Keeping your information safe

Keeping your information safe

By Debra Malpass on 14 April 2016

Information security: it’s a vital duty for any law firm. While you cannot avoid risks to information by avoiding IT – paper has problems all of its own – it’s undeniable that cybercrime can cause real harm. It’s no accident that it’s one of our priority risks, and we know it’s a key concern for many of you. 

Tips to keep information secure 

Our recent paper IT and Innovation offers some suggestions on how to keep information safe, derived from informed sources such as GCHQ. This adds to our paper Spiders in the web: The risks of online crime to legal business published in February 2014. It offers a review of how the legal market is using new IT to meet a changing market, as well as updated advice on information security. The good news is that many threats can be reduced or eliminated with a series of straightforward, inexpensive steps.

Keeping information secure

IT security does not have to be complicated and most of these tips are common sense. The aim is to try to be a harder target. Harmful programs known as Malware can engage in all kinds of criminal activity, such as monitoring what you type or changing bank details on emails. Such software, normally gets on to your systems by invitation. A common route for this and other forms of criminal activity is when someone clicks on an attachment in a fraudulent email. Up to date antivirus can stop most attacks, but it’s better not to open the attachment in the first place. 

Where can you find more information?

  • Ultimately, each individual firm should assess their own needs and take appropriate steps. 
  • Read the section on information security on our priority risks page.
  • Those firms with good reason to believe they may face more targeted attacks, for example from state-sponsored attackers seeking trade secrets or from insider traders seeking price sensitive information, may wish to take more specialist advice. 

Data protection, the US and the cloud 

Those using online cloud storage do need to take care to comply with data protection rules. Since the finding by the European courts that the old Safe Harbour agreement between the US and EU was invalid, the law on data sharing with the US has been unclear and subject to change. From June, a new Privacy Shield agreement is due to come into force, again allowing the storage of personal data with US businesses. This remains subject to change, however, and has not yet received final approval at the time of writing. 

What next? 

We are constantly monitoring reports of information security breaches we receive and are collating the latest information to help inform for our 2016 Risk Outlook, due to be published in July.

Debra Malpass