đź”’ Cybersecurity for lawyers

User Tools

Site Tools

Trace:
thinking_about_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
thinking_about_security [2019/08/09 06:54] – neilthinking_about_security [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 =====Thinking about security===== =====Thinking about security=====
-Key points:+====Key points:==== 
 +  * [[thinking_about_security#Be realistic, and think about client experience|Be realistic, and think about client experience]]
   * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]]   * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]]
 +  * [[thinking_about_security#Talk to your clients|Talk to your clients]]
   * [[thinking_about_security#Security is ongoing|Security is ongoing]]   * [[thinking_about_security#Security is ongoing|Security is ongoing]]
 +
 +====Be realistic, and think about client experience ====
 +
 +Security is important. So is client experience.
 +
 +Some security controls are appropriate for highly confidential information, but some are less appropriate for less confidential information — the likelihood of harm, or the severity of the harm, does not justify the intrusion or inconvenience. 
 +
 +There comes a point at which providing security makes it more difficult for the client to work with you, contrary to their best interests.
  
 ====You are never going to be “perfectly secure”==== ====You are never going to be “perfectly secure”====
-Even if it was possible to protect everything against every possible attack – and I suspect that, technically, that’s simply not the case — it is not going to be affordable to do so.+Even if it was possible to protect against every possible attack while still being able to do your job â€“ and I suspect that, technically, that’s simply not the case — it is not going to be affordable to do so.
  
 If anyone insists that you must be perfectly or absolutely secure, they are asking you to do something which is unachievable. If anyone insists that you must be perfectly or absolutely secure, they are asking you to do something which is unachievable.
 +
 +What's important is that you are adequately protected against the realistic risks facing you.
 +
 +
 +
 +====Talk to your clients ====
 +
 +If your clients are themselves experts, consider letting them take the lead. 
 +
 +If you act for a tech-aware client, who you know uses encryption for some communications, and they send instructions by unencrypted email, it may be reasonable for you to respond in kind.
 +
 +Likewise, if they send encrypted attachments, you likely want to do so as well. 
 +
 +(You might always want to //offer// encrypted communications, so that less tech-aware clients realise that this is an option.)
  
 ====Security is ongoing==== ====Security is ongoing====
  
-Threats change, and means of protecting against those threats changeSo security is an issue which you are going to need to continue to address, as one of the many ongoing responsibilities of being a lawyer. +Threats change, and the means of protecting against those threats changesSecurity is an issue which you are going to need to continue to address, as one of the many ongoing responsibilities of being a lawyer. 
  
 If you are hoping that you can do something, put a tick in a box, and move on, never to think about it again, you’re going to be disappointed. If you are hoping that you can do something, put a tick in a box, and move on, never to think about it again, you’re going to be disappointed.
thinking_about_security.1565333675.txt.gz · Last modified: 2021/07/06 09:26 (external edit)