Search Results

February 1, 2021 The Office of the Washington State Auditor (SAO) confirmed that Accellion, their third-party software vendor, underwent a cyberattack on Christmas Day December 25, 2020. This latest and targeted attack resulted in at least 1.6 million Washington residents (those who had filed unemployment insurance claims between January 1 to December 10, 2020) whose personal data may have been compromised. The information that was breached includes Personally Identifiable Information (PII) including the person’s name, social security number, place of employment, and bank account number. According to Accellion, the third-party vendor whose system was breached, they notified their customers about the data breach on January 25, 2021, a month after the attack. They explained that the attack happened while they were conducting routine file transfer services with SAO. The attackers found a software vulnerability that compromised SAO files from the Employment Security Department (ESD). The company described the attack as "highly sophisticated" and added that the software that was targeted is File Transfer Appliance (FTA), their legacy file transmitting product. According to the statement by the SAO, other local governments and state agencies who contract with Accellion were also affected and they are currently determining if the files that were included in the breach contained additional PII information. The SAO set up a webpage dedicated to educating, answering questions regarding possible identity theft, and offering updates and more on what happened. The office is conducting an investigation and working with state cybersecurity officials, law enforcement, the Employment Security Department, and others to try to alleviate the damage. Another solid reminder that we’re only as safe as our weakest link, particularly when it comes to supply chain information security. You share the risks of your third-party vendors, so if they are vulnerable, so is your whole organization. The legal department faces different challenges every day but you can lessen the burden with Counself Risk. Start streamlining your process and eliminate manual vendor risk management processes with a secure, collaborative, and automated solution. Your department will be able measure and manage third-party risk conveniently, centrally, and with a full audit history. Firms will respond thoroughly to client due diligence and information security questionnaires, requests, and audits. Our client’s data security is our top priority that's why Counself is under the scope of ISO/IEC 27001 certification, achieved by InfiniGlobe LLC. For more details about security go here. You can also get in touch with us here.

January 29, 2021 Every day our personal information is being mined, constantly being collected, sorted, shared, and analyzed. From social media tags to website cookies to facial-recognition cameras, the data that is collected is stored en masse at the enterprise and corporate levels. Companies have more control over their data than an individual does, but for them, the problem surrounds the security systems that can fail when safeguarding their data. Since the early 2010’s, data breaches, cyberattacks, and their fallout have grown more prevalent and less predictable. There’s debate whether government-backed privacy legislation, such as the NYBPA, helps or hurts companies stay vigilant and protect personal data. For the third time since its initial proposal in 2018, the New York state legislature introduced the New York Biometric Privacy Act (BPA) on January 6, 2021. The proposed bill is the latest version of privacy legislation that will protect individuals’ biometric data, defined as fingerprints, voiceprints, retina or iris scans, and scans of face or hand geometry, as well as information based on such identifiers, used to identify an individual. The NYBPA prohibits the following: collecting, capturing, purchasing, receiving through trade, or otherwise obtaining an individual’s biometric identifiers or information, without first: (a) informing the subject in writing that a biometric identifier or information is being collected or stored; (b) informing the subject in writing of the specific purpose and length of time for which the identifier or information is being collected, stored, or used; and (c) receiving a written release. disclosing or otherwise disseminating an individual’s biometric identifiers or information unless: (a) the entity obtains the individual’s consent, (b) the disclosure completes a financial transaction requested or authorized by the individual, or the disclosure is required by (c) law or (d) a court; and selling, leasing, trading, or otherwise profiting from an individual’s biometric identifiers or biometric information. In other words, companies that collect biometric information must inform subjects in writing of their collection activities, obtain subject consent before disclosing information, and refrain from selling or profiting in any way from biometrics. This is a significant move by the NY legislature and is sure to be met with pushback and varied reactions. BPA mirrors the Illinois Biometric Information Privacy Act (BIPA), which was also met with several lawsuits after it was passed on October 3, 2018. These two state legislatures are generating momentum in regulation surrounding biometric and other personally identifiable information protection which can set an example for other states. Companies that collect these kinds of data have a responsibility to be vigilant and stay one step ahead of their compliance to ensure they are properly handling customer data and dedicating appropriate efforts and resources to data protection. We understand what’s at stake for our clients, and that we, as their vendor, adopt some of that risk, and share some of our own. We prioritize information security so that law firms and legal departments can focus on what they do best. Counself is a cloud-based platform and ISO 27001 certified regularly audited by an independent firm to ensure that we give the best security to your data. Learn more about us here and reach out to us here.

