đź”’ Cybersecurity for lawyers

User Tools

Site Tools

Trace:
thinking_about_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
thinking_about_security [2019/08/15 14:12] – neilthinking_about_security [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 =====Thinking about security===== =====Thinking about security=====
 ====Key points:==== ====Key points:====
-  * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]] 
   * [[thinking_about_security#Be realistic, and think about client experience|Be realistic, and think about client experience]]   * [[thinking_about_security#Be realistic, and think about client experience|Be realistic, and think about client experience]]
 +  * [[thinking_about_security#You are never going to be “perfectly secure”|You are never going to be “perfectly secure”]]
   * [[thinking_about_security#Talk to your clients|Talk to your clients]]   * [[thinking_about_security#Talk to your clients|Talk to your clients]]
   * [[thinking_about_security#Security is ongoing|Security is ongoing]]   * [[thinking_about_security#Security is ongoing|Security is ongoing]]
 +
 +====Be realistic, and think about client experience ====
 +
 +Security is important. So is client experience.
 +
 +Some security controls are appropriate for highly confidential information, but some are less appropriate for less confidential information — the likelihood of harm, or the severity of the harm, does not justify the intrusion or inconvenience. 
 +
 +There comes a point at which providing security makes it more difficult for the client to work with you, contrary to their best interests.
  
 ====You are never going to be “perfectly secure”==== ====You are never going to be “perfectly secure”====
Line 13: Line 21:
 What's important is that you are adequately protected against the realistic risks facing you. What's important is that you are adequately protected against the realistic risks facing you.
  
-====Be realistic, and think about client experience ==== 
  
-Security is important. So is client experience. 
- 
-Some security controls are appropriate for highly confidential information, but some are less appropriate for less confidential information — the likelihood of harm, or the severity of the harm, does not justify the intrusion or inconvenience.  
- 
-There comes a point at which providing security makes it more difficult for the client to work with you, contrary to their best interests. 
  
 ====Talk to your clients ==== ====Talk to your clients ====
Line 25: Line 27:
 If your clients are themselves experts, consider letting them take the lead.  If your clients are themselves experts, consider letting them take the lead. 
  
-If you are for a very tech-savvy client, who you know uses encryption for some communications, and they send instructions by unencrypted email, it may be reasonable for you to respond in kind.+If you act for a tech-aware client, who you know uses encryption for some communications, and they send instructions by unencrypted email, it may be reasonable for you to respond in kind.
  
-Likewise, if they send encrypted attachments, then you likely want to do so as well. +Likewise, if they send encrypted attachments, you likely want to do so as well. 
  
-(You might always want to //offer// encrypted communications, to raise awareness for clients who are less tech-savvy.)+(You might always want to //offer// encrypted communications, so that less tech-aware clients realise that this is an option.)
  
 ====Security is ongoing==== ====Security is ongoing====
thinking_about_security.txt · Last modified: 2021/07/06 09:26 by 127.0.0.1