The legal sector has been innovating through the intelligent deployment of technology and IT in the last decade.
In the first wave of innovation, the major improvements came through increased work mobility, enhanced data security, and a better ability to tailor the delivery of services to clients. The second wave builds upon the first wave as this technology and the need for it are now accepted – now the focus is on using technology to compete better.
Cyber Essentials Scheme
Businesses have locks on the doors of your premises and passwords on their computers all for one reason – safety. For solicitors’ practices and chambers wanting to show the world that they can be trusted with confidential personal and commercial data, one approach to consider might be becoming accredited to the government’s Cyber Essentials Scheme.
Launched in June 2014, the Cyber Essentials Scheme is the de facto cyber security standard for the UK. This allows legal firms and other businesses to show that they can measure and reduce the potential risks to their cyber security - and all of the data that they handle.
The Cyber Essentials scheme has two levels of classification that a business can obtain. These are:
This is the standard certification that proves that you have undertaken a self-assessment questionnaire as well as an external vulnerability scan. This scan verifies that your security systems are both up-to-date and appropriate for the data that you are handling.
If you want to be able to display to existing and potential client accreditation to a security certification which proves that your firm and its staff have a strong understanding of cyber security, then this is a viable option.
Cyber Essentials plus
This certification includes all of the previously mentioned checks as well as an additional internal scan that checks your firm’s security levels as well as subjecting your organisation to an on-site assessment.
This can be helpful because some clients will specifically request that you demonstrate a high level of cyber security awareness particularly if you are dealing with personally- or commercially-sensitive data. Additionally, if your employees have the option from working from home or you have third parties with access to your data, you should be able to show that you can mediate these risks as well.
The 5 Cyber Essentials controls
The Cyber Essentials certification is based around 5 main controls, which are:
- Secure configuration (having all of your devices set up properly and kept up to date)
- Boundary firewalls and internet gateways (to monitor your bandwidth limitations)
- Access control and administrative management (to remove insider threat)
- Patch management (keeping on top of software patching and updates)
- Malware protection (in order to stop viruses and hacking)
The benefits of having a certification
The Cyber Essentials certification not only demonstrates your firm’s awareness of a growing cyber threat, it also allows you to:
Protect your organisation from cyber attacks
Approximately 80% of cyber-attacks can be avoided by meeting the criteria to achieve the certification. This is according to a study published by the government.
Demonstrate your security to your customers and suppliers
Customers will find your firm a better prospect to work with if they know that their data is in safe hands. Where data security is a prerequisite to dealing with a particular client, not having the certification could result in losing customers.
Work alongside the government
The Cyber Essentials certification will allow your firm to work with the government and the Cyber Essentials Plus certification will give you the opportunity to work with the Ministry of Defence as well.
Reduce cyber insurance costs
Cyber insurance agencies look more favourably towards business’ that have been awarded the certification. This will lower the costs of any cyber insurance that you take out – saving your business money in the long run.
Sprout IT offers a Cyber Essentials program – click here to find out more.
End to end encryption
Before we explain what end-to-end encryption is, let’s take a look at some of the basics about encryption itself. To start with, encryption is the method used by computers to take readable text and transfer it into an unrecognisable code. To turn this code back into text, you must use a decryption key. This allows data to be safely transferred between people and businesses without the worry of having the information being stolen. This can be seen commonly in industries such as banking, where protecting data is extremely important.
End-to-end encryption is a way of encrypting data so that only the sender and the recipient have the encryption and decryption keys. Typically, a new encryption is used each time, making it the most secure way to transfer data from one place to another.
The keys for the encryption are stored exclusively at either end of the transmission, meaning that nobody in-between (whether that is an internet service provider, an app, or any other third party) can read or interfere with the message.
Additionally, there is no known way to break the encryption. There aren’t any algorithms that have been devised yet that can break them and no computer has the power to try and decipher the code.
How does end-to-end encryption work?
End-to-end encryption is based around the concept of “public keys” and “private keys”. These keys are given to both the sender and recipient of the message. Here is an example of how this works:
Mark writes a message to his client Nikita and the message contains an attachment with the latest progress on due diligence during a company takeover. He uses Nikita’s public key to encrypt the message. The server that it was sent on will only see a seemingly random selection of letters, numbers, and punctuation marks.
Nikita uses her private key to decrypt the message and the attachment, which she can then read and she is now able to answer Mark’s question.
This whole process is done automatically and you won’t normally notice that it is happening. For example, did you know that WhatsApp uses end-to-end encryption in all of their messages? As you can probably tell, it doesn’t affect the performance of the app and all of the messages that you send are only visible to whoever received them.
Advantages of end-to-end encryption
End-to-end encryption keeps your data safe in the case that it’s hacked or accidentally falls into the wrong hands. It doesn’t matter what you are sending - if the server that you are using gets hacked and you’re not using encryption, then all of the messages that have been sent using that server will be visible to the hackers. With end-to-end encryption, hackers will only see your encrypted data which they won’t be able to decode.
It also keeps your data private. If you allow your data to be sent and stored without encryption, then every server that you use will be able to save it without you knowing. This will provide clients with the peace of mind that they need.
Innovation as a Sprout IT client
Sprout IT provides high quality legal IT support, cloud & consultancy for the legal industry, 24/7 service, 365 days. On all issues relating to end-to-end encryption and on the Cyber Essentials scheme, please call us today on 020 7036 8530 or email us.