A presentation at Legalex 2019, a legal tech event for the British legal sector. Secure cloud for legal professionals. Presentation by a data protection counsel.
2. Petra Kovacsics LL.M.
Data Protection Counsel
Introduction
Agenda
1. The most significant cyber
threats for law firms
2. Moving to the cloud – pros
and cons
3. The Solicitors Regulation
Authority (SRA)
Code of Conduct
4. The Bar Council’s
Recommendations
relevant provisions
3. The most significant cyber threats that law firms
should be aware of
Source: National Cyber Security Centre: The cyber threat to UK legal sector 2018
PHISHING
The amount stolen
from law firms
through phishing in
the first quarter of
2017 was 300%
higher than the
previous year.
HUMAN ERROR
Over 50% of data
breaches are caused
by insiders.
RANSOMWARE
WannaCry incident
in May 2017, which
affected 200,000
computers in 24
hours.
SUPPLY CHAIN
COMPROMISE
Supply chain
compromises have
increased
significantly - as
much as 200% in
2017.
4. Cyber threats cost time and money for UK businesses
60%of law firms reported suffering some form
of security incident in 2018
46%of law firms reported loss or leakage of
confidential information caused by their
own staff
₤113is the per capita cost
for each lost or stolen record
20%rise occurred in cyber-attacks
on law firms since last year
Sources: 2018 Cost of a Data Breach Study: Global Overview by Ponemon Institute
PWC Law Firms’ Survey 2018
5. If a law firm does not safeguard confidential client
information and client communications, they could
involuntarily violate the duty of confidentiality and
suffer devastating reputational damage.
In other words, these rules require lawyers to not only
keep abreast of the law but technology, as well.
7. Companies have serious security concerns regarding
moving to the cloud
× Possibility of data loss
× Possibility of data leakage
× Losing control: who has access to my
data? Who can modify my documents?
× Possibility of being hacked
8. Does this mean law firms are
not supposed to use cloud
services?
9. What do legal professionals use now?
The majority of legal professionals use consumer-grade cloud
services to store and share documents.
100-499 lawyers 500+ lawyers
Dropbox 54% 47%
Google Docs 25% 32%
iCloud 18% 32%
Many others still use on-premise solutions as they have security
and backup concerns regarding the cloud.
Source: PWC Law Firms’ Survey 2017
12. SRA best practice for due diligence and to improve
security
❑ Provider must be at a minimum compliant with
ISO27001:2013.
❑ Secure communication channels while working on the
move.
❑ Use automatic client-side encryption.
❑ Work with providers based in countries with strict data
protection laws.
14. Bar Council Criteria #1: Store data on EU servers
Remote servers used to store data should be
in countries with adequate data protection
regime.
15. Bar Council Criteria #2: Encrypt personal data in the cloud
Providers applying server-side encryption store
encryption keys and passwords on their servers, so
their admins can see the stored files.
With end-to-end encryption, these keys are not
revealed to the provider, hence, the only people able
to see the content are the ones with permission.
16. Bar Council Criteria #2: Encrypt personal data in the cloud
Server-side encryption
The encryption key is stored in
the cloud in plaintext format,
therefore the cloud provider
can see your data.
17. Bar Council Criteria #2: Encrypt personal data in the cloud
End-to-end encryption
Only you and your recipients
have the key to decrypt and
see the files.
18. Bar Council Criteria #3: Use a zero knowledge provider
Storing password and encryption keys in the cloud
makes the stored data vulnerable – if the cloud
provider can read it, so can hackers.
Providers offering zero knowledge encryption do not
store passwords, so the documents are absolutely
secure.
20. Read more about how Tresorit can help legal
professionals work securely and productively in
the cloud or read a customer testimony from
Apogee Law Group.
Try Tresorit for FREE
Take the opportunity to try our ultra-secure
service for free
Schedule a live demo
Learn more about Tresorit and cloud encryption
from our experts
The materials available in this presentation are for informational purposes only and do not constitute legal advice.
To obtain advice with respect to a particular issue, you should contact your attorney.