When Familiarity Breeds Complacency – How to Identify Authentic Emails

For many, a daily routine exists from the moment they sit at a desktop or take their first swipe of a tablet. It involves identifying important emails in your inbox and disregarding the spam. In most instances, this is a tedious yet simple task. We click on emails from contacts we know, or from an organisation we trust, and delete those we have no interest in. We look for the familiar and discard the unknown. It is a routine that drains time but a system that in the past has kept us reasonably safe from hackers. Repetitive yet necessary. Read more

The Imitation Game: Keeping Safe From Phishing Emails and Websites

A poorly written, plain text email requesting sensitive information arrives in your inbox from a sender you have not interacted with before. Without much thought you delete the email, writing it off as bogus.

Further down you come across an email with the subject: Update Your Account Information. In the sender column is your bank’s name. The HTML email is well formatted, using the colours, layout, font, and logo of your bank. The email states that as a security measure, you will no longer be able to access online banking unless you update your account information. Beneath this message is a hyperlinked sentence which reads, ‘Sign in to update your account information’. The email is signed from your bank’s customer service team. Read more

What Do You Need to Know Before Buying Cyber Insurance?

What do JP Morgan, Sony, eBay, Yahoo, Three, and Talk Talk have in common?

In the past two years, these companies have all been victims of cybercrimes and have experienced widespread media attention as a result.

An increase in cybercrimes, followed by an increase in media reporting of breached businesses, and moves towards tougher regulatory penalties, has created an emerging market for cyber insurance. Read more

GDPR: Are You Ready?

Having recently attended Legalex, the UK’s largest legal event for lawyers and law firms, it is clear the sector is not fully prepared for the General Data Protection Regulations (GDPR) due to come into effect in May 2018.

During round table discussions about the preparations firms are making in advance of the GDPR, responses ranged from firms only beginning to consider the impact it will have, to those who haven’t thought about it, or who are adopting a wait and see approach.

In just over a year’s time, when the new regulations are implemented, the consequences of failing to adhere will be severe, and ignorance will not be an excuse. Read more

The GDPR and Everyday Breaches

In just 12 months’ time, the EU’s General Data Protection Regulation (GDPR) will come into effect, replacing the UK’s current Data Protection Act. These new regulations will have a significant impact on the way data is managed.

The consequences of failing to comply with the GDPR are significant, with fines of up to 4% of a company’s turnover, or €20,000,000 – whichever is larger. With the clock ticking, it has never been more important to ensure robust systems for data management are in place. Read more

What Digital Security Measures Should You Be Thinking About as An In-House Legal Department?

If you work as part of an in-house legal department for a professional organisation, then your remit for protection is likely to be vast. Depending on the size and sector of the business, the legal work required will range from employment and contract negotiations, to commercial and marketing work. With so much compliance required to secure and safeguard companies against legal action, it is unsurprising that some protective measures fall through the cracks. Read more

Why Use A Digital Signature?

Whether receiving a document from a business partner, or downloading software from the internet, the ability to verify the integrity of a file is crucial. Documents that have been tampered with or created fraudulently pose a serious threat to any business.

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital file. With a valid digital signature, the recipient of a document has reason to believe a known sender created it, and prevents them from denying sending it (authentication and non-repudiation). Like a tamper-proof seal, it also indicates that the document was not altered during delivery (integrity). Read more

So what happened in February?

At Digital Pathways, we understand a thing or two about cyber security and the risks surrounding data breaches. As you would expect, we strive to keep on top of major events where a firm or individual falls foul of cyber criminals. With the details understood, we can then impart our knowledge and advise people on how best to avoid similar threats.

Despite this, even we couldn’t believe the sheer quantity of attacks that took place in February this year, or the lack of coverage that these breaches and attacks were given. Seeing the many data breaches and cyber security failings still taking place around the world made us wonder whether as a society we are already becoming deaf to the escalating threats posed online. From ransomware attacks that devastate families, to careless and malicious employees causing irreparable damage to an organisation, we all seem to have become desensitised to the risks. Read more

Encryption As The Cornerstone Of Big Data Security

Big data programmes benefit organisations in many ways, driving competitiveness and innovation. But they can also increase security risks. One of the most important issues for organisations running big data projects is balancing the need to protect data from misuse, fraud or loss, while ensuring the ability to perform big data analysis is preserved.

Big data sets harness information from multiple sources, such as databases, data warehouses, log and event files, security controls, and user-generated data such as from emails and social media posts. The information collected can be in either structured form, such as in the columns of a database, or unstructured, such as information contained in a word processing document. Read more

Dealing With The Mobile Nature of Data Sharing in the Legal Sector

The way that we digitally share information has changed dramatically in recent years, thanks to the rapid evolution of cloud storage and increasing intelligence of smart phone technology. What each of these innovations has allowed is more mobility with our data, giving individuals access to vital files and documents from multiple devices almost anywhere in the world. This mobile nature of data allows us to be more efficient with how we share things, and access them, but it does also bring with it inherent risks in terms of digital security.

The legal sector, perhaps more than any other, regularly faces these risks, with firms not always capable of dealing with their data correctly. One common issue for legal firms that is routinely ignored is the ability for employees to access their personal accounts not just from their office machines, but also through a home computer, tablet, or phone. Although this may seem to be a more convenient way to operate, as it enables the team to continue working outside of office hours, the risks are very real. Read more