You are here:
  1. Home
  2. News
  3. Blog
  4. You've been hacked - you just don't know it yet

You've been hacked - you just don't know it yet

08 January 2016
by 

Personal information is the most valuable commodity on the globe, argues Nick Podd. Here he considers the issues around cybersecurity and outlines how law firms can take responsibility for the security of their clients' data.


Misha Glenny, British journalist and author, specialising in crime and cyber crime, is unequivocal on hacking: "There are two types of companies in the world: those that know they've been hacked, and those that don't."

Like Schrödinger's cat, the truth is not known until either an examination is performed or, in the case of many cybersecurity breaches, the news is leaked by the perpetrator. So, the inherent concern when faced with the very real and very constant threat to personal data being shared or stored online is understandable.

A business has the added weight of considering the serious responsibility of dealing with client information in such a way that the clients themselves have no reason to distrust the company with their data. 

This information can simply be personal data, such as name, address, date of birth and so on, but even that is a valuable asset to anyone wishing to create new identities or apply for a line of credit. For obvious reasons, the addition of financial data into a client database will then make for a more sensitive filing system.

More valuable than gold

I believe, without any shadow of doubt, that personal information (along with demographic information) is the most valuable commodity on the Earth right now, and that is only set to increase. 

Tangible assets do not come close to the revenue that collected data can turn over year on year and, with the Internet of Things (IoT) set to grow at an alarming rate over the next four years, the collection of data will be easier for corporations and the storage of that data will be vast. 

Google, now a subsidiary company of Alphabet, started out as a humble search engine. However, Google is the third richest company in the world right now (source: fortune.com article by Verne Kopytoff) and that doesn't happen by being a search engine. 

It is famous for managing data in order to personalise users' web browsing experiences. Microsoft has also taken a leaf out of Google's book and is now collecting personal data through its new operating system, and users are unable to opt-out. It's a big business.

Nothing is ever truly secure

The Internet of Things (IoT) is the term given by the information technology world to the connected world - the world of connected devices that we all live in. 

I'm sure many reading this will be able to rattle off most of the connected devices in their homes: smartphones, PCs and laptops, tablets, games consoles, newer televisions, WiFi routers, the list goes on. 

But the IoT goes so much further than these things. Does your car have Bluetooth? Bluetooth is a type of network and acts as a port into your car's management system. As a result it can be used to hack your car. 

I visited the University of Warwick in 2015 where they are working on a project looking at automotive hacking. This is not a reason to panic, as only a few cases have been reported and all have been under experimental conditions by cyber professionals. The point is that any network can be exploited. Connect one device to another via an unprotected highway of information and it can be exploited. There are even driverless quarry earth movers that are connected and have been subject to hacking.

A connected planet

At my last estimate there were around 10 billion connected devices on the planet. That equates to around 1.5 devices to every head of population. 

On speaking with senior police officers at the House of Commons in October last year, I was told that the estimated number by 2020 is around the 50 billion mark. 

How accurate this figure proves to be will remain to be seen, but I would make a conservative estimate at around 30-35 billion devices; an increase of at least 20 billion in the next four years. That is truly astonishing growth.

In 2013, I travelled on a Boeing 787 Dreamliner for the first time from Doha to Heathrow and was pleasantly surprised to see that we had WiFi on board. Last year's news was full of the professional hacker in the US who was met at his destination by the FBI having tweeted that he had found a way into the systems of the Boeing 737/800 aircraft that he was travelling on. 

Clearly very poor decisions, both the breach and the tweet, and, while he protested that it was just a joke and bragged that his seized equipment was encrypted, the authorities made his life very difficult for some time. You don't mess with any aviation these days, least of all in the US.

Wide-scale concerns

In a survey carried out in 2015, of the 83 responding companies from a variety of sectors, 62 per cent of respondents indicated that they "were concerned about both direct political risks to their business and the impact of political instability on the broader security environment. Respondents rated political and security instability considerably higher than macroeconomic volatility". Political and security instability (including cybersecurity) was the biggest concern by far, the next highest considered risk scored 39.4 per cent. Virtually 70 per cent of the responding companies in the survey were of European origin 

Download the survey - The State of the Enterprise Resilience: Resilience Survey 2015 conducted by Control Risks (PDF) 

Keep it safe

We all need to take responsibility for our own personal online security and there are many ways to do this. 

