Why Information Security is Important

Information security is supremely important for lawyers and their clients.

Poor document management practices represent big risks for many organisations.

Not having a secure system is an important privacy risk. An insecure system could lead to dramatic organisation wide consequences, from reputational damage to a breach of the Privacy Principles and large fines.

The new Notifiable Data Breaches laws coming into force in February 2018 raise the importance of proper security. Organisations must report data breaches which are likely to result in serious interference with Privacy under the Privacy Act and substantial fines can be imposed for breaches.

Many existing document management practices fall far short of a safe secure standard.

The following practices could result in an inadvertent breach of security:

  • Documents filed on laptops and USB devices.
  • Documents sent as email attachments. Emails are not encrypted and their use represents a huge security risk.
  • Inadequate security levels controlling who can edit, share or delete documents.
  • Systems which do not record access to documents

Documents which are stored outside Australia, or just pass through foreign servers, face their own risks.

  • Under the Patriot Act the US Government has wide ranging powers to intercept information.
  • The powers apply to information hosted on servers in the US and to documents attached to emails passing through many commonly used US based email services.

The following practices may not result in a breach of the law, but could have dramatic results for the organisation:

  • No disaster recovery plan.
  • Inadequate redundancy plan, so that if a hosting facility fails documents are lost forever.
  • Daily backups.

Many board members would be sleepless with worry if they knew the full extent of their organisation’s risk taking practices.

Dazychain’s document management system has been designed to overcome every one of these issues:

  • Multiple security levels to control who can access, read, delete or edit documents, both internally and externally.
  • A complete audit trail revealing the document’s lifecycle. Who downloaded it, who amended it, who emailed it.
  • All communications are encrypted.
  • Data is encrypted, both at rest and in transit.
  • Data in is hosted in Australia.
  • Disaster recovery plans are in place.
  • Redundancy means that if a hosting facility fails others will immediately switch in.
  • Every access to the system is auditable.
  • Daily backups.

Why avoid email?

Because emails are dangerous. Emails can be penetrated by unauthorised users.

Sending documents by email is fast and easy, but insecure. Sending an email is one of the biggest security risks you can take.

Emails are not encrypted. They pass through many hosting points in different jurisdictions around the globe. The unauthorized access can happen while an email is in transit, stored on email servers or on a user’s computer.

However, there is a simple way to eliminate this risk by using a secure collaboration system such as Dazychain.

Instead of emailing back and forth and trying to track all the edits and notes and versions, you can work on the document in a shared environment with your colleagues. Everyone can work on the file rather than having multiple versions floating around. Dazychain keeps track of all versions so you can be confident you are working on the latest version.

Dazychain is a secure collaboration portal.