Email Security - Shutting the barn door after the horse has bolted?

Ross MacKenzie
Email Security

I have spent the last 6 months working in the legal sector around secure information. One thing that struck me is why do law firms not take email and client communications seriously?

Every few weeks there are stories in the news about how people have lost money thanks to their law firms:

'Fraudsters hacked emails to my solicitor and stole £340,000 from my property sale'

The Information Commissioners Office, according to Freedom of Information requests has, in the last 12 months, investigated 175 law firms for 185 potential data breaches.

The ICO also highlights in its data trends that the fourth most common data breach is around email.

The Bar Council has given the following guidance on communications:

  • E-mail is a potentially insecure method of communication. Appropriate steps, such as encryption during transmission, should be taken if it is considered necessary to send particularly sensitive information by e-mail and if required by your client.
  • You should take care when using the 'auto complete' function that is offered by some email systems to ensure that you do not accidentally select the incorrect email address.
  • Caution is advised when using the carbon copy (cc) function and blind carbon copy (bcc) function to ensure that you are not sending data to the incorrect recipient.

Another interesting fact is that 93% of Data Breaches were caused by human error, with 31% of the worst security breaches in 2014 across all industries in the UK being caused by human error.

According to Christopher Graham, UK Information Commissioner, on 05 August 2014 “The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling.”

The final thoughts from the ICO

“While encryption sounds like a complicated means of protecting sensitive personal information, the crucial aspect to making it work is to identify the most suitable form of encryption and follow a common sense approach to keeping the key, and therefore the data, secure. Using effective encryption is usually easier to manage than adopting an alternative means of providing a similar level of data security.

And the time and cost of proper encryption is put into sharp perspective by a quick glance over the penalties issued in three recent cases where encryption wasn’t used (£700,000 in total). The price of getting it wrong could therefore extend well beyond upsetting people…”

So, in summary, next time you are using a law firm, will you be asking them how they are going to protect your data?

Related Articles

Keeping customers safe: responding to the Mimecast cyberattack

Protecting customers is a top priority, with a layered approach to the security of their users, applications, data and devices.

Read More

Which telephony option is best for your business?

Use our interactive flow diagram to understand which option is best suited to your business.

Read More

Latest Microsoft Teams updates focus on making connections 🤝🏼

How can you maintain a sense of team spirit as they work remotely? Discover how with these latest updates from Microsoft Teams.

Read More

Cobweb supporting The Moving On Project for Christmas 2020

Helping to improve the emotional health and wellbeing of 11-25 year-olds in Fareham, Gosport, and surrounding communities.

Read More