SlideShare a Scribd company logo

Data breaches - Is Your Law Firm in Danger

Z
ZitaAdlTrk

A presentation at Legalex 2019, a legal tech event for the British legal sector. Is your law firm in danger of a data breach? Find out here.

Law
1 of 26
Download to read offline
DATA BREACHES: Is Your Law Firm in Danger? Tim Newton Associate Member of the Association of Security Consultants & Regional Manager at Tresorit
Tim Newton Regional Manager, UK/Ireland/Benelux, Tresorit Associate Member, Association of Security Consultants Introduction Agenda 1.About data breaches 2.Everyday risks of data breaches and what you can do to reduce their likelihood 3.Types of encryption
What is a data breach? data breach: a personal data breach can be defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” – Data Protection Act 2018
Breach or not a breach? An employee gets dismissed, and saves all the documents of his clients to his personal drive to reach out to them later. A trainee sends an email with phone numbers and other contact details to the wrong recipient by accident. Your colleague stores client documents in Dropbox. YES YES NONOT YET
Data breaches cost time and money for UK businesses 60%of law firms reported suffering some form of security incident in 2018 46%of law firms reported loss or leakage of confidential information caused by their own staff ₤113is the per capita cost for each lost or stolen record ₤2.81Mis the average amount a data breach costs ₤1.22Mis the cost of lost business after a data breach 163 dayspass, until a company identifies a data breach Sources: 2018 Cost of a Data Breach Study: Global Overview by Ponemon Institute PWC Law Firms’ Survey 2018
How big is the problem? LegalTechnology.com: …legal sector data security incidents as reported to the Information Commissioner’s Office have risen by a significantly above average 112% in two years, with the justice sector up 128%. Human error (as opposed to a cyber incident) accounted for the vast majority of incidents, led by data being emailed to the wrong recipient. *Legaltechnology.com 4th Sept 2018 SRA: There were 512 concerns reported to us about breaches of confidentiality in 2017 and a further 408 reports in the first three quarters of 2018. This shows an increasing trend compared to the same period in 2017.Most of the information security breaches reported to the Information Commissioner's Office (ICO) for all sectors are: • confidential emails, faxes and letters being sent to the wrong person • lost or stolen paperwork *http://www.sra.org.uk/risk/outlook/priority-risks/information-security.page
How big is the problem? WalesOnline.com: A serious new scam sees fraudsters hacking into the email accounts of solicitor firms to try and steal huge sums of money from their clients. In a scam that’s been seen across the UK, hackers are intercepting emails sent to clients. They are then sending a fake email from the hacked account asking clients to send the money to a different bank. The emails are timed, usually to coincide with the date a house deposit is due. In total, 120 cases of the scam, known as “conveyance fraud”, were reported to Action Fraud in the first nine months of 2017 - costing customers more than £8m. In one case a person lost £988,091. *WalesOnline.com 6th March 2018
The main causes of data breaches Human error 27% System glitch 25% Malicious or criminal attack 48% Source: 2018 Cost of a Data Breach Study: Global Overview by Ponemon Institute Even if accidental or intentional error!
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Category 1 Chart Title Malicious/deliberate insider Accidental/unintentional insider Not sure 47% Someone willfully causing harm to the company 51% Carelessness, negligence or compromised credentials 2% Accidental breaches worry experts just as much as malicious attacks Source: 2018 Cybersecurity Insiders/Sunday Times Most concerning insider threats to cybersecurity professionals
What insiders look like Source: 2018 Cybersecurity Insiders/Sunday Times 6% 2% 22% 29% 42% 55% 56% 0% 10% 20% 30% 40% 50% 60% Not sure/other None Customers/clients Privileged business users/executives Contractors/service providers/temporary workers Privileged IT users/admins Regular employees Axis Title AxisTitle Percentage of cybersecurity professionals who say the following presents a security risk
Everyday risks of data breach and what you can do about them
Sending out an email with confidential attachment to wrong recipients by accident What you can do  Replace risky email attachments.  Provide secure tools that allow for further data control like revoking access to content, setting up password protection, expiry date and/or download limit. 1 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • They can be fined. • The firm can lose clients due to the incident.
Stolen device results in data leak2 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • The firm can be fined. What you can do • Set up passcode protection for all work devices. • Ensure you have further device control measures to be able to restrict access and/or wipe documents remotely in case a device is lost or stolen.
Malicious ex-employee takes revenge by leaking data3 Consequences • The firm can be fined for not meeting the requirements of the Data Protection Act 2018. • The business is at risk as its entire client list is revealed to its competitors. What you can do Store all company documents in a secure cloud storage that allows you to manage permissions and track changes: • Terminate the access of leavers immediately. • Remove their accounts and remote wipe their devices. • Manage login details of users to make sure they can’t login via web access.
Leaking data with a USB drive4 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • The firm can be fined. • The firm loses the bid and suffers a reputational loss. What you can do • Don’t use hard drives and USB sticks to store confidential files, as they don’t offer any protection. • Use an encrypted, cloud-based service with data control features.
Using an unsecure file server and no encryption for files5 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • The firm can be fined. • The company can lose trust of its clients. What you can do • If you use on-premise file servers, you need dedicated security experts and maintenance to make sure it’s secure and convenient. • Use encrypted cloud services, so even in case of an attack, the information won’t be revealed to hackers.
Consequences of digital failures Executive resignations Lost business Lost time – ICO reporting, informing clients, dealing with press Significant costs Upset customers Regulatory backlash
Consequences of digital failures
Consequences of digital failures
What you can do to prevent them Control user and device permissions centrally for better management and visibility. “Who has my company data and on what devices?” audit. Make sure you can give and revoke access to information easily. Protect the content of your files with end-to-end encryption.
What legal professionals do now Still, the majority of legal professionals use consumer- grade cloud services to store and share documents. 100-499 lawyers 500+ lawyers Dropbox 54% 47% Google Docs 25% 32% iCloud 18% 32% Many others still use on-premise solutions as they have security and backup concerns regarding the cloud. Source: PWC Law Firms’ Survey 2017
Not all types of encryption provide you with the same level of security.
Bar Council recommendation on encryption “Look for a service which says it has ‘zero knowledge’ encryption – this means that the encryption provider doesn’t store your password for the data: any requests for the data have to come to you.” Bar Council Guide on Cloud computing – security issues to consider
Types of encryption Server-side encryption The encryption key is stored in the cloud in plaintext format, therefore the cloud provider can see your data.
Types of encryption End-to-end encryption Only you and your recipients have the key to decrypt and see the files.
Read more about how Tresorit can help legal professionals work securely and productively in the cloud or read a customer testimony from Apogee Law Group. Try Tresorit for FREE Take the opportunity to try our ultra-secure service for free Schedule a live demo Learn more about Tresorit and cloud encryption from our experts The materials available in this presentation are for informational purposes only and do not constitute legal advice. To obtain advice with respect to a particular issue, you should contact your attorney.

