In today’s highly regulated business landscape, law firms are faced with the ever evolving challenge of addressing their insider risk issues as it pertains to securing attorney-client privileged information and client/matter data, ensuring the security of the work product offshored, and securing access to critical systems by privileged users and third party vendors/contractors. StaffCop for Legal is designed to assist law firms to address these requirements to deliver peace of mind and product/demonstrate effective oversight to compliance initiatives to your clients.
In addition, the rapidly expanding regulatory landscape, your clients are demanding for your firm to adhere to the same standards as you are granted access to and store their sensitive data. This means product/demonstrating your firm’s ability to comply with AML/KYC, HIPAA, ISO27001/27002, GDPR to name a few.
Controls to ensure safety of client/matter data and work-product stored in firm systems and repositories
Oversight, audit and logs of all actions for all employees (or any subsection of users/departments) at the firm
Privileged user monitoring, session recording, with searchable logs, videos, and audit trail for forensics
Focus on context with heavy emphasis on user behavior analytics to weed out false positives, and identify anomalous behavior
An immutable log of actions that clearly product/demonstrate all activity as it pertains to firm desktops, laptops and content
Ability to set up real-time alerts to monitor suspect actions
Data breach is a costly challenge facing privacy
of all attacks resulted in financial damage of more than US $500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs.
was paid in ransom in the first quarter of 2016, compared to just $24 million in ransom payments in all of 2015 the FBI reported.
of business identified privileged users as a top cloud security concern.
Estimated annual losses for the US from cyber crime targeting IP and perhaps $50 billion to $60 billion globally.
StaffCop helps to comply with ISO 27001
StaffCop Enterprise can significantly help you meet ISO 27001 demands. The flexibility of settings makes it perfect to fit any Information Security Management System (ISMS). PDCA (Plan-Do-Check-Act) cycle lies in the core of the standard, so let’s take it with StaffCop step-by-step.
At this stage you should establish the internal policy of the company regulating creation and distribution of information (ISMS) within and beyond the company. The corporate information and access to it should be classified and divided with different access rights for different groups of employees. For example, your employees should work only with a limited number of web-sites and applications, the PC of the secretary is the only one which can print documents and the sales department is the only department with access to the customers’ database.
The implementation is done through creating a number of fully customized filters and policies. It’s all carried out in the administrative interface of StaffCop to be applied on the workstations. The policies and filters can be easily modified at any moment. StaffCop is deployed in your corporate network and it doesn’t send any data outside providing high level of information security. It can work in closed networks, the ones that don’t have internet connection.
The monitoring is carried out in the same administrative interface. A number of administrators can be assigned access right corresponding to the level of the responsibility they carry. For example, each head of a department can monitor information on PCs belonging to his or her department. The alerts on violations of ISMS will be sent to the specified e-mail addresses, be it a security officer or the company owner. Documents can be easily searched for classified information, and if it’s contained in images or PDF, the text will be recognized.
StaffCop Enterprise can track huge amount of information that can be used to analyze user behavior and estimate. Use pre-set and customized reports to analyze data and visualize the resulting output. There are quite handy embedded tools, such as heat map and anomalies detector that could help you track behavior trends and deviations. With experience gained and data collected the ISMS should be corrected in a corresponding way, which means both organizational means and configuring of StaffCop polices.
User session recording, live view and playback
StaffCop’s Session Recording feature captures all user activity and screen content. User session recordings can be viewed live or for past dates and exported as a video file. With the session recording feature, you can:.
Find out, and have forensic evidence, if your users are engaged in unproductive or harmful activities while at work.
Take control of a user's desktop in a potential breach situation.
With the help of immutable logs, alert reports and audit trails, the recording can serve as forensic evidence for investigation.
The insight derived from the reports and recordings can be used to train employees about security best practices..
Privileged user monitoring
Privileged insiders such as system administrators, network administrators, conflicts department and other personnel have access to otherwise restricted critical information systems containing client/matter data. As such, a malicious privileged user can cause serious damage to a law firm by accessing, leaking or potentially destroying client/matter data and work product. To prevent these insider threats, StaffCop can:
Set up power-user rules to check for backdoor account creation, attempt to gain additional system privileges, editing configuration files etc.
Receive real-time alerts when a privileged user tries to tamper with sensitive systems, databases or content.
Immutable session log keeps a permanent record of all privileged user actions.
Intelligent session mining with OCR
StaffCop can capture all data on a computer screen, including text in images and apply OCR technology to provide the firm with the ability to:
Search for certain keywords using regular expressions or natural language to find any relevant content that was visible to the user.
Discover which users have seen relevant information as it pertains to a particular client/matter to ensure ethical walls remained in place and report any violations.
Build rules that sends an alert when certain text appears on screen.
Process and productivity optimization
With work product offshored and contracted out on a regular basis, it’s important to be able to monitor and improve the process and productivity of the extended legal workforce. StaffCop can assist by providing a framework within which your law firm can:
Classify apps and websites you consider productive then get in-depth reports on their usage.
Detailed reports for departments and teams for productivity KPIs like session, active, productive, unproductive and idle time..
Set up automated alerts to discourage excessive idling.
Policy and rules engine
With StaffCop’s visual Policy and Rules creation engine, law firms can establish:
Rules and policies to monitor and protect client/matter and other sensitive data from insider threats, breaches and exfiltration.
The visual Policy and Rules Editor enables administrators to define highly complex rules for very specific use cases with oversight on all internal and external disk activity, keystrokes, application usage, instant message and much more.
Use black/white listing, define safe or restricted app and websites and do much more.
Privacy-aware recording and monitoring
With StaffCop, your firm is in complete control on when, who and how much to monitor, when to record and when not to. StaffCop is flexible to accommodate all use cases:
Monitor activity and alert only, with no user session recording
Monitor only during the specified working hours.
Specify which types of data are monitored for specific users or department. E.g, monitor only printing documents for accountant, only e-mail and messengers for sales department, or monitor all type of activities with desktop video recording for an employee in the risk group.
Revealed or stealth desktop agent
StaffCop can be deployed with a revealed desktop agent, whereby users are aware of the Teramind system and its monitoring functions. Alternatively, the desktop agent can be deployed in stealth mode with no visible controls to the end users being monitored.
With the revealed agent you can:
Users can see the StaffCop icon in the taskbar with the address of the StaffCop Server collecting the data from this agent.
Users can be asked for the reason of absence if there is no activity registered for a specified period of time.
Control mouse and keyboard of a remote desktop in real time
Data loss prevention
Compliance, competition and customer trust means law firms have to ensure the safety of client/matter information and work product. To ensure data safety and integrity, StaffCop has a robust, four-step data loss prevention process:
Defining what constitutes sensitive or classified data.
Set security perimeter by setting rules for how the data should be handled.
Automatically prevent any rule violation incident with actions that block, notify, or warn.
In case of a data breach, pinpoint the exact cause and source of the incident with audit and forensic data available in the StaffCop system.
Need a More Comprehensive Solution?
Receive the required data “on the fly”. Search by keywords and regular expressions. Record sound from microphones to hear what was happening at the moment of interest.