After The Horse Has Bolted
05/10/2015

Email Security - Shutting the barn door after the horse has bolted?

I have spent the last 6 months working in the legal sector around secure information. One thing that struck me is why do law firms not take email and client communications seriously?



Every few weeks there are stories in the news about how people have lost money thanks to their law firms:



'Fraudsters hacked emails to my solicitor and stole £340,000 from my property sale'



The Information Commissioners Office, according to Freedom of Information requests has, in the last 12 months, investigated 175 law firms for 185 potential data breaches.



The ICO also highlights in its data trends that the fourth most common data breach is around email.



The Bar Council has given the following guidance on communications:

  • E-mail is a potentially insecure method of communication. Appropriate steps, such as encryption during transmission, should be taken if it is considered necessary to send particularly sensitive information by e-mail and if required by your client.
  • You should take care when using the 'auto complete' function that is offered by some email systems to ensure that you do not accidentally select the incorrect email address.
  • Caution is advised when using the carbon copy (cc) function and blind carbon copy (bcc) function to ensure that you are not sending data to the incorrect recipient.

Another interesting fact is that 93% of Data Breaches were caused by human error, with 31% of the worst security breaches in 2014 across all industries in the UK being caused by human error.



According to Christopher Graham, UK Information Commissioner, on 05 August 2014 “The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling.”



The final thoughts from the ICO:



“While encryption sounds like a complicated means of protecting sensitive personal information, the crucial aspect to making it work is to identify the most suitable form of encryption and follow a common sense approach to keeping the key, and therefore the data, secure. Using effective encryption is usually easier to manage than adopting an alternative means of providing a similar level of data security.



And the time and cost of proper encryption is put into sharp perspective by a quick glance over the penalties issued in three recent cases where encryption wasn’t used (£700,000 in total). The price of getting it wrong could therefore extend well beyond upsetting people…”



So, in summary, next time you are using a law firm, will you be asking them how they are going to protect your data?

Microsoft 365 | December 2018 Updates
19/12/2018

Microsoft 365 | December 2018 Updates

19/12/2018
Looking for our regular Office 365 update blog? Look no further!
Cobweb MD Michael Frisby looks ahead to ...
17/12/2018

Cobweb MD Michael Frisby looks ahead to ...

17/12/2018
the trends in developments in cloud and advances in technology likely to continue in 2019 and new topics to lo...
Papa John’s UK moves to Microsoft Office...
12/12/2018

Papa John’s UK moves to Microsoft Office...

12/12/2018
A Cobweb Customer for five years, Papa John's UK operation has moved from Hosted Exchange to Office 365.