Published on 24 January, 2021 by Thomas Haines
Tags: Data security
From setting up online collaboration tools, to navigating video conferencing software, you’d be forgiven for being complacent about cyber security at this time. However, now, more than ever, security should be a top priority. With staff working from home, you need to ensure that the software everyone is using, is secure.
Video conferencing app, Zoom has had a surge in popularity recently, however, some companies are backing away from the video conferencing app over concerns for security.
An article published on news website The Intercept reveals that Zoom doesn’t guarantee end-to-end encryption for its meetings, despite misleading marketing stating that it does. As such, the app is vulnerable to hackers, who can gain access to users’ webcams.
In light of these vulnerabilities, let’s look at the issue of cyber security in more detail and explore the legal tech that is taking security seriously.
Encryption is the process of turning information into code that hides the true meaning of the message. The practice of encrypting and decrypting information is called cryptography and it’s vital to assuring the security of software.
At the beginning of the encryption process, the sender needs to decide what cipher will be used to hide the information and what variable will be used to make it unique. The various types of cipher fall into two categories: symmetric and asymmetric, with the first using a single secret key and the latter using a pair of keys.
Essentially, encryption provides software with confidentiality by encoding the content of a message. It provides authentication by checking its origin and verifies its integrity by checking that the message hasn’t been tampered with.
As well as protecting the confidentiality of information, encryption is also required for software to meet with compliance standards.
According to IBM’s Cost of a Data Breach 2019 study, the average total cost of a data breach is $3.92 million and the average time it takes to identify a breach is 196 days. As such, cyber security should be an essential consideration when it comes to choosing legal software.
Cyber attacks against law firms are increasing. As more companies embrace digitisation, the threat of cyber attacks become ever more significant. As an industry, the legal sector is particularly vulnerable to attacks due to the vast amounts of money, information and sensitive data that can be obtained.
One of the most common cyber attacks in the legal sector is phishing attacks. According to the Solicitors Regulation Authority (SRA), over half (52%) of law firms have experienced a cyber attack, with 82% reported to be phishing attacks. These attacks are typically conducted by email with the sender attempting to gain access to client money by pretending to be a trustworthy source.
Ransomware also poses a threat to law firms by encrypting their files until a ransom has been paid. This type of attack is usually spread through unsolicited emails. When a member of staff clicks on a link within the email, the files become encrypted.
Earlier this year, a number of law firms in the U.S. were hit by a ransomware attack by a group known as Maze. As well as encrypting each firms’ data, they also stole it.
In addition to loss of data and revenue, cyber attacks can also have a negative impact on a law firms’ reputation. Reputational damage can be long-lasting as clients trust their lawyers to keep their data safe and secure. A potential breach of this information can cripple a law firm’s reputation beyond repair.
Perhaps the most widely-publicised example of reputational damage through a data breach was Mossack Fonesca’s ‘Panama Papers’ incident. The law firm found itself under international scrutiny when more than 11.5 million documents were leaked to the public anonymously. As a result, the firm had to shut down because of economic and reputational damage.
So, how do law firms know what software has good security? To help you choose the most secure legal tech for your firm, we’ve compiled a list of software that priorities security as a principal feature.
When it comes to choosing legal tech, law firms should consider how the software approaches encryption. You should also look at how it handles individual privacy and how it stores sensitive data. Cyber attacks are on the rise in the legal sector, so law firms need to look at their internal security as well, making sure that staff are aware of what phishing emails look like. By choosing legal tech with a focus on security, you’ll have peace of mind that all the data you process is secure.