You are here:
  1. Home
  2. News
  3. Blog
  4. You've been hacked - you just don't know it yet

You've been hacked - you just don't know it yet

08 January 2016

Personal information is the most valuable commodity on the globe, argues Nick Podd. Here he considers the issues around cybersecurity and outlines how law firms can take responsibility for the security of their clients' data.

Misha Glenny, British journalist and author, specialising in crime and cyber crime, is unequivocal on hacking: "There are two types of companies in the world: those that know they've been hacked, and those that don't."

Like Schrödinger's cat, the truth is not known until either an examination is performed or, in the case of many cybersecurity breaches, the news is leaked by the perpetrator. So, the inherent concern when faced with the very real and very constant threat to personal data being shared or stored online is understandable.

A business has the added weight of considering the serious responsibility of dealing with client information in such a way that the clients themselves have no reason to distrust the company with their data. 

This information can simply be personal data, such as name, address, date of birth and so on, but even that is a valuable asset to anyone wishing to create new identities or apply for a line of credit. For obvious reasons, the addition of financial data into a client database will then make for a more sensitive filing system.

More valuable than gold

I believe, without any shadow of doubt, that personal information (along with demographic information) is the most valuable commodity on the Earth right now, and that is only set to increase. 

Tangible assets do not come close to the revenue that collected data can turn over year on year and, with the Internet of Things (IoT) set to grow at an alarming rate over the next four years, the collection of data will be easier for corporations and the storage of that data will be vast. 

Google, now a subsidiary company of Alphabet, started out as a humble search engine. However, Google is the third richest company in the world right now (source: article by Verne Kopytoff) and that doesn't happen by being a search engine. 

It is famous for managing data in order to personalise users' web browsing experiences. Microsoft has also taken a leaf out of Google's book and is now collecting personal data through its new operating system, and users are unable to opt-out. It's a big business.

Nothing is ever truly secure

The Internet of Things (IoT) is the term given by the information technology world to the connected world - the world of connected devices that we all live in. 

I'm sure many reading this will be able to rattle off most of the connected devices in their homes: smartphones, PCs and laptops, tablets, games consoles, newer televisions, WiFi routers, the list goes on. 

But the IoT goes so much further than these things. Does your car have Bluetooth? Bluetooth is a type of network and acts as a port into your car's management system. As a result it can be used to hack your car. 

I visited the University of Warwick in 2015 where they are working on a project looking at automotive hacking. This is not a reason to panic, as only a few cases have been reported and all have been under experimental conditions by cyber professionals. The point is that any network can be exploited. Connect one device to another via an unprotected highway of information and it can be exploited. There are even driverless quarry earth movers that are connected and have been subject to hacking.

A connected planet

At my last estimate there were around 10 billion connected devices on the planet. That equates to around 1.5 devices to every head of population. 

On speaking with senior police officers at the House of Commons in October last year, I was told that the estimated number by 2020 is around the 50 billion mark. 

How accurate this figure proves to be will remain to be seen, but I would make a conservative estimate at around 30-35 billion devices; an increase of at least 20 billion in the next four years. That is truly astonishing growth.

In 2013, I travelled on a Boeing 787 Dreamliner for the first time from Doha to Heathrow and was pleasantly surprised to see that we had WiFi on board. Last year's news was full of the professional hacker in the US who was met at his destination by the FBI having tweeted that he had found a way into the systems of the Boeing 737/800 aircraft that he was travelling on. 

Clearly very poor decisions, both the breach and the tweet, and, while he protested that it was just a joke and bragged that his seized equipment was encrypted, the authorities made his life very difficult for some time. You don't mess with any aviation these days, least of all in the US.

Wide-scale concerns

In a survey carried out in 2015, of the 83 responding companies from a variety of sectors, 62 per cent of respondents indicated that they "were concerned about both direct political risks to their business and the impact of political instability on the broader security environment. Respondents rated political and security instability considerably higher than macroeconomic volatility". Political and security instability (including cybersecurity) was the biggest concern by far, the next highest considered risk scored 39.4 per cent. Virtually 70 per cent of the responding companies in the survey were of European origin 

Download the survey - The State of the Enterprise Resilience: Resilience Survey 2015 conducted by Control Risks (PDF) 

Keep it safe

We all need to take responsibility for our own personal online security and there are many ways to do this. 

As law firms, it is imperative that client data is kept secure and that clients are reassured that this is the case. 

