Our press release last week, which got slightly misreported by a few mischievous journalists, caused a few clients to get in touch with their law firm, and ask just that question.
If you were one of those law firms, apologies for any additional work that caused you. As we said in the release, and the accompanying white paper, these were third party breaches, and there was nothing to suggest that any of the 500 law firms in question had been compromised.
But “have you lost my data?” is a pretty reasonable question for a client to be asking of any of their partners and providers – legal adviser, software supplier, accountant, pension provider, payroll agency – and it’s a question we’ll undoubtedly be hearing more often 4 months from now, when GDPR kicks in.
So how would you answer your client if you were on the receiving end of that call?
At last week’s Securing the Law Firm conference, we heard several different perspectives on the subject. Joel Winders of Waldera and Tom Davison of Lookout showed us just how easy it is for an employee’s phone to be compromised with a phishing link – giving the bad guys access to every text, contact, and email.
But Tim Sadler from CheckRecipient also reminded us that 95% of data breaches are caused by human error, not hackers; one of the most common causes notified to the ICO is that heart-stopping “Outlook Moment”, where an email is accidentally sent to the wrong person.
That’s why we think one of the best – and simplest – safeguards you can add to your security architecture is “outside the firewall” monitoring – constantly looking for your data (or your client’s data) being posted on the Dark Web, or one of the hundreds of other online channels used to exchange leaked, hacked or stolen data.
So – what’s our answer to “have you lost my data”?
Not as far as we know. We’re using BreachAlert to proactively monitor the Dark Web for our data – and yours – being posted online.