Miscreants rummage in lawyers' silky drawers at will, despite warnings UK data privacy watchdogs at the ICO investigated 173 UK law firms for reported breaches of the Data Protection Act (DPA) last year. A total of 187 incidents were recorded last year, with 173 firms investigated for a variety of DPA-related incidents, of which 29 per cent related to "security" and a similar 26 per cent related …
+1 from me.
My girlfriend is a solicitor, and she doesn't give a crap that she uses the same password for everything, uses her iPhone for everything (like mobile banking), and writes down her security details in a notebook.
And she then accuses me of hiding stuff from her when I don't giver her the pin to my phone or give her the password to use my laptop. I have nothing to declare other than my paranoia regarding security.
It is really no surprise, the issue is that many professions appear to think that they are able to do the work of others far better than those experts. Sometimes they admit to needing an expert but most times this is not before they rub into the walls of their incompetence. Normally they see no point in seeking assistance. It is a pity that when faced with areas where professional competence is required but not forced, too many will try to mess through. For too long IT matters were seen alternatively as a black art, a tradesman's business, dead easy, I have a PC at home or just simply about the same as a Biro and paper.
I thought the 'girl friend' was simply a classic case, the legal profession does rely on laws and their printed words to such an extent that if something is not written down and demanded it does not exist. Even when it is written down, they will wonder is it completely explicit, is there a drafting gap, does it apply to me and most important will it cost me money that I cannot bill to a client?
"People trained in law are terrible at security!"
Spot on. I've known quite a number of people in that category over the years, both professionally and personally, and I can't think of even one out of the lot of them who had barely more than an ounce of security know how. Not one.
I'd have liked to add "...before they knew me and I taught them a thing or two" to the end of that, but the sad truth is that it always seemed to go in one ear looking for the quickest route out the other.
It's not just lawyers. It also applies to doctors, accountants, and even law enforcement. There's just some professions that have either "I'm just a small business, why would they have an interest in me" or "They wouldn't dare try to look at my stuff" attitudes. These days, everyone is a target. Not just from the 5-eyes but from miscreats in every country.
Those of us in IT know that trust on the Internet has not just been damaged, it's badly broken. Yet there's way too many people who just stick their heads in the sand and ignore it. If you want to simplify it for them, discuss Facebook and privacy/security. Or even living in a bad neighborhood. Most of these groups of people have better physical security for their property then they do for their IT and that includes banking, data, even the IoT that they might own.
The higher you go up the corp ladder the worst it gets. I'm in Montreal at the headquarters of one of the largest Corporations in Canada and i'n in the boardroom , they got a conference system with wireless microphones right in the boardroom . Go to security and in the morning organize a small demonstration.
they have a man in the boardroom , we get to a spot the other side of the street at the same height and i open the scanner .. the corp was broadcasting their board meetings over unencrypted wireless mics for everyone to hear. Security is a top down thing , lawyer firms do the same in their conference rooms ..
It's the small devices that are traitors. Keeping files on a computer secure is the least of the issues plaguing the industry. Security in ANY firm is a top down thing. If the top don't see the issues ,people got to be in place to make them plain. Lawyer firms are no exception. How many of those " traitor " devices are around in your place of business ? The more important the data is and decisions taken , the more a need for competent security exists in a ,have to be considered, hostile environment. Computers is but one way to access the decision makers and steal their information and secrets.
On that regard most firms have failing grades.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
