SlideShare a Scribd company logo

Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (Feb 2015) copy

T
Tania Mushtaq

This document is the February 2015 issue of the Australian banking and finance newsletter. It contains several articles related to banking and finance law. The main article discusses three tips for banking lawyers to securely use cloud technology and mobile devices: 1) change passwords regularly using complex passwords, 2) protect mobile devices with security solutions like mobile device management, and 3) create secure workflows when using unauthorized cloud services. Banking lawyers handle sensitive client information and data security is important to avoid breaches. While cloud technology increases productivity, it also increases security risks that lawyers must mitigate.

1 of 4
Download to read offline
Contents page 2 General Editor’s note Karen Lee LEGAL KNOW-HOW page 4 Financial System Inquiry: Part 1 — A lending industry perspective on competition Leonie Chapman LAWYAL SOLICITORS and Tim Brown MORTGAGE AND FINANCE ASSOCIATION OF AUSTRALIA page 9 Encouraging and facilitating corporate turnarounds: effective debt restructuring Macaire Bromley DIBBSBARKER page 14 The letter of credit, right of suit under a bill of lading, and “debt” versus “damages” Lee Aitken TC BEIRNE SCHOOL OF LAW, UNIVERSITY OF QUEENSLAND page 17 Closing the gap with branchless banking: Thousand Islands leads the way with sustainable banking in Indonesia David Marcus BNP PARIBAS page 21 Westpac Banking Corporation v Kekatos David Richardson HWL EBSWORTH LAWYERS page 24 Three tips for banking lawyers to avoid the stormy cloud Tania Mushtaq EFFERVESQ General Editor Karen Lee Principal and Consultant, Legal Know-How Editorial Board Mark Hilton Partner, Henry Davis York, Sydney David Richardson Partner, HWL Ebsworth Lawyers, Sydney Bruce Taylor Solicitor David Turner Barrister, Owen Dixon West Chambers, Melbourne Nicholas Mirzai Barrister, Banco Chambers, Sydney John Mosley Partner, Minter Ellison, Sydney David Carter Partner, DibbsBarker, Sydney Samantha Carroll Special Counsel, Clayton Utz, Brisbane John Naughton Partner, King & Wood Mallesons, Perth Leonie Chapman Principal Lawyer and Director, LAWYAL Solicitors 2015 . Vol 31 No 1 Information contained in this newsletter is current as at February 2015
Three tips for banking lawyers to avoid the stormy cloud Tania Mushtaq EFFERVESQ As the legal industry embraces cloud and mobility, it also inadvertently exposes itself to security risks such as data leakage, data breaches, malicious apps, software bugs and account hijacking, to name just a few. Lawyers tend to be more concerned about getting the job done in the most efficient billing timeframe, rather than worry- ing about how safe it is to access the office servers to download confidential client information and files. A major portion of a banking lawyer’s job is based on extensive searches and document sharing, which leaves little or no time for complex security policies set by IT departments. In the day-to-day matters, and in an envi- ronment where higher outputs are demanded in shorter timeframes, productivity takes precedence over security. The latter is left to the IT departments and service providers to tackle. However, in the age of the cloud, there is another new practice of shadow IT (unsanctioned use of the cloud) that takes IT departments out of the picture, potentially exposing confidential and sensitive information to significant risk. So, how can banking lawyers ensure that they can achieve their productivity goals while protecting corporate and sensitive client data from security breaches without laborious and compli- cated processes? The disruptive paradigm shift In the legal services sector, cloud technology is creating a disruptive paradigm shift. Lawyers are finding new ways to create differentiation in a highly competi- tive industry with offshore firms, especially from the United Kingdom and the United States, entering the Australian markets via mergers and acquisitions. As the cloud market matures, the concerns about the security of cloud-hosted data either ease or are addressed by ven- dors. This has helped the cloud foray into the more conservative industry sectors, such as financial, legal and government. The increasingly mobile lawyers are now able to leverage software-as-a-service (SaaS) appli- cations to enhance productivity, maximise billable hours and increase client interaction, thereby adding value for their clients. However, for banking lawyers, search and discovery tasks make up a bulk of time that does not add tangible value for their clients. The more innovative lawyers are, therefore, exploring and utilising new tools that facilitate agility, collaboration and productivity, avoiding cumbersome IT department approvals, the installation of hardware and the cost of constant upgrades. Australians, in general, are becoming more mobile, with 90% of the population using smartphones or tablets by mid-2014.1 Mobile phones, especially smartphones, are no longer used only for