Intralinks : Practicing Law Securely — Security from the Start

In late October 2015, news reports covered the Wikileaks hacking of the CIA Director's personal email account. With similar (if not as high profile) daily reports of data breaches and cyber warfare, has the time come for law practices to open and manage matters with specific security requirements?

There are legal matters deserving 'Highly Confidential' or even 'Top Secret' treatment from the start. However, more common matters such as secret merger negotiations also need protection.

Consider matters involving corporations and other entities with publicly traded securities. Any information that affects those entities could affect trading. Leaks of non-public information have significant value - demonstrated by the August 2015 charges of an alleged insider trading ring that allegedly infiltrated servers of PRNewswire Association LLC, Marketwired and Business Wire. With the content of press releases leaked before they were issued, the ring was alleged to have pocketed more than $100 million in profits. The Justice Department indicted 9 people and the Securities and Exchange Commission has brought a lawsuit naming 32 individuals as defendants.

In its August 11 press release, the SEC wrote:

'This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,' said Securities and Exchange Commission Chair Mary Jo White. 'These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets.'

If the newswire services have been hacked, are General Counsel and Corporate Secretaries next? There are at least two communications and document trails that can disclose material information about public companies that could affect their market. For example, when a senior executive leaves a reporting company, the press office will prepare the press release announcing the departure. Simultaneously a Form 8K for the Securities and Exchange Commission may be in preparation. Smart hackers may probe General Counsel or Corporate Secretary accounts for news.

Our email chains may resemble too closely the maze of wires atop a turn of the 20
century telephone pole.

The communications and document trail during the preparation of the press release and Form 8K create numerous potential exposures each time a message and document are created, modified and (especially) sent via an unsecure environment. Each participant represents a possible point of entry and exposure of valuable information.

A more secure model should look like the one below. A secure repository holds both documents and messages. Confidential information remains in the repository, encrypted to protect against external exposure, and viewed, managed and modified over encrypted connections.

Direction to use a secure model at the outset and throughout the work for a General Counsel, the office of the Corporate Secretary and Outside Counsel raises the level of protection for material information about publicly reporting companies, which they need and deserve.