This document discusses security best practices for law firms. It notes that data breaches can happen through malicious outsiders, insiders, accidents, or data exposure. Passwords are often insecure but are still widely used. Two-factor authentication adds security but also friction. The reality is that users are at risk from external threats. Security is no longer just the organization's responsibility as the lines have blurred between on-premises and cloud resources. The document recommends enabling secure file sharing, identity protection, and proactive data protection and monitoring to balance security and productivity.

1. LAW FIRM SECURITY &
PRACTICE IN THE REAL WORLD
Presented By: Richard Harbridge (@RHarbridge) #ACREL

2. @RHarbridge #SPSNH
RICHARD
HARBRIDGE
My twitter is @RHarbridge, I’m super friendly & I am proud to work at 2toLead.
CTO & MVP | SPEAKER & AUTHOR

4. Life is full of risks, but you can’t always prevent them. Many believe even it does
happen, it won’t happen to us, or it certainly won’t be because of me.
IT WON’T HAPPEN TO ME…

5. Sometimes it is our fault directly, but it’s always our fault if we don’t take action to
protect ourselves and our ogs. Source of breach data – breachlevelindex.com
HOW DO DATA LEAKS HAPPEN?
MALICIOUS
INSIDER
ACCIDENTAL
DATA EXPOSURE
MALICIOUS
OUTSIDER
59% 23% 14%

7. Employees believe that their passwords are secure. They know they should
rotate them and make them complex, but that’s it right?
PASSWORDS ARE SECURE?

8. But passwords suck, management and leaks cost us tons of money and it’s the
biggest gap still in security.
NO ONE LIKES PASSWORDS…
#1 COST
686K $12M+

9. The problem with 2 Factor Authentication is that users find it adds effort/friction
to the login or authentication process. Sure it’s better, but it has a cost.
2 FACTOR AUTH TO
THE RESCUE?

10. You can create your own model where 2 factor auth or advanced security is only
needed when not at the Office, on unmanaged devices, etc.
CONDITIONAL ACCESS HELPS…

11. We can use techniques that reduce our reliance on the password and use more
secure multi-factor (or 2 factor+) authentication.
IT IS GETTING BETTER…
37M 200+
Passwordless authentication
User-friendly experience
Enterprise grade security

12. © 2017 Microsoft Terms of Use Privacy & Cookies
Cancel
Need Help?
Making sure it’s you
janetsmith@contoso.com
Follow the instructions on the Microsoft
Authenticator app and enter the number you see
below.
4026
Contoso
janetsmith@contoso.com
More options for the second factor of authentication that are both more secure
and faster/easier such as using your fingerprint to access with a simple motion.
EVEN MORE SEAMLESS…
Phone sign-in using Microsoft Authenticator
Passwordless authentication
Public / Private key exchange

13. The reality is that users are continually at risk. With more advanced scams and
so many external threats we have to pro-actively manage risks.
THE REALITY IS THAT
USERS ARE AT RISK…

15. It’s not our job to worry about security. The organization has to manage and
handle security. I just need to get my work done.
IT’S THE ORGANIZATION’S
RESPONSIBILITY…

16. devices datausers apps
On-premises /
Private cloud
In the past, the firewall was the security perimeter.
EXCEPT THE WORLD HAS
CHANGED…

17. On-premises
Now there’s fewer boundaries, more data, more complexity.
THE WORLD
HAS CHANGED…

18. We need to get our work done faster, from wherever we are, and with more
people than we ever had to before. IT security will just have to catch up.
IT’S OKAY TO SOMETIMES GO
AROUND THE SYSTEM…

19. There are plenty of ways to make external sharing easier from Outlook, Extranets,
professional personal file sharing services like OneDrive for Business and more.
WE NEED TO GIVE PEOPLE BETTER OPTIONS…

20. We can protect against many threats, even when they are not initially detected.
PROTECT BEHIND THE SCENES…

21. Data is created, imported,
& modified across
various locations
Data is detected
Across devices, cloud
services, on-prem
environments
Sensitive data is
classified & labeled
Based on sensitivity;
used for either
protection policies or
retention policies
Data is protected
based on policy
Protection may in the
form of encryption,
permissions, visual
markings, retention,
deletion, or a DLP action
such as blocking sharing
Data travels across
various locations, shared
Protection is persistent,
travels with the data
Data is monitored
Reporting on data
sharing, usage,
potential abuse; take
action & remediate
Retain, expire,
delete data
Via data
governance policies
The lifecycle of sensitive content now needs to account for data leaving the org
boundaries and being protected in a more intelligent way.
SO WE NEED TO PROTECT THE
CONTENT NOT JUST THE SYSTEM…

22. This is very achievable with today’s technology while still enabling users. It just
means we have to be modern and leverage the power of the Cloud.
SO WE NEED TO PROTECT THE
CONTENT NOT JUST THE SYSTEM…
Drive encryption
Remote wipe
Business data separation
File encryption
Permissions and rights-based
restrictions
DLP actions to prevent sharing
Policy tips & notifications for
end-users
Visual markings in documents
Control and protect data in
cloud apps with granular policies
and anomaly detection
Data retention, expiration,
deletion
Devices
Cloud & on-premises

24. Get started by enabling great modern Extranet solutions, great file sharing like
OneDrive for Business, & pro-active actionable protection via identity protection.
YOU CAN GET STARTED TODAY…

25. Thank You!
Acrel’steamformakingthispossible.
180+AwesomePresentationsAt.. Slideshare.Net/RHarbridge
300+PagesOfWhitepapersAt.. 2toLead.com/Whitepapers
WhenToUseWhat.com Office365Intranets.com
Office365Metrics.com Office365Campaigns.com
Office365Extranets.com Office365Resources.com
Message Me On LinkedIn or Email Richard@2toLead.com
CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
Twitter: @RHarbridge. More to come on our blog at http://2toLead.com.