According to Lawcadia’s Platform Architect and Senior Developer Mithitha Kankanamge, social engineering and a lack of security within legal technology products are two of the biggest risks faced by users.
For the uninformed, social engineering is:
“The use of deception to manipulate users into divulging personal or confidential information that can be used for fraudulent purposes”
It can take a variety of forms, one of the most common of which is phishing. In a phishing scam, users receive an email, IM or text message in which they’re asked to click a link and verify their information. The communication and website appear legitimate, making it likely at least some of the recipients will provide the requested information.
According to Kankanamge, these scams are becoming increasingly sophisticated and therefore aren’t always easy to spot. However, keeping your data safe isn’t difficult. For individual users, he recommends taking the following precautions:
“It seems obvious, but you’d be surprised at how many people share their passwords with co-workers”, he says. “To avoid being the cause of a serious data breach, change your password regularly and never share it with your colleagues. There’s no reason anyone needs to share this kind of information, particularly in environments where dealing with confidential information is a matter of daily routine”.
Phishing scams are successful because of their ability to closely replicate legitimate websites, right down to the logo, font size and colouring. However, one thing they can’t mimic is the original URL.
As Kankanamge says, “The URL is the biggest clue that something isn’t quite right. Look for unnecessary words and compare the URL to what you would normally type into your browser. If you’re in any doubt, contact the organisation the email ostensibly came from and verify its authenticity”.
For buyers of legal technology, he has this advice:
For law firms and organisations dealing with commercially sensitive, confidential legal information, where their data is stored can have significant ramifications.
Although data stored offshore – i.e. not in Australia – is not by its nature less safe than that stored in country, it may be subject to access by foreign entities and governments. To avoid privacy regulation issues, it’s preferable to store data in Australia (or in the jurisdiction of your head office) wherever possible. Private cloud infrastructure adds another layer of security and is also worth considering where finances permit.
You should also ensure your data host is reputable (we use Amazon Web Services/AWS) and that your data is encrypted both at rest and transit. This should be standard in any application you’re considering, along with regular penetration testing to ensure the ongoing security of your data.
Ultimately, ISO certification provides proof of ongoing quality management.
ISO 27001 in particular provides an internationally recognised standard for managing risks to information the application provider holds. By imposing a set of standardised requirements for an Information Security Management System (ISMS), it provides a framework for information security management best practice. This in turn ensures the provider’s ability to protect your data, manage risks to information security and achieve compliance with various international regulations (e.g. European Union General Data Protection Regulation or EU GDPR).
The Lawcadia Platform is ISO 27001:2013 certified and regular penetration testing and audits are standard. Our data is stored in Australia and internationally and we offer both shared and private cloud infrastructure, depending on client requirements.
Register now for the upcoming Legal Procurement Conference with exceptional local and international speakers and thought leaders across the industry.