So what happened in February?

At Digital Pathways, we understand a thing or two about cyber security and the risks surrounding data breaches. As you would expect, we strive to keep on top of major events where a firm or individual falls foul of cyber criminals. With the details understood, we can then impart our knowledge and advise people on how best to avoid similar threats.

Despite this, even we couldn’t believe the sheer quantity of attacks that took place in February this year, or the lack of coverage that these breaches and attacks were given. Seeing the many data breaches and cyber security failings still taking place around the world made us wonder whether as a society we are already becoming deaf to the escalating threats posed online. From ransomware attacks that devastate families, to careless and malicious employees causing irreparable damage to an organisation, we all seem to have become desensitised to the risks.

Encryption As The Cornerstone Of Big Data Security

Big data programmes benefit organisations in many ways, driving competitiveness and innovation. But they can also increase security risks. One of the most important issues for organisations running big data projects is balancing the need to protect data from misuse, fraud or loss, while ensuring the ability to perform big data analysis is preserved.

Big data sets harness information from multiple sources, such as databases, data warehouses, log and event files, security controls, and user-generated data such as from emails and social media posts. The information collected can be in either structured form, such as in the columns of a database, or unstructured, such as information contained in a word processing document.

Dealing With The Mobile Nature of Data Sharing in the Legal Sector

The way that we digitally share information has changed dramatically in recent years, thanks to the rapid evolution of cloud storage and increasing intelligence of smart phone technology. What each of these innovations has allowed is more mobility with our data, giving individuals access to vital files and documents from multiple devices almost anywhere in the world. This mobile nature of data allows us to be more efficient with how we share things, and access them, but it does also bring with it inherent risks in terms of digital security.

The legal sector, perhaps more than any other, regularly faces these risks, with firms not always capable of dealing with their data correctly. One common issue for legal firms that is routinely ignored is the ability for employees to access their personal accounts not just from their office machines, but also through a home computer, tablet, or phone. Although this may seem to be a more convenient way to operate, as it enables the team to continue working outside of office hours, the risks are very real.

Predicting 2017: Security Challenges and The Internet of Things

Each year we share our predictions for the digital security world for the year ahead. One of our predictions for 2017 is that there will be an increase in home-attached devices being compromised. This is due to the rise of the Internet of Things (IoT); everyday objects, such as kettles, fridges, and televisions, that connect to networks, enabling them to send and receive data via the internet.

These devices are designed to make our lives easier to manage. We can preheat the oven using our smart phone before we leave work, or control our sprinkler system while we are away on holiday.

Why Encryption is the Baseline Solution That Every Company Should Have

Major cyber breaches are consistently hitting the headlines, with successful attacks causing lasting damage to brands and costing businesses in excess of an estimated $400 billion a year.

Perimeter security, such as firewalls and anti-virus software, are no longer enough to protect against increasingly frequent and sophisticated attacks. Should perimeter security be breached, then a hacker can have unopposed access to privileged data from within the network.

What is GDPR? And How Will It Affect The Legal Sector?

If you have been paying attention, it is likely that you will have heard murmurs about the upcoming changes to the way that personal data will be protected in Britain. You may even have heard us outline some of these changes ourselves in our blog ‘How will the changes brought in by GDPR affect your business?’. For almost 20 years, we have relied on the Data Protection Act to be our sole regulatory legislation for the responsible processing of personal information. On the 25th May 2018, this will change.

The EU’s General Data Protection Regulation (GDPR) is a set of compliance regulations that organisations and businesses will be obligated to adhere to. When processing data, these robust, much stricter set of rules will be the benchmark for companies to meet, in order to avoid the fines that incompetence, and ignorance, will claim. Despite the huge changes that GDPR is promising for UK businesses, there still seems to be a certain amount of unawareness across the country, no more so than in the Legal Sector.

Why are cyber-attacks on the increase in the Legal Sector?

Statistics from PwC’s 25th annual Law Firms Survey show that cyber-attacks on law firms in the UK increased by nearly 20% between 2014-15 and 2015-16, with 73% of the top 100 law firms being targeted by cyber-attacks.

Holding a wealth of sensitive information, it is easy to see why the legal sector is an attractive target for cyber criminals and hacktivists.

With the rise in cyber-attacks on the legal sector showing no signs of abating in 2017, it is more crucial than ever to ensure you are fully protected against this kind of threat.

Law firms are being attacked – Are you prepared?

Threats to cyber security are a concern for every industry and business. However, the legal sector remains an especially attractive target due to the wealth of sensitive information held by law firms.

Patent data, merger and acquisition information, negotiation information, and protected witness information are just some examples of sensitive commercial data and intellectual property that are highly desirable to cyber criminals, hacktivists, and state-sponsored parties.

It is easy to see why legal firms are rich with opportunity for these groups.

How will the changes brought in by GDPR affect your business?

In the UK, The Data Protection Act of 1998 has been the sole regulatory legislation that companies based here have had to comply to. An Act of Parliament, it was introduced to protect the personal data of British citizens, by outlining exactly what businesses must do when processing their information.

On the 25th May 2018, the Data Protection Act will be replaced by the EU General Data Protection Regulation (GDPR). This is a Europe-wide set of compliance obligations, rules that will again stipulate what must happen when an organisation handles and processes data. It is widely agreed that the GDPR is a far more robust set of regulations than what is currently in place, with the main changes in the areas of child consent, privacy by design and data breach notifications.

The Importance of Baseline Security

Understanding your company position in terms of digital security is vital to knowing whether you can and will be protected moving forward. Although having layers of security to protect you against the multitude of threats a company can face is preferable, there is a bare minimum standard that you should be aiming for.

That bare minimum would be a Gap Analysis of your current situation. This is a method of assessing the differences in performance between a business’ information systems or software applications, to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully. The first step is always to understand the present and isolate the issues that must be addressed moving forward.