calls, text messages and emails, but have become a means of collaboration, research, networking and access to social media. In March 2014, the LexisNexis Mobility Survey revealed that eight out of 10 lawyers in Australia and New Zealand are using mobile devices for work and nine out of 10 rate their mobile phone as the most important item they pack for their trip to the office, showing what an integral part of a lawyer’s life mobile devices have become.2 Given that mobile devices are mainly used for content curation rather than content creation, and bank- ing lawyers heavily focus on sharing and reviewing documents, contract negotiations and extensive searches, the reliance on mobile devices is no surprise. Australian analyst firm Telsyte has reported that most organisations are already using some variant of cloud computing, with SaaS applications becoming prevalent across industries.3 Even the most risk-averse players in the financial services industry — the big four banks — have been in the process of deploying private and hybrid clouds since 2012. Smaller banks are also making the bold move to cloud, with ING having recently moved its entire production IT infrastructure to a private cloud. Cost cutting, improvement in productivity and customer engagement have been the main drivers of cloud adop- tion across the banking and finance industry. In addition to these drivers, lawyers are also using the cloud for easy back-ups and faster access to information. The risk of stormy cloud While mobility and the cloud have fundamentally changed the way banking lawyers work, they have also brought to the fore issues about the protection and security of data. The common misconception about mobility is that mobility enables people to become more mobile. The fact is that mobility enables people to become more connected and more stationary while the data becomes more mobile. Most financial institutions australian banking and finance February 201524
are now demanding that lawyers take reasonable steps to protect sensitive information in the face of rising threats. The high profile breaches of 2014 have made even the most complacent organisations review and enhance their network security. The PricewaterhouseCoopers 2014 Global Economic Crime Survey for Australia ranked cybercrime in the top three threats for organisations.4 In certain situations, data in motion is more vulner- able to breaches than data at rest — that is, data stored in servers protected by firewalls and stringent IT depart- ment policies. When mobile lawyers connect to office servers and download information from their network to store on their devices, they have taken sensitive data out of a secure environment. Unless proper measures have been put in place to protect the mobile devices and data, lawyers have exposed everything they have stored on their phone to security risks. Just imagine leaving your mobile device containing confidential emails with clas- sified attachments in a café or taxi or on a plane. Telstra reports that over 200,000 phones are lost or stolen every year in Australia. The screen-lock passcode is not enough protection to prevent hackers from getting access to what is stored on your mobile device. With the growth of internationalisation in the past few years, banking lawyers are also increasingly engag- ing in cross-border collaboration when advising on and investigating extremely sensitive corporate information. While the cloud services models comply with Austra- lia’s privacy laws, banking lawyers need to be mindful of the new Australian Privacy Principles (APPs), espe- cially APP 8 (cross-border disclosure of personal infor- mation) and APP 11.1 (security of personal information) that put the onus of security on senders of information and the organisations they represent. These APPs hold Australian senders of information liable for the actions of overseas recipients and require organisations to take reasonable steps to protect personal information.5 Three simple steps to prevent the stormy cloud Change your passwords very regularly The rising use of cloud applications and services has created new opportunities for cybercriminals. Passwords are no longer adequate protection for any mobile device or for any cloud subscription service. Some of the major high profile breaches of 2014 — including the eBay hacking, where cybercriminals were able to steal mil- lions of passwords — are evidence of how easy it is to acquire passwords and how critical it is to ensure that they are changed regularly. Hackers use a number of ways to find out passwords, including the English dictionary, names dictionaries and foreign words. In addition to changing passwords regularly, it is recom- mended that passwords: • have 12 characters; • include a combination of capital letters, numbers and symbols such as exclamation marks, asterisks or ampersands; and • not be made of common words or names, or representative of birthdays. In a security breach where 38 million passwords of Adobe accounts were leaked, analysts discovered that the most commonly used