When the European Union brought in its General Data Protection Regulation (GDPR) in 2018 it sparked a debate in the mediation and dispute resolution sector. That debate centered around a question: given the sensitive nature of a significant amount of the data the industry deals with, are we doing enough to protect our clients’ privacy?
There is no direct US equivalent to the GDPR, so you might assume that if your work is purely domestic, client privacy might not need to be such a high priority. However, that is missing the point.
It can’t be denied that cybercrime is rising, and according to one report, it is set to cost the world an estimated $10.5 trillion by 2025. It is up to businesses and professionals working across the dispute resolution sector to invest in appropriate defenses.
In this article, we take a look at some of the steps that businesses in this sector can take to protect themselves and their clients from cybersecurity breaches.
With any arbitration or dispute management, there will be two sides to think about, as is the nature of the sector. And of course, if one side is lax with the cybersecurity measures and processes that they put in place, it doesn’t matter what the other side does – the operation is only as secure as the least secure party.
It is a good idea to provide each party with a breakdown of the cybersecurity essentials. For example, discussing best practices around secure email communication and correct data storage. Keeping up-to-date with the speed of technological changes, including the rising acceptance of online dispute resolution (ODR), means ensuring staff and clients have the ability and know-how to adapt to new levels of data protection across their shared online channels. It is important to ensure that IT personnel and clients are closely involved in this discussion to help make decisions around security.
One of the most effective ways to maximize security in this scenario is to manage the mediation within a specialist case management system. These systems are designed with security in mind and can allow multiple parties to log in and follow the case.
“Such a platform can be provided by a third-party provider or the parties themselves,” suggests international law firm Ashurst. “A number of institutions also offer online platforms – so check the available options before reaching a decision (and incurring costs)”.
This platform should be used for information sharing and discussions throughout the length of the case. It helps to keep everything in one place and can simplify some of the trickier parts of the mediation.
It is notable that in cybersecurity it is often the small changes that can make the biggest difference. Multi-factor authentication (MFA) is an important way to provide a greater layer of security whenever someone involved in the mediation has to log in to an account.
MFA requires more than a single form of authentication (such as a password). For example, as well as your password, you might be required to enter a code sent to your smartphone, or utilize biometric data.
“A major issue that I see regularly is a failure by organizations to enforce multi-factor authentication across systems and applications,” says Jed Kafetz, Head of Penetration Testing at cybersecurity specialists Redscan. “MFA provides an important secondary layer of defense in the event of a password being stolen and is especially important given people’s tendency to reuse passwords across accounts. If adopted more widely, I can confidently say that there would be far fewer security breaches.”
Sharing data can be a big part of dispute management, so it is vital that you find a way to do this as safely and securely as possible. A key point here is that you should avoid using software that has not specifically been designed for the secure sharing of data from a legal perspective – for example, well-known software such as Google Drive or DropBox.
While fine for general work, this software can be vulnerable to hacking when it comes to important data that needs to be secure. If you do need to use software like these, use all of the available precautions, such as password-protecting documents.
Hackers are operating more and more frequently in the mediation sector. The perceived high value of these operations, due to the level of personal data and confidential information being shared, makes them a prime target. Don’t assume that this is something that cannot happen to you. Cybercriminals become more sophisticated every day and if you fail to take the necessary precautions, you could see the entire mediation destroyed by hacking.