As law firms, it is imperative that client data is kept secure and that clients are reassured that this is the case. 

Law firms deal with people for the most part, not products. They are selling services; very complex and often drawn-out services that require large amounts of data storage and this data needs to be dealt with in a secure manner. Anything sensitive needs the appropriate level of security for storage (whether that be on site or in a cloud), transferring and sharing among parties. 

All companies in the UK are bound by the Data Protection Act 1998, but firms need to keep up-to-date security policies and procedures to ensure that the risk of a breach or compromise is kept to an absolute minimum. 

Only then can you be assured of peace of mind and allow partners and staff to concentrate their time on supporting their clients, rather than worry about the unknown: whether the cat is still alive, or indeed, dead.

To find out more about training your staff in cybersecurity, contact Law Society Consulting

Read more advice from the Law Society on cybersecurity

Attend our webinar on cyber fraud and security for law firms

Attend one of our Fighting fraud and managing risk events: 

Tags: communication | security | cyber security

About the author

Nick Podd is an associate consultant in cybersecurity for Law Society Consulting. He is an ex-Royal Air Force officer with over 20 years of experience in both physical and data security, having worked for blue chip organisations in the retail, finance and non-profit sectors. He is currently involved with ethical hacking.

  • Share this page:
Authors

Adam Johnson | Adele Edwin-Lamerton | Alex Barr | Alex Heshmaty | Alexandra Cardenas | Amanda Carpenter | Amanda Jardine Viner | Amy Heading | Andrew Kidd | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Waldron | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bob Nightingale | Caroline Roddis | Caroline Sorbier | Catherine Dixon | Christina Blacklaws | Ciaran Fenton | David Gilroy | David Yeoward | Douglas McPherson | Dr Sylvie Delacroix | Duncan Wood | Eduardo Reyes | Elizabeth Rimmer | Emily Miller | Emma Maule | Gary Richards | Gary Rycroft | Graham Murphy | Hayley Stewart | Ignasi Guardans | James Castro Edwards | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Fisher | Jonathan Smithers | Julian Hall | Julie Ashdown | Julie Nicholds | Justin Rourke | Karen Jackson | Kate Adam | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Poulter | Larry Cattle | Laura Devine | Leah Glover and Julie Ashdown | LHS Solicitors | Lucy Parker | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Matthew Still | Meena Toor | Melissa Hardee | Neil Ford | Nick Denys | Nick Podd | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Rachel Brushfield | Ranjit Uppal | Richard Coulthard | Richard Heinrich | Richard Messingham | Richard Miller | Richard Roberts | Rita Oscar | Rob Cope | Robert Bourns | Robin Charrot | Rosy Rourke | Saida Bello | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Sophia Adams Bhatti | Steve Deutsch | Steve Deutsche | Stuart Poole-Robb | Susan Kench | Suzanne Gallagher | Tom Ellen | Tony Roe Solicitors | Vanessa Friend

Tags

access to justice | anti-money laundering | apprenticeships | archive | artificial intelligence | Autumn Statement | bid process | brand | Brexit | British Bill of Rights | Budget | business | careers | centenary | charity | city | communication | Conservatives | conveyancing | court closures | court fees | courts | CPD | criminal legal aid | cyber security | David Cameron | development | Diversity Access Scheme | diversity and inclusion | education and training | elderly people | emotional resilience | employment law | equality | European Union | Excellence Awards | finance | George Osborne | human rights | human trafficking | immigration | in-house | International Womens Day | Investigatory Powers Bill | IT | Jeremy Corbyn | justice | knowledge management | Labour | law management | Law Society | leadership | legal aid | legal professional privilege | LGBT | Liberal Democrats | library | Liz Truss | Magna Carta | mass data retention | mediation | members | mention | mentoring | merger | modern slavery | morale | National Pro Bono Week | Parliament | party conferences | personal injury | Pii | politics | president | pro bono | productivity | professional indemnity insurance | represent | retweet | risk | rule of law | security | social media | social mobility | SRA | staff | strategy | stress | talent | tax | tax credits | team | technology | Theresa May | Time capture | training | Twitter | UKIP | value proposition | website | wellbeing | Westminster weekly update | wills