password of those 38 million was 123456.6 Protect your mobile device Mobile devices are not secure by default. Many people have the misconception that their mobile devices are safe with the screen-lock passcode. This is not true. The only way to protect a mobile device is to ensure that some form of mobile security solution is installed. The most commonly known secure mobility solution is known as mobile device management (MDM). This allows a device lockdown and remote wipe from the IT department of an organisation in case the device is lost or stolen, or the employee has left the firm. Most telecom service providers also offer some type of MDM solution for mobile devices and can provide advice on what will best suit the needs of the individual user. Another way to protect the corporate data on mobile devices is containerisation. This means creating a parti- tion between corporate data and the rest of the device. Creating a partition allows lawyers more flexibility to get on with using their personal apps and personal emails while protecting and encrypting corporate data. The container can be easily wiped out remotely without impacting the rest of the apps and data on the device. There are enterprise solutions available for small and large firms from various vendors. Some cloud-based containerisation solutions are available at very reason- able per-user-per-month subscription costs that are well worth the investment, given the extremely sensitive nature of the data banking lawyers handle — especially in cross-border communications. Create secure workflows if shadowing These days, there is an app for pretty much anything — except, of course, one that can make us a cup of coffee in the mornings. Most organisations are now focused on building in-house apps to enhance customer experience and allow customers to access their services from mobile devices no matter where they are. Apps such as those that allow us to annotate PDF documents australian banking and finance February 2015 25
on our mobile devices, share files with our clients and peers, video conference and invite people to participate in meetings enable us to get on with our jobs from anywhere, anytime. However, not all apps are secure and it’s now always clear how the information stored in and passing through these apps will be used and protected. When lawyers use unauthorised cloud services —such as Dropbox, Skype and Viber —to conduct their jobs, it puts sensitive information at risk since IT departments no longer have any control over monitoring the security of the data passing through these apps. If there is a need to use apps that are not built in-house, it is important to conduct proper research to ensure that those apps are secure and to implement two-factor authentication where necessary. While the cloud makes life easy and helps lawyers increase efficiency, there is also an abundance of mali- cious apps around. Cybercriminals are always on the lookout for new and creative ways to get their hands on sensitive information because such information is con- sidered digital gold, selling on the black market for a handsome sum. In addition, we are all human and losing our mobile device or having it stolen can never be ruled out as a possibility — no matter how careful we are. Banking lawyers, in particular, are privy to corporate secrets, major banking deals and sensitive financial information that, once leaked, can cause major — and, in some cases, irreversible — financial and reputational damage. Therefore, in this era of growing cloud adop- tion and the proliferation of apps, vigilance is the best defence. Tania Mushtaq Director Effervesq effervesq@gmail.com Twitter @tanmushi About the author Tania Mushtaq is the founder and director of Effervesq Pty Ltd, a marketing communications consultancy for the IT industry. Tania has worked and written exten- sively in the space of IT, with specific focus on cybersecurity, mobility, the cloud, information management and gen- erational differences. She also ghost writes for senior IT executives and has worked with clients across Asia Pacific to develop business positioning and differentia- tion strategies. Tania holds an MBA from the Macquarie Graduate School of Management. Footnotes 1. P Budde, K Wansink and H Lancaste “Australia — Mobile Communications — Statistics and Forecasts” BuddeCom July 2014, available at www.budde.com.au. 2. LexisNexis Pacific “The age of the mobile lawyer” SmartOf- fice, available at www.lexisnexis.com.au. 3. R LeMay “SaaS apps now mainstream in Australia” Delimiter 13 December 2014, available at www.delimiter.com.au. 4. PricewaterhouseCoopers Corruption: From the Backroom to the Boardroom — PwC’s 2014 Global Economic Crime Sur- vey: The Australian Story 2014, available at www.pwc.com.au. 5. A Christie “Australia: cloud computing and the new Australian privacylaw”Mondaq24September2013,availableatwww.mondaq.com. 6. N Goguen “9 easy ways to choose a safe and secure password” No-IP 4 December 2013, available at www.noip.com. australian banking and finance February 201526

