This document discusses security best practices for law firms. It notes that data breaches can happen through malicious outsiders, insiders, accidents, or data exposure. Passwords are often insecure but are still widely used. Two-factor authentication adds security but also friction. The reality is that users are at risk from external threats. Security is no longer just the organization's responsibility as the lines have blurred between on-premises and cloud resources. The document recommends enabling secure file sharing, identity protection, and proactive data protection and monitoring to balance security and productivity.
4. Life is full of risks, but you can’t always prevent them. Many believe even it does
happen, it won’t happen to us, or it certainly won’t be because of me.
IT WON’T HAPPEN TO ME…
5. Sometimes it is our fault directly, but it’s always our fault if we don’t take action to
protect ourselves and our ogs. Source of breach data – breachlevelindex.com
HOW DO DATA LEAKS HAPPEN?
MALICIOUS
INSIDER
ACCIDENTAL
DATA EXPOSURE
MALICIOUS
OUTSIDER
59% 23% 14%
6.
7. Employees believe that their passwords are secure. They know they should
rotate them and make them complex, but that’s it right?
PASSWORDS ARE SECURE?
8. But passwords suck, management and leaks cost us tons of money and it’s the
biggest gap still in security.
NO ONE LIKES PASSWORDS…
#1 COST
686K $12M+
9. The problem with 2 Factor Authentication is that users find it adds effort/friction
to the login or authentication process. Sure it’s better, but it has a cost.
2 FACTOR AUTH TO
THE RESCUE?
10. You can create your own model where 2 factor auth or advanced security is only
needed when not at the Office, on unmanaged devices, etc.
CONDITIONAL ACCESS HELPS…
11. We can use techniques that reduce our reliance on the password and use more
secure multi-factor (or 2 factor+) authentication.
IT IS GETTING BETTER…
37M 200+
Passwordless authentication
User-friendly experience
Enterprise grade security
13. The reality is that users are continually at risk. With more advanced scams and
so many external threats we have to pro-actively manage risks.
THE REALITY IS THAT
USERS ARE AT RISK…
14.
15. It’s not our job to worry about security. The organization has to manage and
handle security. I just need to get my work done.
IT’S THE ORGANIZATION’S
RESPONSIBILITY…
18. We need to get our work done faster, from wherever we are, and with more
people than we ever had to before. IT security will just have to catch up.
IT’S OKAY TO SOMETIMES GO
AROUND THE SYSTEM…
19. There are plenty of ways to make external sharing easier from Outlook, Extranets,
professional personal file sharing services like OneDrive for Business and more.
WE NEED TO GIVE PEOPLE BETTER OPTIONS…
20. We can protect against many threats, even when they are not initially detected.
PROTECT BEHIND THE SCENES…
21. Data is created, imported,
& modified across
various locations
Data is detected
Across devices, cloud
services, on-prem
environments
Sensitive data is
classified & labeled
Based on sensitivity;
used for either
protection policies or
retention policies
Data is protected
based on policy
Protection may in the
form of encryption,
permissions, visual
markings, retention,
deletion, or a DLP action
such as blocking sharing
Data travels across
various locations, shared
Protection is persistent,
travels with the data
Data is monitored
Reporting on data
sharing, usage,
potential abuse; take
action & remediate
Retain, expire,
delete data
Via data
governance policies
The lifecycle of sensitive content now needs to account for data leaving the org
boundaries and being protected in a more intelligent way.
SO WE NEED TO PROTECT THE
CONTENT NOT JUST THE SYSTEM…
22. This is very achievable with today’s technology while still enabling users. It just
means we have to be modern and leverage the power of the Cloud.
SO WE NEED TO PROTECT THE
CONTENT NOT JUST THE SYSTEM…
Drive encryption
Remote wipe
Business data separation
File encryption
Permissions and rights-based
restrictions
DLP actions to prevent sharing
Policy tips & notifications for
end-users
Visual markings in documents
Control and protect data in
cloud apps with granular policies
and anomaly detection
Data retention, expiration,
deletion
Devices
Cloud & on-premises
23.
24. Get started by enabling great modern Extranet solutions, great file sharing like
OneDrive for Business, & pro-active actionable protection via identity protection.
YOU CAN GET STARTED TODAY…
Richard Harbridge is the Chief Technology Officer and an owner at 2toLead. Richard works as a trusted advisor with hundreds of organizations, helping them understand their current needs, their future needs, and what actions they should take in order to grow and achieve their bold ambitions.
Richard remains hands on in his work and has led, architected, and implemented hundreds of business and technology solutions that have helped organizations transform both digitally and organizationally. Richard has a passion for helping organizations achieve more; whether it is helping an organization build beautiful websites to support great content and social strategy, or helping an organization leverage emerging cloud and mobile technology to better service their members or the communities that they serve.
Richard is an author and an internationally recognized expert in Microsoft technology, marketing and professional services. As a sought-after speaker, Richard has often had the opportunity to share his insights, experiences, and advice around branding, partner management, social networking, collaboration, ROI, technology/process adoption, and business development at numerous industry events in around the globe. When not speaking at industry events, Richard works with Microsoft, partners, and customers as an advisor around business and technology, and serves on multiple committees, leads user groups, and is a Board Member of the Microsoft Community Leadership Board.
Have accidentally sent sensitive information to the wrong person