SessionGuardian has been working closely with law firms, corporate legal departments, and Legal Service Providers (LSPs) to secure remote document reviews since before the pandemic. Based on our extensive field experience, we have compiled our top 5 security recommendations to help you maintain an appropriate security posture in WFH and other remote document reviews:
1. Utilize Virtual Machines (VDIs): Always have your remote document review team connect to the database through a VDI that is configured to prevent file downloads, copy/paste actions, and printing, ensuring that none of your client's data will remain on the reviewer's computer.
2. Prevent Screenshots and Screen Sharing: Request that your e-Discovery vendor or LSP add features that prevent the ability for remote reviewers to take from taking screenshots or inadvertently share their screens containing sensitive content that contain sensitive data. These important features are typically NOT turned on by default.
3. Identity Authentication & Security Monitoring: If your document review attorneys are using their own personal computers, ask your vendor how they validate that the computers' Windows and application software is up-to-date and secure, free of viruses and other malware, and that the person using the computer is really the person you approved. WFH document reviewers with their own computers can pose a significant risk for data loss and disclosure.
4. Use Trusted IP addresses in Relativity: For Relativity projects, request that the "Trusted IP" feature is enabled to ensure people are logging in only from known and secure networks. This is critical, as without it, users could logon to Relativity directly from their personal devices rather than via the assigned Virtual Machine.
5. Implement SessionGuardian for All eDiscovery Matters: Request that your LSP use SessionGuardian. Doing so can help you prove the importance that only authorized people are reviewing your client's sensitive information and that access to those documents is vigorously safeguarded
Remember, always ask your e-Discovery vendor or LSP for basic VDI, Screenshot/share and Trusted IP access protections, these tools are often not used unless you ask explicitly. To sleep easy, also ask for SessionGuardian to get all the state-of-the-art information security features, along with documentation and independent audit reports.