ZoneFox Uses Machine Learning to Guard Law Firms vs Data Breach

Edinburgh-based data security company, ZoneFox, is hoping that its machine learning system, which teaches itself about staff behaviour, can help lawyers avoid damaging data breaches as it focuses its attentions on the legal market.

The tech company, which covers multiple sectors and includes several financial services clients such as Zenith Bank, as well as games developer Rockstar, believes that law is an area ripe for the adoption of machine learning-based security applications.

This certainly seems to be the case. For example, CheckRecipient, also uses machine learning to study email use behaviour to prevent mis-directed communications and also has a growing law firm client base.

Law is seen as a key segment now for data security vendors given the mass of sensitive commercial data law firms hold, especially anything related to M&A activity that might connect to insider dealing.

IP is another key security issue, with law firms potentially holding critical commercial trade secrets of their clients.

Add to that increasing pressure on data security with the coming GDPR changes and a recent wave of ‘blagging’, as well as ransomware attacks on law firms, then lawyers have a lot to monitor when it comes to security issues.

The situation is made harder with some of the larger firms now numbering in the thousands of employees, with offices all over the world and with thousands of mobile devices and computers in use. And if you think major law firms would never have a staff member or associate – or even a partner – get caught up with allegations of insider dealing in a million years, then check out this story from last July, or this infamous case from 2009.

Artificial Lawyer caught up with Jamie Graves, Founder and CEO of the Scottish company to hear some more about what ZoneFox does.

Graves explained that his approach has been to focus on human behaviour, as that is the real indicator of when something looks wrong.

‘Is Bob in accounts acting as Bob should? Is his behaviour ‘normal’?’ Graves said by way of example.

Is ‘Bob’ looking at files at times of the day when he usually doesn’t work? Has he logged onto a computer he usually doesn’t use? Is his search for certain files straying into areas one would not expect that person to be going into?

A screen shot of the interface (taken from ZF video below)

But how can the system know what’s ‘normal’ for Bob, or anyone else at the firm? Graves explains that the system takes ‘a wide, but shallow, forensic sample’ of everyone’s data-related activity in the firm. While it may not get into analysing a specific text’s content, it then seeks to build a pattern of what data is usually connected to which person’s work.

The system then uses an algorithm to make a decision based on probability to decide whether Bob’s actions are worthy of an internal alert. If they are then HR or IT security receive an immediate notification.

Graves adds that in the past, firms have tried to create secure systems by putting up lots of access barriers that slow people down from doing their jobs. I.e. barriers are being put up to stop someone from reading a document that perhaps they have already been reading and editing for the last week.

Such impediments make little sense, as clearly that person is meant to be looking at that document. Meanwhile, if Bob from accounts has somehow found the password to the file, he can easily get in to have a look and perhaps no-one will notice. Clearly this is illogical.

The company also puts a big focus on creating easy to read interfaces that show IT teams in real time what is happening across a firm in terms of access and where any risks may be unfolding.

Graves concluded by saying that the focus for the company is now very much to explore the legal sector, and he noted that even if firms are not the ones to initiate contact there may be cases where certain clients insist that their advisors install a system like ZoneFox to secure the sensitive information they’re sharing.

If you’d like to see a short video about the company, then please check it out below.