Recommended

Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyers
Nicole Black
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
GFI Software
 
Governance & Ediscovery
Governance & EdiscoveryGovernance & Ediscovery
Governance & EdiscoveryLouise Spiteri
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Louise Spiteri
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
EMC
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
Hayden McCall
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 

Recommended

Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyers
Nicole Black
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
GFI Software
 
Governance & Ediscovery
Governance & EdiscoveryGovernance & Ediscovery
Governance & EdiscoveryLouise Spiteri
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Louise Spiteri
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
EMC
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
Hayden McCall
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
Authentic8
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
CloudMask inc.
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
ENC
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. Internet
Prof. (Dr.) Tabrez Ahmad
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
Felipe Prado
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodataSteph Cliche
 
mbiz122710_bitsec
mbiz122710_bitsecmbiz122710_bitsec
mbiz122710_bitsecbitsec
 
Research Proposal K.M.Sangeetha
Research Proposal K.M.SangeethaResearch Proposal K.M.Sangeetha
Research Proposal K.M.Sangeetha
Sangeetha M Kannuchamy
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Creus Moreira Carlos
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)
Dr Dev Kambhampati
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Practicing law online ebook 5.17
Practicing law online ebook 5.17Practicing law online ebook 5.17
Practicing law online ebook 5.17Stephanie Kimbro Dolin
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettle
Logicalis
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
EMC
 
Ccs16
Ccs16Ccs16
Ccs16
Andrey Apuhtin
 
Legal Issues in Applied Technology
Legal Issues in Applied TechnologyLegal Issues in Applied Technology
Legal Issues in Applied Technology
KarlyseRahming
 
170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits
Andrey Apuhtin
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Marco Essomba
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPER
HamesKellor
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
lmgangi
 

More Related Content

What's hot

IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
Authentic8
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
CloudMask inc.
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
ENC
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. Internet
Prof. (Dr.) Tabrez Ahmad
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
Felipe Prado
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodataSteph Cliche
 
mbiz122710_bitsec
mbiz122710_bitsecmbiz122710_bitsec
mbiz122710_bitsecbitsec
 
Research Proposal K.M.Sangeetha
Research Proposal K.M.SangeethaResearch Proposal K.M.Sangeetha
Research Proposal K.M.Sangeetha
Sangeetha M Kannuchamy
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Creus Moreira Carlos
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 
FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)
Dr Dev Kambhampati
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettle
Logicalis
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
EMC
 
Legal Issues in Applied Technology
Legal Issues in Applied TechnologyLegal Issues in Applied Technology
Legal Issues in Applied Technology
KarlyseRahming
 
170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits
Andrey Apuhtin
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Marco Essomba
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPER
HamesKellor
 

What's hot (20)

IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. Internet
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata
 
mbiz122710_bitsec
mbiz122710_bitsecmbiz122710_bitsec
mbiz122710_bitsec
 
Research Proposal K.M.Sangeetha
Research Proposal K.M.SangeethaResearch Proposal K.M.Sangeetha
Research Proposal K.M.Sangeetha
 
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
Carlos Moreira Cyber Security Round-table Moderation in NY 2014 M&A Advisory ...
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 
FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Practicing law online ebook 5.17
Practicing law online ebook 5.17Practicing law online ebook 5.17
Practicing law online ebook 5.17
 
No byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettleNo byod policy? Time to grasp the nettle
No byod policy? Time to grasp the nettle
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Ccs16
Ccs16Ccs16
Ccs16
 
Legal Issues in Applied Technology
Legal Issues in Applied TechnologyLegal Issues in Applied Technology
Legal Issues in Applied Technology
 
170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits170105 d link-complaint_and_exhibits
170105 d link-complaint_and_exhibits
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
 
CMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPERCMIT 425 RISK ASSESSMENT PAPER
CMIT 425 RISK ASSESSMENT PAPER
 

Similar to Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (Feb 2015) copy

Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
lmgangi
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseSelectedPresentations
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalRobertPike
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trust
OptimediaSpain
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
VikashSinghBaghel1
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure BrochureDave Lloyd
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
CompTIA
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation Tools
Paraben Corporation
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?
Fuji Xerox Asia Pacific
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
rgtechnologies
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
EzraGray1
 
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Cedar Financial
 
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Cedar Financial
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
CloudMask inc.
 