Law firms deal with people for the most part, not products. They are selling services; very complex and often drawn-out services that require large amounts of data storage and this data needs to be dealt with in a secure manner. Anything sensitive needs the appropriate level of security for storage (whether that be on site or in a cloud), transferring and sharing among parties. 

All companies in the UK are bound by the Data Protection Act 1998, but firms need to keep up-to-date security policies and procedures to ensure that the risk of a breach or compromise is kept to an absolute minimum. 

Only then can you be assured of peace of mind and allow partners and staff to concentrate their time on supporting their clients, rather than worry about the unknown: whether the cat is still alive, or indeed, dead.

To find out more about training your staff in cybersecurity, contact Risk and Compliance Advisory Service

Read more advice from the Law Society on cybersecurity

Attend our webinar on cyber fraud and security for law firms

Attend one of our Fighting fraud and managing risk events: 

Tags: communication | security | cyber security

About the author

Nick Podd is an associate consultant in cybersecurity for Law Society Consulting. He is an ex-Royal Air Force officer with over 20 years of experience in both physical and data security, having worked for blue chip organisations in the retail, finance and non-profit sectors. He is currently involved with ethical hacking.

  • Share this page:

Abigail Bright | Adam Johnson | Adele Edwin-Lamerton | Ahmed Aydeed | Alex Barr | Alex Heshmaty | Alexa Lemzy | Alexandra Cardenas | Amanda Adeola | Amanda Carpenter | Amanda Jardine Viner | Amy Bell | Amy Heading | an anonymous sole practitioner | Andrew Kidd | Andrew McWhir | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Morris | Anne Waldron | anonymous female solicitor | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bhavisha Mistry | Bob Nightingale | Bridget Garrood | Caroline Marlow | Caroline Roddis | Caroline Sorbier | Carolyn Pepper | Catherine Dixon | Chris Claxton-Shirley | Christina Blacklaws | Ciaran Fenton | CV Library | Daniel Matchett | Daphne Perry | David Gilroy | David Yeoward | Douglas McPherson | Duncan Wood | Elijah Granet | Elizabeth Rimmer | Emily Miller | Emily Powell | Emma Maule | Floyd Porter | Gary Richards | Gary Rycroft | Graham Murphy | Greg Treverton-Jones | Gustavo Bussmann | Hayley Stewart | Hilda-Georgina Kwafo-Akoto | Ignasi Guardans | James Castro Edwards | Jane Cassell | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Fisher | Jonathan Smithers | Jonathon Bray | Julian Hall | Julie Ashdown | Julie Nicholds | June Venters | Justin Rourke | Karen Jackson | Kate Adam | Katherine Cousins | Kaweh Beheshtizadeh | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Hood | Kevin Poulter | Larry Cattle | Laura Bee | Laura Devine | Laura Uberoi | Leah Glover and Julie Ashdown | Leanne Yendell | Lee Moore | LHS Solicitors | Linden Thomas | Lucy Parker | Maria Shahid | Marjorie Creek | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Mary Doyle | Matt Oliver | Matthew Still | Max Rossiter | Melissa Hardee | Michael Henson-Webb | Neil Ford | Nick Denys | Nick O'Neill | Nick Podd | Nigel West | Nikki Alderson | Oz Alashe | Paris Theodorou | Patrick Wolfe | Paul Rogerson | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Prof Sylvie Delacroix | Rachel Brushfield | Rafie Faruq | Ranjit Uppal | Ravi Naik | Remy Mohamed | Richard Collier | Richard Coulthard | Richard Heinrich | Richard Mabey | Richard Messingham | Richard Miller | Richard Roberts | Rita Gupta | Rob Cope | Robert Bourns | Robert Forman | Robin Charrot | Rosa Coleman | Rosy Rourke | Sachin Nair | Saida Bello | Sally Azarmi | Sally Woolston | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Shirin Marker | Siddique Patel | Simon Day | Sofia Olhede | Sonia Aman | Sophia Adams Bhatti | Sophie O'Neill-Hanson | Steve Deutsch | Steve Thompson | Stuart Poole-Robb | Sue James | Susa | Susan Kench | Suzanne Gallagher | The Law Society Digital and Brand team | Tom Chapman | Tom Ellen | Tony Roe | Tracey Calvert | Umar Kankiya | Vanessa Friend | Vicki Butler | Vidisha Joshi | William Li | William McSweeney