In today’s world of business there should be a high value put on information, as it is core to the success of any organisation. We face the challenge of needing to share ideas for the advancement of science and entrepreneurship whilst needing to communicate securely to protect your information.
Communication today is expected to be fast, instant and at your fingertips anywhere, anytime. We are constantly using electronic communication, with our smart phones used as our source of all truth.
For those of us old enough to remember a time before the internet, it wasn’t always this way! I’ve written about my early career in information technology in a previous blog post, Once Upon a Time in 1988.
When I first started in my career in Information Technology, I’d moved overseas to live and work. The only way I had of talking to my family back home in Adelaide was in hand-written letters, or over trunk-line phone calls which were hideously expensive and had lousy, tinny sound quality. So Mum and I wrote many letters back and forth, which I’ve kept to this day, they’re treasured memories.
With the advent of the internet for public use in the 1980s came emails, which compared to letters in the post felt like ‘instant’ communication. Electronic mail had been around since the 1970s, with Ray Tomlinson creating the ARPANET email system and choosing the @ sign for email addresses. But ARPANET was a network restricted to governments, universities and research centres. 1989 was the birth of emails as we know it, with the internet becoming broadly available.
It was so exciting to listen to the dial-up sounds of connecting your computer to the internet, and seeing emails lob into the inbox!
Emails now feel safe and secure because they have been around so long and the technology is so familiar. But emails are very vulnerable to hackers.
You all should know by now to be very careful with emails you receive, as it's the most common way for hackers to attack you. But, sending an email has been likened to being as secure as writing your message on the back of a postcard and popping it in the post!
If you or the person you're sending to uses free public wi fi, they're risking hackers posing as the free wi fi and intercepting all the information being sent. The technology used by hackers to achieve this is cheap and portable, fitting into a backpack. You never know when using free wi fi whether it’s genuine or secure. I recommend using your mobile plan’s data when out and about, instead of risking the use of free wi fi.
When the email is sent on its way, the information bounces all around the World on servers, and just one of these has to be compromised for your email to be vulnerable. If you’re creating, storing and sending sensitive or confidential information, care needs to be taken to protect and treasure it.
You may remember last year’s embarrassing case of second hand filing cabinets being sold which were full of confidential government information from the prime ministers department. If these filing cabinets had been full of cash instead of paper, this storage would have been treated with a little more respect and checked before being discarded!
Personal information is starting to be treated a little more seriously. The European GDPR cyber security and privacy standards have come into effect and must be complied with if you trade in the UK or Europe. And under the Australian Notifiable Data Breaches scheme all organisations with a turnover of more than $3 million a year (and some smaller organisations that manage particularly sensitive data) must report any data breaches that are ‘likely to result in serious harm’ to the Office of the Australian Information Commissioner (OAIC).
Even if your organisation is not bound by this mandatory reporting, you have a moral obligation to take reasonable steps to protect the personal information you hold about people, and to destroy or de-identify information once it’s no longer needed. The OAIC has thorough guidelines to securing personal information.I recommend you read and consider these guidelines for your organisation.
Emails are not an acceptable way to send personal, confidential or sensitive information. A good alternative for exchanging documents that contain sensitive business or personal information is through secure client portals. A common example of this is online banking, which provides a portal for all banking clients to log in and access their own financial information.
You may be able to provide a secure login zone as part of your existing website to provide your own client portal. Or there are many cloud-based services to choose from, such as Dropbox for Business, Microsoft OneDrive and Google Drive. To use a client portal instead of attaching files to emails, all you need do is upload a file to your cloud-based portal and provide a link in your email for the client to use to access the file.
Client portals are a simple and elegant solution to a complex security problem. But of course you must be sure to check out the suitability and security of these cloud-based services for your organisation.You get what you pay for and free client portal services have been soft targets for hackers to attack.
Want to know more?
If you’d like to talk further about anything I’ve written about, get in contact with me today, I’m always happy to meet and have a chat over a coffee.
Once Upon a Time in 1988:https://www.wisertechnologyadvice.com.au/blog/once-upon-a-time-in-1988
ARPANET explained: https://www.computerhope.com/jargon/a/arpanet.htm
Cabinet files: prime minister's department admits it lost secret papers: https://www.theguardian.com/australia-news/2018/feb/02/cabinet-files-prime-ministers-department-admits-it-lost-secret-papers
European General Data Protection Regulation (GDPR):https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
OAIC mandatory data breaches scheme: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
OAIC guidelines to securing personal information: https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information
SmartVault insecurities of email: https://www.smartvault.com/resource/insecurities-of-email/
A guide to using client portals at your law firm: https://abovethelaw.com/2018/06/a-guide-to-using-client-portals-at-your-law-firm/