Bloomsbury Law Online

Articles filed under Security

https

HTTPS stands for Hyper Text Transfer Protocol Secure, the secure version of http, the protocol for communicating data between your browser and the websites that you are connected to. https ensures that all such communications are encrypted.

For several years now technical experts have highly recommended the use of https instead of http for exchange of information between web browser and web server. But while the change to https in the browser is painless, there are significant additional costs to implementing https on a server. Given these, why is https so strongly recommended?

Hacker Firewall by Christoph Scholz

Encryption is a way of making data secure, so that it can only be accessed by authorised parties. Cryptographic techniques are used to render information unintelligible to any third parties whilst it is being stored on an electronic device such as a laptop or smartphone, or during its transit from sender to recipient over the internet or other types of computer network.

There are many techniques of encryption but the main principles are as follows:

  • Unencrypted data is referred to as “plaintext”.
  • Plaintext is encrypted using an algorithm known as a “cipher”.
  • The algorithm also generates a pseudo-random encryption “key”.
  • Once plaintext has been encrypted it is known as “ciphertext”.
  • The ciphertext is unreadable and can only be deciphered (ie converted back to plaintext) with the symmetric (private) or asymmetric (public) key which was previously generated by the algorithm.
  • End to end encryption means that data which passes through a company’s servers (eg WhatsApp) can only be read by the sender and recipient and cannot be accessed or interfered with by the company handling the data.

new-dps-apps

Clients are demanding Apps for real-time communications, lawyers need them for remote working. But how do we improve the security of apps in order to prevent any data security breaches?

Law firms are prime targets for cyber-attacks due to the amount of money they hold for clients and the sensitive information they control. Clearly, remote access to data on mobile devices can significantly increase security-related risks.

locked-keyboardjpg

Although written for barristers, the recommendations below would broadly apply to any lawyer practising without the support of an IT team.

As a practising barrister, your working life is probably busy, hectic and mentally exhausting, and the thought of having to consider the security of your IT equipment is more than likely not one that bears too heavily on you. “My PC, laptop, smart phone, tablet, and networks etc all come with ‘built in’ security so that’s enough” I hear you say. Well, sorry to burst your bubble, but it’s not enough unless you can afford to pay out thousands of pounds in financial penalties to the Information Commissioner or by way of compensation in the event of there being any significant loss or compromise to your client personal information.

young girl in a horror in front of laptop

Most legal practices have yet to get to grips with the idea of “cyber resilience” but it is a strength that they urgently need to acquire now. Only then can a legal practice develop and deliver new IT-supported service propositions that can add significant value to services for clients, introducers and business partners.