Recommended

Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
M6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityM6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityJamie Hutt
 

Recommended

Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
M6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityM6 - E Commerce - Integrity And Security
M6 - E Commerce - Integrity And SecurityJamie Hutt
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4jNeo4j
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
How Much Do You Trust Email?
How Much Do You Trust Email?How Much Do You Trust Email?
How Much Do You Trust Email?Echoworx
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy QuizDruva
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12Jim Kaplan CIA CFE
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
C7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingC7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingDr. Wilfred Lin (Ph.D.)
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Secure Cloud For Legal Professionals
Secure Cloud For Legal ProfessionalsSecure Cloud For Legal Professionals
Secure Cloud For Legal ProfessionalsZitaAdlTrk
 
Understand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachUnderstand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachJon Gatrell
 

More Related Content

What's hot

The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4jNeo4j
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
How Much Do You Trust Email?
How Much Do You Trust Email?How Much Do You Trust Email?
How Much Do You Trust Email?Echoworx
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy QuizDruva
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
C7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingC7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingDr. Wilfred Lin (Ph.D.)
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 

What's hot (20)

The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspace
 
Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j Real Life Examples of Cybersecurity with Neo4j
Real Life Examples of Cybersecurity with Neo4j
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
How Much Do You Trust Email?
How Much Do You Trust Email?How Much Do You Trust Email?
How Much Do You Trust Email?
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
Enterprise Data Privacy Quiz
Enterprise Data Privacy QuizEnterprise Data Privacy Quiz
Enterprise Data Privacy Quiz
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
 
Symantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global ResultsSymantec 2011 Encryption Flash Poll Global Results
Symantec 2011 Encryption Flash Poll Global Results
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
C7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingC7 defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditing
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyers
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 

