Nothing But Delivery

E-crime and cyber security provided the theme for Scotland’s leading legal IT conference this year. The focus for the main speakers at the ninth annual Nothing But The Net conference was on the latest threats facing businesses, and how to tackle information security challenges. The revised format of the event – with generous time allocated to the keynote speakers and streamed workshop sessions – again proved popular, evidence that we listen to feedback from delegates and tailor the programme accordingly.

The keynote speaker, Ira Winkler, President of the Internet Security Advisors Group, flew in from the United States to attend the conference, which was held in Glasgow on 7 October. Winkler, a former undercover security analyst with the National Security Agency, now works with governments and major corporations to help them uncover potential security breaches, as well as assisting organisations in developing cost effective security programs.

Described as a “modern day James Bond” in the media because of his unique approach to his work – including espionage simulations and “breaking in” to organisations’ systems to highlight their flaws (known as penetration testing) – Winkler did not disappoint the 100 or so delegates present. His presentation, “Zen and the Art of Cyber Security”, drew attention to the fact that many of those concerned with cyber security have a false sense of knowledge about the work. He stressed that security is complicated, expensive and there is a lack of qualified people to provide the appropriate expertise to businesses. And the professionals that do exist may specialise in one area of work, while being weak in others. It is a situation that gives organisations a false sense of security – and could prove extremely costly.

However, he emphasised that security problems are preventable, if computer systems are properly maintained and administered and the right people are in place. Concentrating on the basics, addressing the most common vulnerablities and training staff appropriately are all crucial, he added. His conclusion: security should be “built in, not bolted on”. Winkler’s presentation was practical rather than legalistic. In other words, it was a breath of fresh air for all those present.

Avoidable problems

The first afternoon speaker was Detective Sergeant Scott Barnett, from the Scottish Crime and Drugs Enforcement Agency, who looked at developments in cyber crime. He explained how organised crime groups use fraudulent methods such as identity theft, phishing attacks (to gain personal details by deception) and denial of service (overloading a site with traffic to bring it down). He also warned of the threats from spam, viruses, other malware and even social networking sites. However, he also underlined the fact that problems are avoidable if computer systems are properly protected, not least with anti-virus software, firewalls and by downloading the latest security updates (or patches) for web browsers and operating systems.

Also in the afternoon session, Ken Macdonald, the Assistant Information Commissioner in Scotland, focused on the forthcoming changes to the data protection regime, which are likely to include increased penalties for those who obtain data unlawfully. He said that data protection officers would become increasingly important in organisations, which will find they must “comply or die”. Later, Ted Page, from PWS Ltd, gave an address on “Legal Sector Website Accessibility”, which questioned whether it would be the stick of regulation or the carrot of the associated business benefits that persuades legal sector website operators to comply with the requirements of the Disability Discrimination Act.

The workshops and discussion forums covered a wide range of fascinating subjects, such as John Butler, from Edinburgh-based Geode Forensics Ltd, describing the “very unglamorous, sheer slog” of digital forensics – a specialism that was practically unknown 20 years ago – in which “X never, ever marks the spot”. Other sessions focused on topics such as the benefits of embracing technology to reduce storing through electronic filing; how adopting a creative approach to e-business can boost business; the importance of disaster recovery; intellectual property rights in the digital age; developing corporate social responsibility; Voice Over IP in the modern law firm; remote working; and, controlling telecom and utility costs.

Our thanks go to the sponsors, with Ron Macfarlane, national sales manager for Dacoll, describing Nothing But The Net as the “only event that delivers for the key decision makers in the legal profession in Scotland in a single day”. He also offered some practical advice, reminding solicitors that security is not only about the high profile cases, but includes how data is stored and what reliable backup solutions are in place. Once again, the exhibition was a major feature of the day, with 23 exhibitors taking part.