January 7, 2021 To cap off 2020, in early December FireEye, one of the largest cybersecurity firms in the US, discovered they were victim to cybersecurity attacks from around March – June 2020 via one of their vendors, SolarWinds, Orion software. They contacted SolarWinds CEO to notify him on Dec 12, 2020, and over the next month discovered a highly sophisticated cybercriminal operation experts are referring to as the SUNBUSRT SolarWinds Orion supply-chain attack. From March to June of 2020, malicious malware was introduced to customer systems through Solarwind’s Orion software upgrade – Orion app versions 2019.4 – 2020.2.1. More than 17,000 customers who installed Orion’s update, including FireEye, were affected. FireEye is the firm that was selected to investigate the infamous 2017 Equifax breach and 2016 Russian DNC attack. FireEye’s own system boasts world-class security, built to be impenetrable, but that’s the thing about third party risk management – you’re only as strong as your weakest link. This attack is good reminder that cybersecurity is a dynamic, continuous, and collaborative activity. Even the most secure systems, like those of FireEye (or other cybersecurity firms like Symantec, Kaspersky and Trend Micro) are not immune to breaches just because it's their job to defend against them. In the case of the attack on FireEye, the hackers were able to steal a set of cybersecurity tools that specifically targeted client vulnerabilities through the infected Orion network management software. The infected software similarly enabled them to penetrate multiple parts of the US government, which is particularly concerning when corroborated with FireEye CEO Kevin Mandia’s comments, “This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye." Cybercriminals are getting more organized and aiming for bigger targets – often multiple at once – which is why hacking a vendor like SolarWinds is the perfect way to sneak into impenetrable systems. Microsoft was also affected by the SUNBURST attack and addressed the issue on Dec 17 a few days after the FireEye discovery. Microsoft confirmed that upon investigation, they have also found malicious software matching the SUNBURST attack introduced to their system via their SolarWind software. The next day, on Dec 18, they released a full report into the compromised SolarWinds Orion Platform DLL detailing the attack methods, malware strains, and mitigation strategies, plus a little surprise: “In an interesting turn of events, the investigation…led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor.” Microsoft was not alone in its discovery of another backdoor breach to the SolarWinds system while investigating SUNBURST. Palo Alto Unit 42 and Guidepoint Security also published reports confirming the second breach, named SUPERNOVA. All three, along with leading experts, believe that this additional malware is not associated with the group that deployed the SUNBURST trojan as part of the SolarWinds initial supply chain attack. That means two unique attacks by two independent actors on the same, massive system. In response to the incidents, SolarWind has been updating their security advisory and has released patches that address both the SUNBURST and SUPERNOVA vulnerabilities. The investigations are still ongoing, and affected customers have to be identified one by one; so far more than 40 SolarWinds customers have been notified. With clients like FireEye, the US government, and Microsoft, cybercrime attempts are to be expected, particularly with our growing and continuous reliance on technology. Data privacy and information security have become important considerations for every business, but vendor management doesn’t always seem to be part of the plan. Particularly in the realm of legal operations, your data is invaluable, so why leave it up to your vendors? Choosing a secure platform for vendor oversight is incredibly important - you need to know who has access to your system and how they will keep it safe. The deadline for cyber readiness has already passed. The good news is we can help you keep a secure eye on your vendors with Counself Risk. Use Counself to send out secure Requests specifically designed for law firm and vendor compliance. Firms will respond thoroughly to client due diligence and information security questionnaires, requests, and audits, and legal departments can measure and manage third-party risk conveniently, with full audit histories available for regulators. We pride ourselves on our own dedication to safeguarding our client’s data. Counself is under the scope of ISO/IEC 27001 certification, achieved by InfiniGlobe LLC for our secure cloud platform. Learn more about security here and talk to us here.

