderator will ask the speakers:
-How do you balance the need for security patches with the potential disruption that updates can cause to ongoing operations?-How do you ensure compliance with industry regulations when 3rd party software is continuously updating?-What role do DevOps and CI/CD pipelines play in managing the frequent update cycles of 3rd party software in a cloud environment?-How do you prioritize which 3rd party software updates to implement immediately versus those that can wait, especially when dealing with a large and complex IT environment?-Can you discuss any real-world cases where a failure to update 3rd party software led to significant issues, and how those could have been avoided?
Moderator:@Christopher Hockey, IGP - Information Governance & Records Management Expert
Speakers:@Kathy Elsbey - Applications Manager, Bond, Schoeneck and King@Ben Radcliff, Senior Director of Manager Services, Optiv
Recorded on 10-25-2023.
Tuesday Oct 17, 2023
Performing Computer Forensics in the Cloud
Tuesday Oct 17, 2023
Tuesday Oct 17, 2023
In this podcast interview, the speaker will discuss the differences between doing forensics in the cloud and doing forensics on on-premises servers and hosts. In addition, the speaker will provide a key introduction to the overall tools and techniques utilized and lessons learned.
Questions the moderator will ask the speaker:-What does it mean to perform computer forensics in the cloud? How does this differ from performing computer forensics on computers and servers that are physically located within your environment?-What are the challenges of the data being volatile in a cloud environment? How do you address these challenges?-How do you validate a Cloud based collection, to ensure it completed successfully and is forensically sound?-What are some commercially available tools that are useful when performing forensics in a cloud environment?-How do you perform cloud computer forensics so that the evidence has the best chance of overcoming challenges to it being admissible at trial?
Moderator:@Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories
Speaker:@David Greetham - Principal, PC Forensics - Level Legal
Recorded on 10-17-2023
Wednesday Aug 16, 2023
Risk Management: Data Analytics & Intelligence > AI Adoption
Wednesday Aug 16, 2023
Wednesday Aug 16, 2023
How are firms adopting Artificial Intelligence in the Risk Management space? Given the fast-paced and highly publicized technology trends involving AI, what are the biggest challenges organizations face today with adopting AI technologies and in particular maintaining security and compliance around client, firm, and personnel data.Questions the moderator will ask the speakers:
Where do AI capabilities exist in the Risk Space? Reporting, Terms of Engagement, Conflicts Searching, Data Analytics, Records, etc.
Data captured at client/matter inception is used throughout an organization, would you tell me what key factors join teams together and how organizations maintain consistency especially with AI “running in the background”?
How do firms control the information and the learning?
How or when does an organization begin to trust its AI?
What are the fears/blocks an organization will address prior to deciding to implement AI technology?
As the industry patterns dictate and pressure increases, how can organizations assess security concerns in a timely and thorough manner?
How do an organizations’ client(s) fit into the mix? If an organization’s client(s) oppose the use of AI technologies with their data, how does the firm comply?
What are the specific steps an organization can take to ensure a successful adoption of AI technologies?Confirmed Moderator:
Elizabeth Suehr, Director of Legal Risk Systems and Strategy, Jenner & Block Confirmed Speakers:-Aaron Rangel, Director of Product Management, iManage
-Bennett Borden, Partner, DLA Piper
Recorded on 08-16-2023
Wednesday Jul 12, 2023
Dude, Where’s My Phone? Authentication and the Future of Legal IT
Wednesday Jul 12, 2023
Wednesday Jul 12, 2023
If there was a road map for security and authentication, it’s long gone now! We’re on the road to a Passwordless future and we live in a time where no one even answers their phone! This encore ILTA podcast will quickly bring you up-to-speed and help you…and your users help themselves with better password solutions!
Questions the moderator will ask the speaker(s):
1) This topic was presented at Legal Week and was very popular. Why do you think that is?2) What are the biggest challenges to “secure” authentication today?3) What are most of us doing well, and what do most of us need to do better when it comes to our authentication implementations?4) What is the future of authentication in IT? What are some trends?If you are a listener who is overwhelmed by this topic, where do you recommend people start to become more educated in this area?Moderator:@Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National LaboratoriesSpeakers:@Brian Clarke - Cybersecurity Manager, Porzio Bromberg & Newman@David Forrestall - Managing Partner, SecurIT360@Kenneth Jones - Chief Operating Officer, XerdictRecorded on 07-12-2023.
Tuesday Jun 27, 2023
Should You Phish In Your Own Pond?
Tuesday Jun 27, 2023
Tuesday Jun 27, 2023
Are controlled phishing campaigns against your members the best way to keep your respective firm secure from phishing? This podcast session will look at phishing simulation tools, their overall pros/cons and alternatives available to keep your members secure from getting hooked with that phish.Questions the moderator asked the speaker: 1. Phishing is thought to have originated in 1995 and love bug struck in 2000. Here we are today in 2023 and phishing is still our number one vector of compromise. We've been able to reduce the risk of malware: why is phishing such a struggle?2. All security programs preach the importance of user awareness training, and it's been a requirement of clients and regulations for many years now. The majority of user awareness programs utilize phishing simulations. So, I guess the questions is, Are phishing campaigns still a good route forward? Are they being successful at training our users not to fall for that phish?3. What's the best approach for including phishing awareness into your program? Is it best to continuously cast a line or occasionally try your luck at the phishing hole?4. I've been hearing more lately about User coaching and how technology can be leveraged to protect users from themselves while presenting coaching opportunities when they do things that they shouldn't. Is this a strategy that's effective in reducing the risk of phishing? I'm not sure it would be a technology talk if we didn't speak about AI. How do you feel the future of AI impacts the threat of phishing and what steps should we be thinking about now to try and get in front of it?Moderator:@David Whale - Director Information Security, Fasken Martineau Dumoulin LLPSpeaker:@Manuel Sanchez, Information Security & Compliance Specialist, iManageRecorded on 06/27/2023
Wednesday May 24, 2023
Legal Operations and eDiscovery
Wednesday May 24, 2023
Wednesday May 24, 2023
Legal Operations is a broad emerging discipline that encompasses all aspects of the business of law including litigation support, technology, service delivery and more. Thus, eDiscovery is a major operational consideration for law firms and corporate law departments tasked with managing and securing data. Organizations typically handle eDiscovery along a spectrum where they insource or outsource certain elements of the process. What are the risks and benefits of different eDiscovery service models? How might development of key personnel to manage aspects of service give firms a competitive advantage?