Similar to Data breaches - Is Your Law Firm in Danger

Secure Cloud For Legal Professionals
Secure Cloud For Legal ProfessionalsSecure Cloud For Legal Professionals
Secure Cloud For Legal ProfessionalsZitaAdlTrk
 
Understand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachUnderstand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachJon Gatrell
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...AwodiranOlumide
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...CBIZ, Inc.
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Presentation On Mass Data Privacy Law
Presentation On Mass Data Privacy LawPresentation On Mass Data Privacy Law
Presentation On Mass Data Privacy LawIreneWachsler
 
Protecting Your Business from a Cyber Attack
Protecting Your Business from a Cyber AttackProtecting Your Business from a Cyber Attack
Protecting Your Business from a Cyber AttackBen Jones
 

Similar to Data breaches - Is Your Law Firm in Danger (20)

Secure Cloud For Legal Professionals
Secure Cloud For Legal ProfessionalsSecure Cloud For Legal Professionals
Secure Cloud For Legal Professionals
 
Understand Risk in Communications and Data Breach
Understand Risk in Communications and Data BreachUnderstand Risk in Communications and Data Breach
Understand Risk in Communications and Data Breach
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
 
Presentation On Mass Data Privacy Law
Presentation On Mass Data Privacy LawPresentation On Mass Data Privacy Law
Presentation On Mass Data Privacy Law
 
Protecting Your Business from a Cyber Attack
Protecting Your Business from a Cyber AttackProtecting Your Business from a Cyber Attack
Protecting Your Business from a Cyber Attack
 
Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!
 

Recently uploaded

如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfMilind Agarwal
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书srst S
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 

Recently uploaded (20)