Information security
Information securityInformation security
Information security
Onkar Sule
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
MarcusBrown87
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amRod Dines
 

Similar to Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (Feb 2015) copy (20)

Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) final
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trust
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure Brochure
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation Tools
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?The Insider Threats - Are You at Risk?
The Insider Threats - Are You at Risk?
 
Data sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profitsData sovereignty issues: a 15 minute debrief for not-for-profits
Data sovereignty issues: a 15 minute debrief for not-for-profits
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
 
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
 
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 
Information security
Information securityInformation security
Information security
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
 

Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (Feb 2015) copy

  • 1. Contents page 2 General Editor’s note Karen Lee LEGAL KNOW-HOW page 4 Financial System Inquiry: Part 1 — A lending industry perspective on competition Leonie Chapman LAWYAL SOLICITORS and Tim Brown MORTGAGE AND FINANCE ASSOCIATION OF AUSTRALIA page 9 Encouraging and facilitating corporate turnarounds: effective debt restructuring Macaire Bromley DIBBSBARKER page 14 The letter of credit, right of suit under a bill of lading, and “debt” versus “damages” Lee Aitken TC BEIRNE SCHOOL OF LAW, UNIVERSITY OF QUEENSLAND page 17 Closing the gap with branchless banking: Thousand Islands leads the way with sustainable banking in Indonesia David Marcus BNP PARIBAS page 21 Westpac Banking Corporation v Kekatos David Richardson HWL EBSWORTH LAWYERS page 24 Three tips for banking lawyers to avoid the stormy cloud Tania Mushtaq EFFERVESQ General Editor Karen Lee Principal and Consultant, Legal Know-How Editorial Board Mark Hilton Partner, Henry Davis York, Sydney David Richardson Partner, HWL Ebsworth Lawyers, Sydney Bruce Taylor Solicitor David Turner Barrister, Owen Dixon West Chambers, Melbourne Nicholas Mirzai Barrister, Banco Chambers, Sydney John Mosley Partner, Minter Ellison, Sydney David Carter Partner, DibbsBarker, Sydney Samantha Carroll Special Counsel, Clayton Utz, Brisbane John Naughton Partner, King & Wood Mallesons, Perth Leonie Chapman Principal Lawyer and Director, LAWYAL Solicitors 2015 . Vol 31 No 1 Information contained in this newsletter is current as at February 2015
  • 2. Three tips for banking lawyers to avoid the stormy cloud Tania Mushtaq EFFERVESQ As the legal industry embraces cloud and mobility, it also inadvertently exposes itself to security risks such as data leakage, data breaches, malicious apps, software bugs and account hijacking, to name just a few. Lawyers tend to be more concerned about getting the job done in the most efficient billing timeframe, rather than worry- ing about how safe it is to access the office servers to download confidential client information and files. A major portion of a banking lawyer’s job is based on extensive searches and document sharing, which leaves little or no time for complex security policies set by IT departments. In the day-to-day matters, and in an envi- ronment where higher outputs are demanded in shorter timeframes, productivity takes precedence over security. The latter is left to the IT departments and service providers to tackle. However, in the age of the cloud, there is another new practice of shadow IT (unsanctioned use of the cloud) that takes IT departments out of the picture, potentially exposing confidential and sensitive information to significant risk. So, how can banking lawyers ensure that they can achieve their productivity goals while protecting corporate and sensitive client data from security breaches without laborious and compli- cated processes? The disruptive paradigm shift In the legal services sector, cloud technology is creating a disruptive paradigm shift. Lawyers are finding new ways to create differentiation in a highly competi- tive industry with offshore firms, especially from the United Kingdom and the United States, entering the Australian markets via mergers and acquisitions. As the cloud market matures, the concerns about the security of cloud-hosted data either ease or are addressed by ven- dors. This has helped the cloud foray into the more conservative industry sectors, such as financial, legal and government. The increasingly mobile lawyers are now able to leverage software-as-a-service (SaaS) appli- cations to enhance productivity, maximise billable hours and increase client interaction, thereby adding value for their clients. However, for banking lawyers, search and discovery tasks make up a bulk of time that does not add tangible value for their clients. The more innovative lawyers are, therefore, exploring and utilising new tools that facilitate agility, collaboration and productivity, avoiding