If ever a professional services firm needed reminding of the business risks it is running by having ineffective security systems and controls in place, here is a high profile story to re-focus the mind.  I first caught the story on BBC TV during lunch.  There is also a similar report on ZDNet.

 

Any lessons drawn from this story or any other similar high-profile corporate bad news story, to the extent actioned, may also support one of Dennis Kennedy’s technology trends (see my Blog yesterday on the UK perspective to his Seven Legal Technology Trends for 2007 - Widening the Digital Divide in Law Practice a couple of days ago) under Portability with his sub-trend that “encryption [of data] arrives”.

 

Good practice security is not easy to achieve, but one of the morals of the Nationwide story is to raise an organisation’s general awareness of where it is in need of improvement.  In closing, I am reminded of the risk management and information security expert who first introduced me to this subject, whose overriding mantra is that, for risk to be managed effectively, it must be managed from “boardroom to storeroom”.

 

In passing, and to my knowledge, only two UK law firms, Irwin Mitchell and Allen & Overy, have publicly announced that they have achieved the international standard BS7799 certification on information security.  Assuming BS7799 is on a law firm's radar, it would be interesting to learn if the IT Director's case to management is stronger after today?