Future Lawyers Summit: cloud versus on-premise computing

During the week past the Future Lawyers Summit was held in London. It was a good conference and had a multidisciplinary mix of lawyers, marketers and a few technology folk. I provided a short presentation about using cloud versus on-premise computing. The day was streamed over the Internet and you can view my presentation from the recording below (total time is about 15 minutes).


A self assessment IT security checklist

The following check list incorporates guidance from the ICO and GCHQ on data protection, IT security, and cyber security.

In addition, we have included our own experience.

The checklist provides a very easy way to get a view on your level of IT security in place.

Ask the appropriate person, or people, to go through the list, and tick each item that is covered.

Then you can take a measured decision on the action to take on the items that are not covered. Read more

Three potential weaknesses in encryption

Encryption is often identified as a significant way to protect data.

Encryption takes your data, and then using an algorithm, scrambles the data to make it unreadable.

Without something called an encryption key it is effectively impossible to decipher encrypted data.

As an analogy, encrypting data is as simple as closing a padlock – however, unencrypting data is very hard, just like attempting to open a padlock without a key is very hard. If you have the encryption key, then unencrypting data is easy, just as opening a padlock with a key is easy.

With that said, there are three potential weaknesses in encryption that you should validate in your IT environment. Read more

SRA requirement to inspect cloud computing provider data centres

This is a quick post summarising the publicly stated position from the Solicitors Regulation Authority of England and Wales on their need to inspect cloud providers data centres used by regulated members. I’ve discussed this many enough times with clients that I think it is worth writing down. Read more

Why your IT projects cost more and take longer

There’s an interesting article posted by the Society of Computers and Law about the challenge of getting realistic IT project estimates on cost and time. The author, Michael Bywell, a Partner at Arnold & Porter Kaye Scholer, asks two questions;

  1. How do we explain the tendency of planners to routinely underestimate costs and over-estimate benefits?
  2. Why do projects get the go-ahead when it is (or at least should be) obvious that they are bound to overrun?

Read more

How encryption on the Internet works, explained using Lego!


Have you ever wondered what it is about the fancy “padlock” symbols in your web browser that actually make your connection secure? Read more

Nine habits of highly effective password management


Passwords remain the primary method of people gaining access to computer systems, thus they are an obvious target for malicious activities. I personally have close to 50 passwords that are used on a monthly basis covering online storage, website services, social network accounts, email accounts, and local WiFi and Internet access.  Managing these passwords is critical to maintaining security in any business. Here is my list of the habits of highly effective password management that I think any business would benefit from adopting: Read more

The default Office 365 spam and malware policies, and how to change them

Recently I reviewed the Office 365 default policies for spam and malware and was pleasantly surprised by the spam control options available, but shocked by the default malware policy provided. Read more

First impressions, Unitrends Free backup appliance


Unitrends provides backup and disaster recovery solutions to businesses of all sizes. One solution it provides is called Unitrends Free. As the name implies this is a free solution, and is aimed at small businesses with 1TB or less data to backup. The solution is deployed as a virtual Linux appliance on either Hyper-V or ESX. Read more

Enabling auditing on mailboxes in Exchange Online

Microsofts provides a business class email service called Exchange Online which is part of their Office 365 suite of services.

Exchange Online is hosted by Microsoft and accessed via the Internet. Thus, anyone who knows (or who can guess) the mailbox password can access the mailbox. This is a reason to have a strong password, and to not re-use passwords. With that said, if you suspect your password has been exposed, it is reasonable to be worried that your email account has been exposed.

One approach to validate the access to your mailbox is to enable mailbox audit logs. Once enabled, Exchange Online logs are kept for 90 days, and refreshed every 24 hours with new events.

This post provides a short overview on how to enable mailbox logging in Exchange Online. The process is technical and is only suitable for users who are familiar with PowerShell (if you don’t know what PowerShell is, ask your IT Professional to complete these steps for you!). Read more

Page 2 of 3123