cumbersome IT department approvals, the installation of hardware and the cost of constant upgrades. Australians, in general, are becoming more mobile, with 90% of the population using smartphones or tablets by mid-2014.1 Mobile phones, especially smartphones, are no longer used only for calls, text messages and emails, but have become a means of collaboration, research, networking and access to social media. In March 2014, the LexisNexis Mobility Survey revealed that eight out of 10 lawyers in Australia and New Zealand are using mobile devices for work and nine out of 10 rate their mobile phone as the most important item they pack for their trip to the office, showing what an integral part of a lawyer’s life mobile devices have become.2 Given that mobile devices are mainly used for content curation rather than content creation, and bank- ing lawyers heavily focus on sharing and reviewing documents, contract negotiations and extensive searches, the reliance on mobile devices is no surprise. Australian analyst firm Telsyte has reported that most organisations are already using some variant of cloud computing, with SaaS applications becoming prevalent across industries.3 Even the most risk-averse players in the financial services industry — the big four banks — have been in the process of deploying private and hybrid clouds since 2012. Smaller banks are also making the bold move to cloud, with ING having recently moved its entire production IT infrastructure to a private cloud. Cost cutting, improvement in productivity and customer engagement have been the main drivers of cloud adop- tion across the banking and finance industry. In addition to these drivers, lawyers are also using the cloud for easy back-ups and faster access to information. The risk of stormy cloud While mobility and the cloud have fundamentally changed the way banking lawyers work, they have also brought to the fore issues about the protection and security of data. The common misconception about mobility is that mobility enables people to become more mobile. The fact is that mobility enables people to become more connected and more stationary while the data becomes more mobile. Most financial institutions australian banking and finance February 201524
  • 3. are now demanding that lawyers take reasonable steps to protect sensitive information in the face of rising threats. The high profile breaches of 2014 have made even the most complacent organisations review and enhance their network security. The PricewaterhouseCoopers 2014 Global Economic Crime Survey for Australia ranked cybercrime in the top three threats for organisations.4 In certain situations, data in motion is more vulner- able to breaches than data at rest — that is, data stored in servers protected by firewalls and stringent IT depart- ment policies. When mobile lawyers connect to office servers and download information from their network to store on their devices, they have taken sensitive data out of a secure environment. Unless proper measures have been put in place to protect the mobile devices and data, lawyers have exposed everything they have stored on their phone to security risks. Just imagine leaving your mobile device containing confidential emails with clas- sified attachments in a café or taxi or on a plane. Telstra reports that over 200,000 phones are lost or stolen every year in Australia. The screen-lock passcode is not enough protection to prevent hackers from getting access to what is stored on your mobile device. With the growth of internationalisation in the past few years, banking lawyers are also increasingly engag- ing in cross-border collaboration when advising on and investigating extremely sensitive corporate information. While the cloud services models comply with Austra- lia’s privacy laws, banking lawyers need to be mindful of the new Australian Privacy Principles (APPs), espe- cially APP 8 (cross-border disclosure of personal infor- mation) and APP 11.1 (security of personal information) that put the onus of security on senders of information and the organisations they represent. These APPs hold Australian senders of information liable for the actions of overseas recipients and require organisations to take reasonable steps to protect personal information.5 Three simple steps to prevent the stormy cloud Change your passwords very regularly The rising use of cloud applications and services has created new opportunities for cybercriminals. Passwords are no longer adequate protection for any mobile device or for any cloud subscription service. Some of the major high profile breaches of 2014 — including the eBay hacking, where cybercriminals were able to steal mil- lions of passwords — are evidence of how easy it is to acquire passwords and how critical it is to ensure that they are changed regularly. Hackers use a number of ways to find out passwords, including the English dictionary, names dictionaries and foreign words. In addition to changing passwords regularly, it is recom- mended that passwords: • have 12 characters; • include a combination of capital letters, numbers and symbols such as exclamation marks, asterisks or ampersands; and • not be made of common words or names, or