Your digital identity is the gateway to your data, and increasingly, this includes most facets of your everyday life. Whether it’s your social media accounts, bank details, chat history or your shopping habits.
With so many accounts to manage and protect, maintaining constant access across multiple devices whilst keeping them all secure can be a complex task.
With data more valuable than ever, these large collections of personal information are very attractive targets to criminals. Recent breaches show that vital personal information for vast numbers of people often give hackers the key information they need to unlock access to even greater volumes of data or even worse, the ability to use a victim’s identity.
This is not only relevant to personal data protection but is also critical within the corporate world, specifically in the legal sector. Law firms process huge amounts of personal client information, sensitive contracts and large financial transactions which makes them an attractive target for malicious cyber exploitation.
So, what is the answer? Well, one answer gaining more credibility is to move the control of identity information from the companies to us as individuals, giving us the ability to control which aspects of our personal data is used and when.
To achieve this, two things are needed:
- A way to prove your identity without divulging sensitive data
- A way to authenticate you are who you say you are
To achieve the first, a simple and well understood approach can be used; hashing.
Hashing is a mechanism used to generate a value from some existing information, using a mathematical function. If you were to change any of the original information and rerun the hash, it would output a hash completely different to the original.
Hashing is also a one-way function meaning that reversing it is virtually impossible. This therefore makes hashing an effective mechanism for hiding underlying data whilst ensuring it hasn’t been changed in transit.
By utilising a hash of your identity, it’s possible to authenticate yourself without revealing the personal data you used to create it. This protects the security of your data.
Creating a hash of an identity is not very useful however, if no one can use or interact with it. This is where a secure, ubiquitous, transactional system is required and a relatively new one is showing signs of being a good candidate: Blockchain.
A ‘Blockchain’ allows parties to transact securely without any third-party involvement, removing the need for complex (and sometimes costly) intermediaries to enable direct peer-to-peer interaction.
Each transaction is independently verified before it makes it on to the Blockchain ledger which means there is no centralised authority and thereby no single point of failure. This decentralisation is one of the potential benefits from a security perspective. Once the data has been entered in to the blockchain, no one can change it and so it provides verifiable proof of the integrity of the transaction. It also removes the need for human involvement thereby eliminating the need for passwords.
By combining a digital identity verification service using hashing with the decentralised blockchain principle, a digital ID can be created from either all or parts of your ID which can then be used to transact for services. For example, you could just authorise the hashed part of your ID that provides your age for purchasing alcohol or just your address for having goods delivered to your home from a courier.
With both a verified ID to authenticate against and a secure platform to transact with, there is no need for your personal information to be disclosed, you just need to set the conditions of what you want to authorise, when you want to authorise it and to who.
Law firms that are facing challenges, such as diminishing demand from corporate clients and stronger competition from non-traditional players, are also considering blockchain to aide their practices. Blockchain technology is being used to to create more sound, tamper-proof and legally unassailable agreements based on smart contract technology. This should reduce contract-related litigation, which leads to lost employee hours and higher operating costs for law firms.
There are also instances where blockchain is also being used for Freedom of Information Act (FOIA) Requests. The blockchain could allow a passkey-protected database of information that is accessible via FOIA requests. Allowing the requester to search themselves without altering information or accessing any classified information would make FOIA requests easier to manage and ensure productivity within law forms is not affected.
Whilst large scale adoption and interoperability of verification services using Blockchain is yet to take place, the ability to build services in to blockchains is becoming more ubiquitous and some companies are already selling ID services in this area. Therefore, don’t be surprised if you start to see accelerated progression towards self-managed digital IDs soon, and blockchain technology being incorporated across the legal sector.
BLOCKPHISH provides law firms with the ability to improve their resilience against phishing attacks. We deliver simulated phishing emails and awareness learning to your staff, specifically tailored to emulate real-world cyber threats. BLOCKPHISH aims to improve recognition and understanding of these threats, and reduce the possibility that a phishing email will compromise your security or lead to a sophisticated cyber-attack.
We provide a vast and broad cyber consulting capability to ensure your firm receives the guidance and expertise it requires to strengthen its defences against cyber-attacks.
- Support the creation and realisation of an appropriate cyber strategy from managed Security Operations Centres (SOCs) to the delivery of manged ethical phishing campaigns.
- We will help you to understand the cyber risks your firm faces and identify, establish and operate a robust and pragmatic governance and management system to address those risks
- Assess your people, process and technology solutions and deliver a remediation and improvement plan to mitigate any vulnerabilities
- Provide first responder capability in the event of a cyber incident to the stem the impact of an attack, restore services or data quickly and prevent repeat occurrences.
- Embed cyber aware behaviours within your firms culture to reduce your vulnerability to cyber-attacks.
- Deliver cyber simulations and incident and crisis simulations for key staff to ensure your firm is best prepared to respond effectively in the event of a cyber breach
- Provide training and professional development for your security professionals
- Assess and support you in your journey to comply with the EU’s General Data Protection Regulation (GDPR) and ensure you avoid the high penalties (4% of global revenues) for non-compliance
- Our Certified consultants deliver assessment services including Cyber Security Risk Assessment, Cyber Security Strategy & Architecture, Cyber Essentials, PCI DSS, ISO27001, UK DPA and other internationally recognised standards