đź”’ Cybersecurity for lawyers

User Tools

Site Tools

Trace:
thinking_about_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
thinking_about_security [2019/08/15 14:12] – neilthinking_about_security [2019/08/15 19:37] – neil
Line 1: Line 1:
 =====Thinking about security===== =====Thinking about security=====
 ====Key points:==== ====Key points:====
-  * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]] 
   * [[thinking_about_security#Be realistic, and think about client experience|Be realistic, and think about client experience]]   * [[thinking_about_security#Be realistic, and think about client experience|Be realistic, and think about client experience]]
 +  * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]]
   * [[thinking_about_security#Talk to your clients|Talk to your clients]]   * [[thinking_about_security#Talk to your clients|Talk to your clients]]
   * [[thinking_about_security#Security is ongoing|Security is ongoing]]   * [[thinking_about_security#Security is ongoing|Security is ongoing]]
 +
 +====Be realistic, and think about client experience ====
 +
 +Security is important. So is client experience.
 +
 +Some security controls are appropriate for highly confidential information, but some are less appropriate for less confidential information — the likelihood of harm, or the severity of the harm, does not justify the intrusion or inconvenience. 
 +
 +There comes a point at which providing security makes it more difficult for the client to work with you, contrary to their best interests.
  
 ====You are never going to be “perfectly secure”==== ====You are never going to be “perfectly secure”====
Line 13: Line 21:
 What's important is that you are adequately protected against the realistic risks facing you. What's important is that you are adequately protected against the realistic risks facing you.
  
-====Be realistic, and think about client experience ==== 
  
-Security is important. So is client experience. 
- 
-Some security controls are appropriate for highly confidential information, but some are less appropriate for less confidential information — the likelihood of harm, or the severity of the harm, does not justify the intrusion or inconvenience.  
- 
-There comes a point at which providing security makes it more difficult for the client to work with you, contrary to their best interests. 
  
 ====Talk to your clients ==== ====Talk to your clients ====
Line 25: Line 27:
 If your clients are themselves experts, consider letting them take the lead.  If your clients are themselves experts, consider letting them take the lead. 
  
-If you are for a very tech-savvy client, who you know uses encryption for some communications, and they send instructions by unencrypted email, it may be reasonable for you to respond in kind.+If you act for a tech-aware client, who you know uses encryption for some communications, and they send instructions by unencrypted email, it may be reasonable for you to respond in kind.
  
-Likewise, if they send encrypted attachments, then you likely want to do so as well. +Likewise, if they send encrypted attachments, you likely want to do so as well. 
  
-(You might always want to //offer// encrypted communications, to raise awareness for clients who are less tech-savvy.)+(You might always want to //offer// encrypted communications, so that less tech-aware clients realise that this is an option.)
  
 ====Security is ongoing==== ====Security is ongoing====
thinking_about_security.txt · Last modified: 2021/07/06 09:26 by 127.0.0.1