The recent Mossack Fonseca breach involving approximately 11.5 million documents and being critical to the legal sector, is one with immense ramification and one that will be remembered for some time to come. This breach has raised the profile of cybersecurity within the legal sector significantly, so much so that the clients of law firms are beginning to dictate a minimum standard for data security and are questioning security practices.
Clients are more knowledgeable of cybersecurity and expect the security requirements to be met-ISO27001 being a more generic option, along with Cyber Security Essentials guidance. Encryption and access control is also featuring heavily in client requests. Clients are insisting that their data remains private; they want to be assured that no-one has any capability to view their data. Although security was and remains a recognised concern for the Solicitors Regulation Authority (SRA) and their members, this breach has placed further pressures on the legal sector to achieve the fundamental security requirements.
Unfortunately, the Mossack Fonseca hack is not a once-off occurrence. Reports are surfacing daily of targeted attacks on law firms, occurring within M&A, conveyancing, and tax areas (to name a few). The surge in attacks is attributed to the high value apportioned to the data by competitors and governments. Unencrypted data can be viewed and downloaded (to view and pass on at leisure) by the hacker, once the infrastructure is compromised.
Majority of Law firms realise the necessity to secure their stored data. Securing the delivery of confidential data is also a growing concern, though not all law firms are mindful of all the intricacies with this security component.
Questions often asked include:
- How can I send contracts to my clients securely?
- Emails are so easy and universal – but can I trust them for communications?
- Who can view the data contained in my emails and files?
- What happens to the data when it leaves my organisation?
All these questions are valid and it is essential to ensure that:
- The information remains confidential wherever it is stored
- No changes have been made to emails and documents
- No-one else can view the data, when in transit or at rest
There is no underestimating the challenges that law firms are experiencing presently, nevertheless this too presents a fantastic opportunity to be recognised as a leader in cybersecurity. Embracing this opportunity could provide a commercial advantage over competitors. Clients must be assured of their security and this is easiest achieved through making security visual.
How can Galaxkey help?
- Stop other people viewing information, even if they are on your infrastructure
- Secure the delivery of emails and the transfer of files
- Prove that the sender is authentic to prevent spoofing and phishing attacks
- Logging of transactions
Why is this important?
Without procedures in place to protect information you are confronted with an elevated risk of being targeted and compromised by malicious attacks. The potential for insider-attacks should not be dismissed either as these are increasingly common. Using Galaxkey, emails and files can be encrypted, wherever they are stored. Cloud storage platforms can be utilised with confidence, if the cloud provider is compromised the secured data remains safeguarded.
Custom branding opportunity
Galaxkey allows for custom branding. The solution can be branded as your own secure communications platform. Hereby, when sending an email or file securely, you ensure that your own brand is recognised as a security leader in the legal sector. An example of a custom branded secure email can be seen on the left and this can utilise the existing Galaxkey clients, as well as a full custom branded web access gateway. This is an effective way to spread your brand and security message.
Has the data been changed?
When sharing information, it is important to ensure that the data has not been changed. Moreover, it is best to use a solution that can assure that the sender of the email is who they say they are. This is possible with Galaxkey and we have collaborated with many financial and government organisations to implement these secure communications platforms.
But I don’t want my recipients to have to pay!
Any users that are not on your domain can communicate with you under the free licenses. This means that even if you are dealing with 100’s or 1000’s of other individuals from different organisations, you will only ever pay for your internal users. This removes a huge barrier to the uptake of encryption.
How can I find out more?
Contact Galaxkey to discuss how we can help you to secure the data you are storing and sending between yourselves and your clients.