Information Security – Are Law Firms the Soft Underbelly of Their Client’s Data Security?
Missed the British Legal Technology Forum 2017? Listen to a recording of this live panel discussion at the British Legal Technology Forum 2017 simply by clicking the play button above.
Presentation Title: ‘Information Security – Are Law Firms the Soft Underbelly of Their Client’s Data Security?’
- Are law firms really the weakest link in the security chain
- An overview of the threats
- Firewalls; technology v’s Human, what’s the best approach
- Even without GDPR, what’s your breach notification plan
- Do the staff / partners of law firms truly understand why they are a target
FC – CEO, Redacted Firm (‘Freaky Clown’)
FC is a well-known ethical hacker and social engineer. He started at a young age when computers were growing in popularity and the hacker scene was in its infancy. He has been working in the infosec field for over 20 years and excels at circumventing access controls. He is motivated by a drive to make individuals, organisations and countries more secure and better-able to defend themselves from malicious attack.
As an ethical social engineer, FC ‘breaks into’ hundreds of banks, offices and government facilities in the UK and Europe. His work demonstrating weaknesses in physical, personnel and digital controls assists organisations to improve their security. FC is currently Head of Cyber Research for Raytheon UK where he performs valuable research into vulnerabilities. He is also the CEO of Redacted Firm, a small company specialising in physical security, social engineering awareness training and bespoke social engineering and penetration testing. His client list involves every major high-street bank in the UK, FTSE100 companies and multiple government agencies and security forces.
FC frequently gives talks at corporate events, security conferences, universities and schools and focuses on teaching people of all ages the art of security in an engaging and impactful way. He co-founded the Surrey and Hampshire Hackspace as well as Defcon 441417. He has co-hosted many podcasts, been featured in the press and regularly writes articles for journals and blogs.
David Robinson – Head of IT Security, Herbert Smith
David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business.
David has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.
Matthew Parker – Head of Information Security, Mourant Ozannes
Matthew has over 20 years’ experience in the IT industry and specialises in Information Security.
As Head of Information Security for Mourant Ozannes, a leading offshore law firm, Matthew takes a hands on approach using his depth of experience in dealing with security matters, to understand the changing threat landscape and helping to ensure any IT security issues are managed in a way that minimises disruption to the delivery of client work and advice. He is a frequent contributor to a variety of journals and is often invited to speak on the topics of cybercrime and other Information Security matters.
Matthew is also a volunteer for the (ISC)2 Safe and Secure Online programme, and is passionate about the protection of children online. He presents regularly to both pupils and parents on to create awareness about this crucial issue.
Andrew Haslam (Chair)
Andrew joined our London office in 2016 as UK eDisclosure Project Manager, after nearly 20 years of working as an independent consultant. He supports the Litigation and International Dispute Resolution Practice Groups.
Working closely with the Practice Group Leaders, Andrew advises lawyers in the UK on all aspects of eDisclosure from the initial stages of data identification and preservation, all the way through to selection of courtroom systems. He serves as a resource for lawyers and clients in completing the different protocols used in the disclosure process.
Working closely with the Learning & Professional Development team, Andrew supports and trains trainees and associates, and provides client briefings on litigation readiness and data protection advice.
Andrew is regularly asked to help organise and chair conferences, as well as lead stages, chair webinars and speak at events. He writes white papers and op-ed pieces, blogs on LinkedIn and engages on eDisclosure issues on Twitter. He also produces an annual report on LegalTech and the Buyer’s Guide to eDisclosure systems.
Andrew was part of the working party that produced the TCC protocol and was the main contributor to the second version of its guidance notes. He continued to support that initiative, offering training to lawyers and the judiciary. The guide to eDisclosure that he produced for the TCC was cited in the recent Pyrrho Investments v MWB Property Ltd judgment. The lawyer that provided the witness statement underpinning this ruling attended one of Andrew’s training courses.
Andrew is a member of the LTC4 pod that produced the recently launched eDisclosure competency plan.