Firms urged to consider end-to-end security
Investing in good internal security systems is a good start, but firms need to consider end-to-end security to safeguard them when communicating with external businesses or clients, according to a security company manager.
Dekko Secure general manager Eric Schwantler said even if law firms have secure and protected internal communication pathways, as soon as they communicate with external people, that security can be lost.
“Security breaches are mostly not about communication within the law firms, it’s about when law firms or partners have to correspond with other businesses, law firms or individuals outside,” Mr Schwantler said.
“Even if they've got very good security systems, as soon as they have to go outside of their premise, they're vulnerable because they’ve given that information to somebody else’s system.”
Mr Schwantler said by way of example a law firm may need to send a critical document to a high-profile client who asks the firm to send it to their personal Gmail account.
“It doesn't matter what the law firm does, it’s now sitting inside Gmail’s server in America,” he said. “So end-to-end security is critical.”
Firms should consider using a system that allows them to create closed communication networks with their clients, where all parties are required to create an account to share encrypted information without having to send it to each other via email, Mr Schwantler said.
“When person A talks to person B, it doesn’t matter whether they're in different parts of the world, it needs to be encrypted at point A and decrypted at point B,” he said.
“So that’s one way of solving the problem, creating a closed circle for communication.”
However, Mr Schwantler said there is only so much firms can do as external hackers tend to only compromise 20 to 25 per cent of all security breaches. The rest of security breaches are caused by insiders, he said.
“That's split in to insiders that are maliciously doing something like intentionally sending customer records or sending documents out that shouldn't be sent out, and then there are mistakes, such as people sending an email to the wrong person."
He added: "That’s a problem you can’t avoid.”