What are the security risks for law firms using Windows 10?

Data BreachesWindows 10 is reported to be the most secure operating system Microsoft has ever released. This is good news, as I rarely buy software hoping that it will be less secure than its predecessor. It’s clear that Microsoft has been working hard to come up with innovative security software to keep you and your computer systems safe. From Microsoft Edge to Windows Hello, Bill Gates & Co. have invented impressive new strategies to make Microsoft 10 safe and easy to use. This focus on security is especially important for law firms investing in new technologies such as the cloud, as data protection is crucial to legal work.
One of the more noticeable improvements has been the side-lining of Internet Explorer to a certain extent. Along with the new OS, Microsoft has pushed to enhance browser security with Microsoft Edge. The new browser was built with security at its core, with a range of features created to deliver better protection when online, including Microsoft’s SmartScreen technology, which enables Edge to do a reputation check on individual websites to make sure they are safe. On a more fundamental level, Edge also makes use of “sandboxing”, which is a security term for executing a program or software in a contained environment so it cannot affect any other programs that may be running on a device. The fact that Edge is constantly running in a partial sandbox also provides added security for the end user, because if Edge is compromised, the rest of the computer won’t be harmed.
Just like Microsoft Edge, Windows Hello has also been designed with security in mind. Hello uses biometrics, such as facial recognition, fingerprints, and iris scanning to allow users to log into the system, making it considerably more secure. Unfortunately, law firms may have to invest in new compatible hardware in order to make full use of the new features. Windows Passport takes Windows Hello even further by allowing you to use this feature across multiple devices. Passport uses a two-step combination of biometrics and a PIN to allow you to sign into your Windows account on multiple devices. This removes the need for setting up multiple accounts, and means that only you have access to your account, which helps keep sensitive information more secure.
One concern that has been raised amongst law firms is that the emergence of Wifi-Sense, a service that allows Windows users to connect to a particular network more easily. The worry here is that, if an individual is working with a contact whose device is not secure, it can be used as a breaching point for those trying to gain information from the law firm’s network. However, any well-informed IT team would know about these potential risks and can easily turn this setting off.
All of these features protect against outsiders attacking your computer systems, but what about Microsoft? Firstly, it’s my belief that privacy concerns have been significantly overstated in the press. It’s very easy to whip up a storm when the majority of your readers aren’t security experts.
In reality, Microsoft has not introduced many new privacy changes. The few that it has made could be considered concerns, such as Cortana’s (the Microsoft version of Siri, but better) ability to tap into your calendar, emails and location, which, in theory, could relay information back to Microsoft HQ. However, this function is optional, and in this instance you must choose between privacy and functionality.
The new Cloud-interfacing operating system (which uses biometrics) does mean that Microsoft needs access to some of the information that you’ve provided; it’s this access to information that allows a ‘frictionless’ multi-platform interface. However, the information that Windows 10 will collect is no more than Windows 7 and 8 did, or even your supermarket loyalty card.

In fact, even your smartphone collects more data than the new Windows operating system. For example, Windows 10 doesn’t collect your home information, date of birth, telephone numbers, shopping habits, locations or log-on information. It is purely a token-based solution that enables you to log-on to multiple platforms more easily, without having to re-submit any personal data.

In general, law firms shouldn’t be too concerned about potential privacy issues arising from upgrading to Windows 10, as IT departments are able to configure the systems to prevent the release of data (this can mean webcams, email, microphones etc.) However, the information that is sent back to Microsoft is often done so to help prevent threats and fix issues, a process often seen in practice by Google Chrome and Mozilla Firefox. The irony is that by not sharing your data, you could be making your systems even less secure.

Robert Rutherford, CEO of QuoStar, a business consultancy and information technology firm

Filed Under: Technology

Relevant Articles
Area of Interest