From: The Lawyer
Cyber security in-house interview: A warning from the watchdog
By Jonathan Ames
Lawyers are among the most vulnerable to information breaches, according to the Information Commissioner’s Office
Mixed messages are coming out of the UK’s information and data watchdog about just how vulnerable the legal profession is to cyber security breaches – indeed, about just how severe the threat is to businesses overall.
On the one hand lawyers in the enforcement division of the Information Commissioner’s Office (ICO) point out that most recent self-reported breaches of data protection legislation do not relate to cyber issues.
“That’s one of the lesser problems at the moment,” says Catherine Bamford, a senior ICO solicitor, citing statistics for the past quarter that show the office handled only seven cases of private information erroneously uploaded to websites.
More problematic are the relatively straightforward cases of stolen laptops and other portable devices containing unencrypted information. Even old-fashioned paper documents and what, for most, is the prehistoric technology of fax machines feature
A lesson for lawyers
Bamford says that so far no large UK law firm has self-reported a breach to the office. And in the past quarter the office has issued just one notice to the legal profession, a sole practitioner’s practice that paid the price for economising on technology. Still, the story is a salutary one for that segment of the profession.
The lawyer had installed an off-the-shelf web package for the business that was designed for home computing and not suitable for holding sensitive client information. Simon Rice, the ICO’s group manager for technology, explains that the solicitor was acting in a copyright infringement matter that involved loading personal details of several individuals on what turned out to be an insecure system.
The firm was targeted by hackers with an interest in the case and the system was far too vulnerable to withstand the attack.
“It didn’t take them long to bring the whole thing down and for security to be breached,” says Rice.
That incident had serious ramifications for the firm. The solicitor was initially subject to a £200,000 fine but was slashed to £1,000 on an application regarding the lawyer’s financial position. Even so, the practitioner was eventually bankrupted.
Leave a Reply