< Back to listing

Posted 7 janvier 2020

Intellectual service providers (consultants, auditors, lawyers, notaries, etc.) handle sensitive information for many clients on a daily basis. The digital transformation landscape in which every organization is now evolving imposes new ways of working, combining efficiency and mobility across functions. Then comes the topic of cyber-security. If collaborative tools are indispensable nowadays to work anytime and anywhere, they are sometimes misused in a professional context, putting at risk confidential data entrusted by clients. Ensuring the integrity of data at rest and in transit between organizations and their clients is now a critical prerequisite for sustainability. Explanations.

Image removed.

Ensuring confidentiality is a major challenge

What could be more confidential than communications between lawyers and consultants and their clients? All of these trades deal with sensitive information and issues entrusted by various clients. From merger and acquisition strategies to joint ventures and reorganizations, labor laws (tax optimization, HR transformation), competition or intellectual property matters (launching new products, innovation, patents, inventions), communications are often very sensitive. It is this confidential and valuable information that pirates are after.

It is this necessity to work in a short circuit and accelerate communications that pushes these professionals to choose collaborative tools to simplify data sharing and storage. Naturally, out of personal habit, necessity or productivity, it is consumer collaborative tools such as Google Drive, Dropbox or WeTransfer that are widely used for professional use. In addition to exposing organizations to cyber-threats, using these solutions leads to fragmentation, loss of control and loss of guarantee, which is known as “Shadow IT“.

It is then necessary to find solutions designed to meet business needs without disrupting users, with security integrated early on, at the design stage.


Raising awareness about cyber-threats

Ensuring confidentiality is essential for consulting and law firms. This is sometimes an explicit requirement included in tenders. It is therefore necessary to justify and prove that systems in place ensure secure communications.

Would you leave the door to your office unlocked if it contains highly confidential documents?  Within an internal network, everything is interconnected and so a single infected link can contaminate an entire infrastructure. Some organizations – especially those of modest size – may not have the necessary operational resources and expertise to anticipate, detect and remediate security breaches.

Most collaborative tools proudly feature one or more “encryption at rest” and “encryption in transit” statements. Although providing a minimum level of security is now standard, protection is by no means fully ensured.

A file uploaded by either party will only be encrypted on the server once it has been processed by the system. At the end of the secure channel (SSL, TLS), the file will arrive unencrypted on the server, and may then pass through an anti-virus, an indexing engine, a thumbnail generator, etc. There are so many areas in a server where a person with malicious intent will be able to extract a file without being spotted.

Above all, employees must be made aware of best practices and trained accordingly. Individual accountability can help lower risks. It should be reminded that collaborative tools concentrate highly coveted strategic data and that basic security measures need to be applied.

One of the first measures is to give access to the files, via the chosen sharing solution, only to the necessary people, whether they are employees of the firm, the client or external consultants. This is what is called, especially in the military world, the “need to know”.

It is also necessary to ensure data integrity, manage data location and several access levels, and have complete autonomy from administrators.

If accessing collaborative solutions from a smartphone, it is important to ensure that it is also secure. One of the major risks is the interception of data in transit and any associated instant messaging platform. From the moment data travels through regular networks, it becomes potentially accessible and readable. To do this, cyber-criminals have many tools at their disposal: hacking Wi-Fi networks and applications, stealing smartphones or intercepting communications.


Maintain your reputation

In any event, reputation, whether collective or personal, is a major asset to your firm, and, for reasons of sustainability, cannot be allowed to be affected.

A security breach that exposes your clients’ strategic data could have catastrophic consequences, and calls into question the foundations of your firm based on recognition and trust.

The consequences are therefore major: not only can data disappear, and personal or industrial secrets be made public, your firm’s image would be damaged, but also the confidence of clients and future clients would be seriously damaged.


Are you sure you have all the necessary measures in place to ensure your client data is safe?

If not, are you willing to take the risk?