What makes a good prison? High perimeter fencing? The very latest in 4K night-surveillance CCTV cameras? Guards trained in restraint techniques to keep prisoners in order?
No. What makes a good prison is that people don’t escape from it.
Timothy Rouse, a man convicted and sent to jail multiple times for burglary, robbery, theft, and assault in Kentucky, USA, hatched upon a daring escape plan back in 1997 and as reported in the Guardian at the time.
One of his friends went to a nearby grocery store and sent a fax to the prison in which he was incarcerated demanding his release. The fax had no letterhead but claimed it was from the state’s highest court. It was strewn with grammatical errors and typos.
You can guess what happened next. He walked straight out of prison.
The design of prisons has evolved over time to make escape more difficult. But that didn’t stop an Australian convict smuggling laxatives into prison so he could slip through his cell bars and jimmy out of a crack he chiselled in the wall with a butter knife. It also didn’t stop Bosnian Muradif Hasabegovic constructing himself a parcel and mailing himself out of an Austrian jail.
All the technology and design elements employed by a prison doesn’t make it a good prison if the guards aren’t trained to be diligent and observant.
And it’s exactly the same with your practice or chambers.
Think of the technology that you use to keep sensitive business and client information secret to your organisation. Around the world, in the way that convicts are always concocting new ways to break out of prison, cybercriminals are employed in the same arms race against firms like yours trying to break in through your firewall.
On your computers, stored away in dozens of folders and integrated into countless databases, is gold for cybercriminals. Within your practice or chambers, you and your colleagues are the prison guards and you can’t afford to get caught out. Someone at the top of your firm has to take responsibility for erecting the best defence of all, your “human firewall”.
The human firewall is you, your fellow partners, your IT staff, and the rest of your employees taking responsibility for the security of data in your firm. It’s every person within your practice or chambers recognising that it’s just as much their responsibility to be cybersecure as it is anyone else’s.
Cybersecurity must be a culture within your firm and everyone in it must know the consequences of it going badly wrong.
For example, your human firewall goes above and beyond to check what that unusual activity from that unknown source on your network is. Is someone trying to infiltrate the email server to intercept communications between your firm’s conveyancing department and the clients you’re representing?
We all know the dangers of being caught out by conveyancing fraud with brand damage and the removal from lenders’ panels being the ultimate sanctions. Is your email server really as secure as you think? Is there a rogue Wi-Fi connection somewhere on your network with little or no security that cybercriminals could connect to?
Are your files encrypted? Even the most determined hacker can’t break the latest encryption algorithms.
Could someone use removable media to download significant amounts of data from a desktop terminal or a server computer?
Are there tried and tested robust communications systems between staff members to stop your practice or chambers falling victim to CEO fraud?
Getting your human firewall right is about understanding each staff member’s current level of knowledge not only on your firm’s technology but in the ways that those with malicious intent try to circumvent your existing protections.
If cybersecurity and data security is to work well, the technical side of it is crucial – many of you already employ us to do that for you.
But as we’ve seen with escaped prisoners, it only takes someone in your firm not being able to understand or interpret a situation they find themselves in that means sensitive client data is lost which could destroy your reputation and, in the era of GDPR, mean that the Information Commissioner will be asking some very awkward questions.
We reported in October 2016 that “threats to the UK Legal sector are a near certainty, especially considering the valuable information held by law firms” and there has been nothing that has happened since to change our opinion.
Contact us to find out about Sprout CyberAware, the legal practice learning program on cybercrime, and ask about our 30-day trial. Call 020 7036 8530 or email firstname.lastname@example.org.
Latest posts by Matt Torrens (see all)
- Mobile device management – keeping your critical data secure - January 1, 2018
- How to fix the flaw in macOS High Sierra that leaves your Mac vulnerable - November 29, 2017
- The Human Firewall For Your Practice Or Chambers - November 21, 2017