如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 

Data breaches - Is Your Law Firm in Danger

  • 1. DATA BREACHES: Is Your Law Firm in Danger? Tim Newton Associate Member of the Association of Security Consultants & Regional Manager at Tresorit
  • 2. Tim Newton Regional Manager, UK/Ireland/Benelux, Tresorit Associate Member, Association of Security Consultants Introduction Agenda 1.About data breaches 2.Everyday risks of data breaches and what you can do to reduce their likelihood 3.Types of encryption
  • 3. What is a data breach? data breach: a personal data breach can be defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” – Data Protection Act 2018
  • 4. Breach or not a breach? An employee gets dismissed, and saves all the documents of his clients to his personal drive to reach out to them later. A trainee sends an email with phone numbers and other contact details to the wrong recipient by accident. Your colleague stores client documents in Dropbox. YES YES NONOT YET
  • 5. Data breaches cost time and money for UK businesses 60%of law firms reported suffering some form of security incident in 2018 46%of law firms reported loss or leakage of confidential information caused by their own staff ₤113is the per capita cost for each lost or stolen record ₤2.81Mis the average amount a data breach costs ₤1.22Mis the cost of lost business after a data breach 163 dayspass, until a company identifies a data breach Sources: 2018 Cost of a Data Breach Study: Global Overview by Ponemon Institute PWC Law Firms’ Survey 2018
  • 6. How big is the problem? LegalTechnology.com: …legal sector data security incidents as reported to the Information Commissioner’s Office have risen by a significantly above average 112% in two years, with the justice sector up 128%. Human error (as opposed to a cyber incident) accounted for the vast majority of incidents, led by data being emailed to the wrong recipient. *Legaltechnology.com 4th Sept 2018 SRA: There were 512 concerns reported to us about breaches of confidentiality in 2017 and a further 408 reports in the first three quarters of 2018. This shows an increasing trend compared to the same period in 2017.Most of the information security breaches reported to the Information Commissioner's Office (ICO) for all sectors are: • confidential emails, faxes and letters being sent to the wrong person • lost or stolen paperwork *http://www.sra.org.uk/risk/outlook/priority-risks/information-security.page
  • 7. How big is the problem? WalesOnline.com: A serious new scam sees fraudsters hacking into the email accounts of solicitor firms to try and steal huge sums of money from their clients. In a scam that’s been seen across the UK, hackers are intercepting emails sent to clients. They are then sending a fake email from the hacked account asking clients to send the money to a different bank. The emails are timed, usually to coincide with the date a house deposit is due. In total, 120 cases of the scam, known as “conveyance fraud”, were reported to Action Fraud in the first nine months of 2017 - costing customers more than £8m. In one case a person lost £988,091. *WalesOnline.com 6th March 2018
  • 8. The main causes of data breaches Human error 27% System glitch 25% Malicious or criminal attack 48% Source: 2018 Cost of a Data Breach Study: Global Overview by Ponemon Institute Even if accidental or intentional error!
  • 9. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Category 1 Chart Title Malicious/deliberate insider Accidental/unintentional insider Not sure 47% Someone willfully causing harm to the company 51% Carelessness, negligence or compromised credentials 2% Accidental breaches worry experts just as much as malicious attacks Source: 2018 Cybersecurity Insiders/Sunday Times Most concerning insider threats to cybersecurity professionals
  • 10. What insiders look like Source: 2018 Cybersecurity Insiders/Sunday Times 6% 2% 22% 29% 42% 55% 56% 0% 10% 20% 30% 40% 50% 60% Not sure/other None Customers/clients Privileged business users/executives Contractors/service providers/temporary workers Privileged IT users/admins Regular employees Axis Title AxisTitle Percentage of cybersecurity professionals who say the following presents a security risk
  • 11. Everyday risks of data breach and what you can do about them
  • 12. Sending out an email with confidential attachment to wrong recipients by accident What you can do  Replace risky email attachments.  Provide secure tools that allow for further data control like revoking access to content, setting up password protection, expiry date and/or download limit. 1 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • They can be fined. • The firm can lose clients due to the incident.
  • 13. Stolen device results in data leak2 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • The firm can be fined. What you can do • Set up passcode protection for all work devices. • Ensure you have further device control measures to be able to restrict access and/or wipe documents remotely in case a device is lost or stolen.
  • 14. Malicious ex-employee takes revenge by leaking data3 Consequences • The firm can be fined for not meeting the requirements of the Data Protection Act 2018. • The business is at risk as its entire client list is revealed to its competitors. What you can do Store all company documents in a secure cloud storage that allows you to manage permissions and track changes: • Terminate the access of leavers immediately. • Remove their accounts and remote wipe their devices. • Manage login details of users to make sure they can’t login via web access.
  • 15. Leaking data with a USB drive4 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • The firm can be fined. • The firm loses the bid and suffers a reputational loss. What you can do • Don’t use hard drives and USB sticks to store confidential files, as they don’t offer any protection. • Use an encrypted, cloud-based service with data control features.
  • 16. Using an unsecure file server and no encryption for files5 Consequences • The firm has to report the breach to ICO (Information Commissioner’s Office). • The firm can be fined. • The company can lose trust of its clients. What you can do • If you use on-premise file servers, you need dedicated security experts and maintenance to make sure it’s secure and convenient. • Use encrypted cloud services, so even in case of an attack, the information won’t be revealed to hackers.
  • 17. Consequences of digital failures Executive resignations Lost business Lost time – ICO reporting, informing clients, dealing with press Significant costs Upset customers Regulatory backlash
  • 20. What you can do to prevent them Control user and device permissions centrally for better management and visibility. “Who has my company data and on what devices?” audit. Make sure you can give and revoke access to information easily. Protect the content of your files with end-to-end encryption.
  • 21. What legal professionals do now Still, the majority of legal professionals use consumer- grade cloud services to store and share documents. 100-499 lawyers 500+ lawyers Dropbox 54% 47% Google Docs 25% 32% iCloud 18% 32% Many others still use on-premise solutions as they have security and backup concerns regarding the cloud. Source: PWC Law Firms’ Survey 2017
  • 22. Not all types of encryption provide you with the same level of security.
  • 23. Bar Council recommendation on encryption “Look for a service which says it has ‘zero knowledge’ encryption – this means that the encryption provider doesn’t store your password for the data: any requests for the data have to come to you.” Bar Council Guide on Cloud computing – security issues to consider
  • 24. Types of encryption Server-side encryption The encryption key is stored in the cloud in plaintext format, therefore the cloud provider can see your data.
  • 25. Types of encryption End-to-end encryption Only you and your recipients have the key to decrypt and see the files.
  • 26. Read more about how Tresorit can help legal professionals work securely and productively in the cloud or read a customer testimony from Apogee Law Group. Try Tresorit for FREE Take the opportunity to try our ultra-secure service for free Schedule a live demo Learn more about Tresorit and cloud encryption from our experts The materials available in this presentation are for informational purposes only and do not constitute legal advice. To obtain advice with respect to a particular issue, you should contact your attorney.