January 5, 2021 Looking back, the changes, restructurings, and adjustments we have all had to make throughout the past year have generated a wealth of information about how businesses adapt and what resources are the most valuable during transitions. How have the most resilient companies adapted and created a remote working environment that is secure and sustainable? In October, Gartner released some predictions for trends in data science, making use of the medical data gathered during the pandemic to prepare business leaders for what comes next. Here’s what we found interesting: What’s On the Horizon? Gartner predicts that “By 2022, public cloud services will be essential for 90% of data and analytics innovation.” COVID-19 transformed work from home from a luxury to a necessity, and cloud-based resources were the primary tools that could make this happen. Even now that many businesses use cloud-based resources, many still find it hard to maximize the potential of the cloud and use it to their advantage to better understand their business. The report also highlights more widely known benefits of public cloud services such as cost optimization and change and innovation acceleration. To clarify here, when we say “moving to the cloud” we don’t necessarily mean sending your procurement department off to a cloud service provider like Microsoft or Amazon for a quote. A lot of where that cost optimization comes in is in not having to house servers to run all of your software in-house, and in fact, having your software provider handle the cloud services entirely, so all you have to do is log in on a secure network from any device. Encourage your vendors to offer you cloud based options or look for ones who do. Keep in mind, for some legacy systems, making a switch to a cloud-based solution may not be an immediate option, so there’s a high chance that the market for cost-optimization tools will expand. New vendors will offer higher-quality analytics and solutions that can maximize savings without compromising performance while offering integrations that ensure multi-cloud consistency. Regardless, there’s a new array of cloud-based supply out there, and if 2020 taught us anything, it’s that demand will only continue to grow. Cloudy Days Are Coming Adopting cloud-based solutions is no longer a radical move in the legal industry. Even before the pandemic, many law firms and corporate legal departments had already begun moving to smarter technology. In a 2019 survey conducted by the American Bar Association, 58% percent of the respondents said they were using the cloud which is an increase from 2018. Most companies also reported that they either were currently or were planning to use Software-as-a-Service (SaaS) tools as the most popular option to transition into cloud services. SaaS scalability and security have been acknowledged as “the savior of enterprises during the pandemic.” Furthermore, SaaS architecture comes with different levels of maturity (check out What Is The SaaS Architecture Maturity Model?) so it’s a feasible option for most, if not all organizations. With most SaaS cloud-based solutions, access controls are in place so that anyone working in the organization can manage their data, updates and maintenance are managed by the provider, and businesses can also consume services based on what they need and have the flexibility to increase or decrease it as circumstances change. With its great scalability, cost-effectiveness, and the security of remote access, moving to the cloud is a sensible decision for companies that are looking back at 2020 for lessons learned and looking forward to 2021 for planning their next step. If you believe Gartner’s analysis you only have about a year left before everyone catches up and adopts cloud-based solutions, so get ahead of the pack and look for opportunities in the cloud. InfiniGlobe founder, Mori Kabiri, recognized the trend towards cloud-based architecture a year ago and has therefore worked to make options available for legacy in-house clients, as well as newer cloud-based clients, as well as helping bridge the transition from legacy to cloud-based systems. From achieving and maintaining active ISO:27001 certification on all processes and both cloud-based InfiniGlobe products, IG Insight and Counself, to developing and supporting a wide variety of implementations and cloud-based partners, we’re well versed in the benefits of cloud-based services. We can confidently say that SaaS solutions and cloud-based analytics can have the potential to help legal departments weather the storm in a post-pandemic world.

December 16, 2020 2020 took us by surprise. In less than 6 months, the COVID-19 pandemic changed how we work, interact, and achieve success. Smart companies read the room and stayed flexible, adopting the necessary changes to stay buoyant, regardless of the storm. What made transitioning simple for them was their early decision to migrate to SaaS solutions for their in-house tools. Our CEO, Mori Kabiri, recently wrote a piece on how SaaS made it viable for companies to continue their business and stay resilient to rapidly changing circumstances. He explains: “I believe what smart companies have done has been to switch to cloud computing and SaaS solutions. What made transitioning employees to WFM so feasible is SaaS scalability. This gives companies with data and critical tools hosted on the cloud a head start, so they can continue to be fast and agile regardless of changing circumstances.” How did smart executives spot the benefits of SaaS technologies and how do they choose the best SaaS solution for their business? If you are still on the fence or are currently on the hunt for a solution, check out the rest of the article, and Mori's advice, here.