Questions Ann asked the speakers:
-How would you describe the significance of eDiscovery services as a component of legal operations for a law firm or corporation?
-What are some of the costs associated with developing talent to manage eDiscovery within the firm, and how are those costs justified?
-What additional considerations should be weighed when determining how much of the eDiscovery process to insource?
-Once you start a team, how can you grow the team and what additional areas could the group serve?Moderator:
@Ann Halkett - Director, SOLVED eDiscovery Services, a division of AHBL MLPSpeakers:
@Joy Holley - Legal Operations Consultant, Vertex Advisor
@Richard Robinson - Director of Legal Operations and Litigation Support, Toyota North AmericaRecorded on 05/24/2023
Wednesday Apr 26, 2023
Continuously Monitoring Controls in a Cloud Environment
Wednesday Apr 26, 2023
Wednesday Apr 26, 2023
This session will focus on how companies can continuously monitor and assess their security posture by looking at drift from their control baselines in the cloud. Questions Corey asked the speaker:1) What is continuous monitoring generally and why is it important?
2) What are some of the benefits of implementing continuous monitoring in a cloud environment?
3) What are some of the different cloud security control sources that should be considered when determining what to monitor?
4) At a high level, how do you begin to implement continuous monitoring in one or more of the major cloud providers (i.e. Amazon, Microsoft, Google)?
5) What are some best practices when implementing continuous monitoring in the cloud?Moderator:@Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National LaboratoriesSpeaker:Sarah Luiz - Cyber Security ConsultantRecorded on 04-26-2023
Tuesday Apr 25, 2023
Tuesday Apr 25, 2023
Welcome to ILTA’s Risk Management: Data Analytics & Intelligence series.
Over the course of this program, we will provide access to experts in the legal industry to discuss challenges of adoption and the benefits of using cloud technologies and Data Analytics to enhance processes, leading to efficiency, cost-savings and secured compliance.
We will review the obstacles, challenges and successes of adoption focusing on matter intelligence. How are organizations leveraging data related to client/matter lifecycle to enhance processes, compliance, and security, build relationships (Business Development), and streamline cost saving efforts. Specific topics will include, Artificial Intelligence opportunities, adoption practices, security concerns and compliance.
Questions Elizabeth asked the speakers:
1) What is the biggest challenge your organization faces today as you begin adopting Cloud Technologies and ensuring security compliance across the board?
2) As new Cloud-Based technology is adopted by your organization, describe the security concerns your organization faced, how the organization was able to move forward given the concerns and the impact on people, processes and policy once adopted.
3) What are the specific steps an organization can take to ensure a successful adoption, both from a people and system perspective?
4) Data captured at client/matter inception is used throughout an organization. What were the key factors in joining differing areas | departments (Risk, Business Development, Finance, etc.) to develop a consistent “Master Data” foundation to leverage for reporting and intelligence organization wide? Moderator:@Elizabeth Suehr - Director of Legal Risk Systems and Strategy, Jenner & BlockSpeakers:
@Damien Riehl - VP, Litigation Workflow and Analytics Content, FastCase
@James Hannigan - Director of Legal Project Management, Coblentz Patch Duffy & Bass, LLPRecorded on 04-25-2023
Monday Jan 23, 2023
IG/Data Gov Education
Monday Jan 23, 2023
Monday Jan 23, 2023
What can we do as IG professionals to increase our firms understanding and acceptance of IG core values so that change management is not such a steep hill? In this session, we will explore different options.
Moderator:@Andrew Corridore - Information Governance Compliance Manager, Akin, Gump, Strauss, Hauer & Feld, L.L.P.
Panelists:@Christopher Hockey, IGP - Director of Information Governance and Management, Bond, Schoeneck and King, PLLC@Matthew Estrada - Senior Information Governance Specialist, Kirkland & Ellis
Recorded on 01-23-2023
Wednesday Jan 18, 2023
How to Effectively Balance Insider Risk and Employee Privacy
Wednesday Jan 18, 2023
Wednesday Jan 18, 2023
This podcast interview session addresses how to create an insider threat/insider trust program that mitigates insider risks while respecting employee's privacy rights. Best practices and advice for starting a new insider threat program will be shared.Questions Corey will ask speakers:1) To help those who are just starting to create an insider threat/insider trust program within their company, what are some available resources that you would recommend checking out?2) What are some insider threat/insider trust best practices that you have found to be invaluable when standing up a program?3) How does a company create an insider threat/insider trust program that is effective at mitigating insider risks while simultaneously respecting employee's privacy rights? Can it be done?4) What future changes do you anticipate in the world of insider risk management in relation to tools, regulations, processes, etc. in the next 5 years?5) Should an insider threat/insider trust program be a discreet or very public function? Can you explain why you feel the way that you do?Moderator: @Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories Speakers:@Joshua Smith - Senior IT Security Analyst, Ogletree DeakinsMichael Theis - Chief Engineer & Assistant Director for Research, National Insider Threat Center, CERT/SEI, Carnegie Mellon UniversityRecorded on 01-18-2023