Keeping Safe in a Digital World
Liz Ward of UK200Group legal firm Virtuoso Legal writes about how to keep safe in a Digital World
Of all the work we do as a firm, the most technically challenging is where data is stolen, corrupted or deleted as a malicious act. Often the kinds of cases we’re involved with are where employees or former employees take something for their own gain. For example customers and supplier databases, financial information, technical results and drawings. In a service economy losing data in this way is a big risk and cannot just harm companies, but it can, and it has in my experience taken companies down in the past. In addition loss of some personal data from your systems risks not only a fine from the Information Commissioner but also problems with PR and customer retention. (See some of the news items on our website about data in the cloud here Link - http://virtuosolegal.com/news-publications/important-tips-on-using-data-in-the-cloud-and-they-arent-all-that-obvious/
and SaaS agreements. Link - http://virtuosolegal.com/news-publications/saas-or-a-software-licence-do-you-know-the-difference/
So I’ve followed some stories quite closely and those associated with financial losses from law firms are quite close to home. With that in mind instead of telling you what the issues are I’ve put together a few ideas to keep your data and confidential information safe within your company. This of course isn’t exhaustive – we’re lawyers, not technology professionals - but we have seen where some of the cracks are:
1. If you store and keep personal data about staff or clients then you must register under the Data Protection Act 1998 (DPA) and you must follow the guidelines of the Act including keeping information up to date, accurate and safe. This means proper internal technical measures to ensure access is limited to those who need to know.
2. Data held in the cloud is a great idea, but actually data in the cloud is simply data hosted on someone else’s computer. Make sure the software systems for accessing it and storing it are secure and that if one cloud system goes down, there is a back up of it for access. With this type of mirroring system you should have access at all times – unless both fail at the same time of course!
3. Financial systems are often well encrypted and most professional firms (legal and accounting) have strict procedures and guidelines. However, criminals have found their way around these in some instances by logging into and hacking email accounts without otherwise affecting lap tops and computers. They then pose as a legitimate users and authorise and sanction payments to specific bank accounts. In response many firms now use two or even 3 step verification processes for financial transactions. Such things include secure passwords not sent by email or encrypted stages of authorisation.
4. Ensure your systems have some log in and server monitoring. On a number of occasions we’ve used such material in Court to demonstrate who has had access and when. If you suspect that a staff member has accessed material for nefarious purposes ensure that any investigation you do is properly conducted. It is easy for untrained IT people to tamper with evidence and open up a massive hole which the Claimant then has to overcome in Court to have evidence admitted.
5. It is easy to say but more difficult to do but changing passwords when staff leave or change is also a good idea. On a personal level I use LastPass for all my logins. This is a free bit of software and it ensures that you don’t get hacked when someone like Talk Talk loses your log in data.
6. Be wary about personal data in the public domain. Also ensure that if a bank or some other financial intuition has to contact you by telephone to discuss financial matters that they have some bizarre personal information about you that few other people know about you. Thanks to social media nothing much is secret these days is it? Now all my friends have taken their birthdays off FaceBook I never wish them a Happy Birthday until it is well past the actual day!
7. Finally we aware that for most systems the weak link in the chain is often the human involved. Criminals are increasingly aware of our habits, customs and preferences so mimicking us has become easier. As a result many scams involve people and situations we think we know and we’d like to help. So most of all be alive to the risks and try and stay one step ahead.
If you’ve lost confidential information to staff or others and believe you’ve suffered a problem or want to know more about what you need to do to stay safe under the DPA, then do get in touch firstname.lastname@example.org
or 0844 8008871.
Back to Blogs