November 25, 2020 The annual Altman Weil Survey is out and the 2020 edition focuses on the ramifications of the COVID-19 pandemic on corporate law departments. With 119 respondents, it offers an insightful overview of how many corporate law departments and legal operations teams faced 2020 challenges, their impacts, and new best practices that were developed. Our team sat down and dug into the report to bring you what you need to know: Highlights for CLOs A significant survey response showed that 66% of Legal Officers said that there’s a decrease in revenue while 77% confirmed a simultaneous surge in workload for their law departments. Due to the major changes and transitions needed to adapt to the global crisis, this highlighted pre-existing but oft-ignored issues like better technology utilization, attention to cost and, workforce and labor reallocations. Less money in and more money output a lot of CLOs and their staff under greater stress in 2020. Legal Workforce Unfortunately, but not surprisingly, many law departments had to face layoffs, with11% of respondents reported downsizing due to the pandemic. 8% laid off paralegals, 7% of support staff, 4% staff lawyers, and 3% laid off managing lawyers. It is worth noting that no operations manager has been reported as having been let go and that 50% of the respondents claimed that they have someone in the role which is a 4% increase from last year. Annual Spending Another aspect that was surveyed was department budgeting this year. CLOs were asked about their total spending, 43% reported having an overall increase and 40% reported a reduction and17% maintained budgets. These numbers closely follow last year’s survey forecasting where most of the CLOs expressed concern that there will be an upcoming recession. Vendor Budgets, however, reflect the most significant change in budgeting priorities. Law departments reporting a reduction in money allocated for vendor services doubled from 9% in 2019 to 18% this year. 25% percent of CLOs confirmed plans to further reduce their third-party spending in 2021. Correlatively, 40% of CLOs stated an expectation for in-house costs to increase as opposed to 32% who predict it may decrease. Law Firms’ Response to COVID-19 Since this survey focused primarily on the COVID-19 crisis, other factors, such as how specifically law firms offered extra assistance to corporate law departments were taken into account. While the majority of firms (90%) disseminated general info about the pandemic, 46% of them gave specific advice on corporate options and benefits, and only 27% customized their information per recipient/client. Clients rated firms’ helpfulness during the pandemic an average of 6.6 and 6.8 on a value scale of 0 being the lowest and 10 as the highest. Clearly, there is room for improvement on how law firms’ responded during the pandemic and a lot has to be learned moving forward. Conclusion COVID-19 forced change onto all of us, and corporate law departments are no exception. In addition to everything we’ve covered, 77% of CLOs expect that remote working and a flexible arrangement will be a common workplace environment going forward. This will also be anticipated in other departments and industries they work closely with. The pandemic has taught us to make effective changes in how we do things and pushed us to find more efficient tools to adapt quickly and seamlessly. CLOs’ decisions on staffing, spending, and technology will be integral to how modern corporate law departments will create and emerge in the new normal. Counself is specially made to target and resolve efficiency and collaboration challenges with outside counsel in mind. It provides an ISO certified, cloud based end-to-end RFx and legal vendor management platform that integrates with most cloud, document, and matter management tools. You can also access Counself anywhere by downloading the app which is available in the App store for IOS users and Play store for android users. Want to learn more? We are happy to answer your questions and show you what Counself can help you do here.

