Email Security - Shutting the barn door after the horse has bolted?

Ross MacKenzie
Email Security

I have spent the last 6 months working in the legal sector around secure information. One thing that struck me is why do law firms not take email and client communications seriously?

Every few weeks there are stories in the news about how people have lost money thanks to their law firms:

'Fraudsters hacked emails to my solicitor and stole £340,000 from my property sale'

The Information Commissioners Office, according to Freedom of Information requests has, in the last 12 months, investigated 175 law firms for 185 potential data breaches.

The ICO also highlights in its data trends that the fourth most common data breach is around email.

The Bar Council has given the following guidance on communications:

  • E-mail is a potentially insecure method of communication. Appropriate steps, such as encryption during transmission, should be taken if it is considered necessary to send particularly sensitive information by e-mail and if required by your client.
  • You should take care when using the 'auto complete' function that is offered by some email systems to ensure that you do not accidentally select the incorrect email address.
  • Caution is advised when using the carbon copy (cc) function and blind carbon copy (bcc) function to ensure that you are not sending data to the incorrect recipient.

Another interesting fact is that 93% of Data Breaches were caused by human error, with 31% of the worst security breaches in 2014 across all industries in the UK being caused by human error.

According to Christopher Graham, UK Information Commissioner, on 05 August 2014 “The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling.”

The final thoughts from the ICO

“While encryption sounds like a complicated means of protecting sensitive personal information, the crucial aspect to making it work is to identify the most suitable form of encryption and follow a common sense approach to keeping the key, and therefore the data, secure. Using effective encryption is usually easier to manage than adopting an alternative means of providing a similar level of data security.

And the time and cost of proper encryption is put into sharp perspective by a quick glance over the penalties issued in three recent cases where encryption wasn’t used (£700,000 in total). The price of getting it wrong could therefore extend well beyond upsetting people…”

So, in summary, next time you are using a law firm, will you be asking them how they are going to protect your data?

Related Articles

Why is communication a problem for modern workers and companies?

Communication is key to any business. Yet so many are getting it wrong in the UK. Find out why thanks to a survey by YouGov and Micr...

Read More

Cobweb Solutions wins South Coast Tech Business Awards - High Growth Tech Bu...

The judges commented, “We were impressed by Cobweb’s turnover growth and its high net promoter score."

Read More

Cobweb launches their Microsoft 365 Managed Service

Enabling our customers to benefit to maximum advantage from the features and functionality of Microsoft 365, supported by the expert...

Read More

8 reasons why you should move to the cloud

Discover why the cloud is an obvious choice for businesses nowadays with our 8 reasons why infographic

Read More