How Confidential Are the Calls With Your Lawyer?
The final speaker at the event came from the multinational law firm Skadden. In litigation, maintaining client-attorney privilege can make the difference between whether a case is won or lost, as well as how much of a judgment is assessed at the end. How often do we audit the security of the law firms we use, making sure we don't pay legal fees only to lose because a firm isn't secure enough?
I'm often engaged in multiple legal actions that could be compromised if litigation strategies are leaked to the other side. It makes me wonder if I should avoid law firms used by governments or pharmaceutical companies, since they're most likely to be penetrated, with the information that's pulled released accidentally. If anything related to my own efforts gets out, I'm in trouble.
What You Don't Know Can Kill You, or at Least Kill Your Career
What I took away from the BlackBerry event is that we don't look at security problems holistically. We aren't as concerned as we should be about the Internet of Things in general and driverless cars in particular. (I'm really going to watch the self-driving cars in my area more closely given Google's horrid security record).
I'm reminded again about the security test we did at IBM decades ago. We set up the most secure site we could engineer and then challenged a former spy and security expert to break in. He did, in a matter of hours, by penetrating an insecure site connected to our impenetrable security showcase. We have to look at security holistically.
Finally, it's a huge mistake to not treat voice like data. It's easy to capture and mine voice calls thanks to mobile devices. As one expert at this event implies, unless you have a secure phone with the encryption running, treat the call as if it's being monitored by one or more governments.
Sign up for CIO Asia eNewsletters.