November 15, 2020 A recent data breach was reported by one of Google’s partner law firms, Fragomen, Del Rey, Bernsen & Loewy. On October 23, 2020, this law firm filed a public notice of a data breach with the state of California. On September 24, 2020, the firm discovered that an unauthorized third party had successfully gained access to a file containing thousands of personal information records relating to I-9 employment verification services. This leaked file contained the personal information of “a discrete number of [current and former] Googlers” (employees of the tech giant). To recap, Google, one of the biggest companies in the world, with access to every security resource and safeguarding practice, had employee personal data breached through a third-party of their third party. Somehow, their vendor’s vendor gained unauthorized access and breached the confidential PII information. Unfortunately, IBM's Cost of a Data Breach Report 2020, states the global average cost of a breach in 2020 is $3.86M, with an average cost of $137,000 just due to the nuances and difficulties of remote working. 76% of respondents concur that remote work would increase the time to identify and contain a data breach, but nowadays we have even less of an option to avoid it. Due to our new at-home set-ups and with most corporate employees out of company's offices, any breaches, cyber attacks, or suspicious activity may be harder to spot, increasing risks, vulnerability, and loss. Another unforeseen and unaccounted for a challenge that remote working presents us with is the increase in online transactions. With more and more transactions, whether internal communication and file sharing, external collaboration, sales, and so much more, there are significantly more opportunities to intercept a lot more of our confidential business data. Many older or temporary processes set up to quickly adapt to the push to cloud computing may easily buckle under increased firewall attacks, phishing attacks, and more. Not to mention the importance of ramping up vendor risk management in today’s virtually connected workspaces. To meet third-party risk management requirements, law firms are expected to comply with corporate client data privacy policies and security, which is often much more advanced and involved than most of the resources mid-size firms have available to them. Both conducting thorough third-party risk assessments on 100s of vendors and law firms, and responding to these assessments with hundreds of questions, which is traditionally done with tools like email and Excel, is very time consuming and hard to maintain. Counself Risk™ has been designed to assist Legal Departments in streamlining this manual process, with a secure, collaborative, and automated workflow, reducing the time needed to do the due diligence by 50%. Our goal is not to provide software, but a solution with a set of best practice forms, questionnaires, and templates designed specifically for corporate law departments and their law firms. Let us know if you like to see a demo.

September 15, 2020 InfiniGlobe is proud to again officially sponsor this year's Mitratech Interact US 2020 conference. As a celebration of this year's virtual conference, we have an exclusive offer for attendees, (check it out here). Extended offer available. With a story that weaves as far back through Mitratech's own, InfiniGlobe LLC, a trusted and celebrated Mitratech Partner looks forward to Mitratech's first fully-virtual Interact summit, Interact 2020. With more access to more people across more places, this will be a great opportunity for industry thinkers to share and pick up best practices and plan for the future. Reach out to InfiniGlobe anytime if you're interested in an upgrade, customizations, or you've been struggling with a pain point and are looking for just the right folks to come knead it out - easy. For more information, contact us at info@infiniglobe.com or at+1 (833) LGL-TECH. Catch you all online!

September 1, 2020 Our CEO, Mori Kabiri, was again featured in a Forbes Council Post, with some advice after coming out of the trenches of both participating in responding to Due Diligence requests from IG clients and in requesting them from IG vendors, all while expanding and developing the Vendor Due Diligence and Risk Management modules of the Counself platform. From someone who's seen it all, Mori suggests to make monitoring a habit: “Due diligence doesn’t end when you’re given the go-ahead to procure, so the best way to simplify it for yourself and your vendor is by making monitoring a habit. Oversight should be woven into your regular activities..” Performing Due Diligence on your law firms and vendors is a time-consuming job, creating and circulating Excel sheets, collecting documents, etc. We heard you and see the need for a simple to use tool for it. Counself Risk™ has been designed to assist law departments in streamlining this arduous and manual process, transforming vendor risk management with a secure, collaborative, and automated solution. For more information, contact us at info@infiniglobe.com or at+1 (833) LGL-TECH.

August 17, 2020 After their joint success on a project together, the NetDocuments and InfiniGlobe teams decided to officially join forces as Integration Technology Partners. Please find a brief excerpt of the official announcement below. “InfiniGlobe and NetDocuments are excited to announce their technology partnership, an opportunity founded in the philosophy that nothing grows in a vacuum. Having different tools that can’t communicate throws a wedge in productivity. Integration clears the way for your software to speak to each other, improving information flow, organizational efficiency, visibility, and collaboration. This sets the stage for some great pairings – NetDocuments, a robust cloud-based document management system, and ELM (Enterprise Legal Management) platforms such as Mitratech TeamConnect, which InfiniGlobe experts have decades of experience implementing, upgrading, and customizing. More than just an exciting idea in theory, the integration is a proven success, and one that the InfiniGlobe and NetDocuments teams executed for clients months ago...” Read the full piece here. If your department is currently using or planning to use NetDocuments and an ELM solution such as TeamConnect, please reach out to InfiniGlobe at info@infiniglobe.com and NetDocuments at info@netdocuments.com and we will be happy to chat with you about potentials for integration with your other software tools.