representative of birthdays. In a security breach where 38 million passwords of Adobe accounts were leaked, analysts discovered that the most commonly used password of those 38 million was 123456.6 Protect your mobile device Mobile devices are not secure by default. Many people have the misconception that their mobile devices are safe with the screen-lock passcode. This is not true. The only way to protect a mobile device is to ensure that some form of mobile security solution is installed. The most commonly known secure mobility solution is known as mobile device management (MDM). This allows a device lockdown and remote wipe from the IT department of an organisation in case the device is lost or stolen, or the employee has left the firm. Most telecom service providers also offer some type of MDM solution for mobile devices and can provide advice on what will best suit the needs of the individual user. Another way to protect the corporate data on mobile devices is containerisation. This means creating a parti- tion between corporate data and the rest of the device. Creating a partition allows lawyers more flexibility to get on with using their personal apps and personal emails while protecting and encrypting corporate data. The container can be easily wiped out remotely without impacting the rest of the apps and data on the device. There are enterprise solutions available for small and large firms from various vendors. Some cloud-based containerisation solutions are available at very reason- able per-user-per-month subscription costs that are well worth the investment, given the extremely sensitive nature of the data banking lawyers handle — especially in cross-border communications. Create secure workflows if shadowing These days, there is an app for pretty much anything — except, of course, one that can make us a cup of coffee in the mornings. Most organisations are now focused on building in-house apps to enhance customer experience and allow customers to access their services from mobile devices no matter where they are. Apps such as those that allow us to annotate PDF documents australian banking and finance February 2015 25
  • 4. on our mobile devices, share files with our clients and peers, video conference and invite people to participate in meetings enable us to get on with our jobs from anywhere, anytime. However, not all apps are secure and it’s now always clear how the information stored in and passing through these apps will be used and protected. When lawyers use unauthorised cloud services —such as Dropbox, Skype and Viber —to conduct their jobs, it puts sensitive information at risk since IT departments no longer have any control over monitoring the security of the data passing through these apps. If there is a need to use apps that are not built in-house, it is important to conduct proper research to ensure that those apps are secure and to implement two-factor authentication where necessary. While the cloud makes life easy and helps lawyers increase efficiency, there is also an abundance of mali- cious apps around. Cybercriminals are always on the lookout for new and creative ways to get their hands on sensitive information because such information is con- sidered digital gold, selling on the black market for a handsome sum. In addition, we are all human and losing our mobile device or having it stolen can never be ruled out as a possibility — no matter how careful we are. Banking lawyers, in particular, are privy to corporate secrets, major banking deals and sensitive financial information that, once leaked, can cause major — and, in some cases, irreversible — financial and reputational damage. Therefore, in this era of growing cloud adop- tion and the proliferation of apps, vigilance is the best defence. Tania Mushtaq Director Effervesq effervesq@gmail.com Twitter @tanmushi About the author Tania Mushtaq is the founder and director of Effervesq Pty Ltd, a marketing communications consultancy for the IT industry. Tania has worked and written exten- sively in the space of IT, with specific focus on cybersecurity, mobility, the cloud, information management and gen- erational differences. She also ghost writes for senior IT executives and has worked with clients across Asia Pacific to develop business positioning and differentia- tion strategies. Tania holds an MBA from the Macquarie Graduate School of Management. Footnotes 1. P Budde, K Wansink and H Lancaste “Australia — Mobile Communications — Statistics and Forecasts” BuddeCom July 2014, available at www.budde.com.au. 2. LexisNexis Pacific “The age of the mobile lawyer” SmartOf- fice, available at www.lexisnexis.com.au. 3. R LeMay “SaaS apps now mainstream in Australia” Delimiter 13 December 2014, available at www.delimiter.com.au. 4. PricewaterhouseCoopers Corruption: From the Backroom to the Boardroom — PwC’s 2014 Global Economic Crime Sur- vey: The Australian Story 2014, available at www.pwc.com.au. 5. A Christie “Australia: cloud computing and the new Australian privacylaw”Mondaq24September2013,availableatwww.mondaq.com. 6. N Goguen “9 easy ways to choose a safe and secure password” No-IP 4 December 2013, available at www.noip.com. australian banking and finance February 201526