What are the security risks for law firms using Windows 10?

September 2nd, 2015

windows 10 security risks for law firms

Recent reports have said that Windows 10 is the most secure operating system Microsoft has ever released. This is good news, as rarely do I buy software hoping that it will be less secure than its predecessors.

It’s clear that Microsoft has been working hard to come up with innovative security software to keep you and your computer systems safe. From Microsoft Edge to Windows Hello, Bill Gates and Co. have worked tirelessly to make Microsoft 10 safe and easy to use. This focus on security is especially important for law firms since data protection is a fundamental part of your work.

From the internal features to the everyday programs, Microsoft has strived to improve every aspect of the new operating system. One of the more noticeable improvements has been its capitulation of Internet Explorer.

Along with the new OS, Microsoft has come back with Microsoft Edge. The new browser was built with security at its core, with a range of features created to deliver better protection when online.

Windows Hello is another feature designed for the security of the computer system. Hello uses biometrics, such as facial recognition, fingerprints, and iris scanning to allow users to log into the system, making it considerably more secure. Unfortunately, because older hardware was not designed for such features, law firms may have to buy new hardware in order to use this.

Windows Passport takes Windows Hello even further by allowing you to use this feature across multiple devices. Passport uses a two-step combination of biometrics and a PIN to allow you to sign into your Windows account on multiple devices. This removes the need for setting up multiple accounts and means that only you have access to your account, which helps keep sensitive information more secure.

One concern that has been raised amongst law firms is that the emergence of Wifi-Sense, a service that allows Windows users to connect to a particular network more easily. The worry here is that, if an employee’s contact’s device is not secure, it can be used as a breaching point for those trying to gain information from the law firm’s network. However, any well-informed IT team would know about these potential risks and can easily turn this setting off.

All of these features protect against outsiders attacking your computer systems, but what about Microsoft? When dealing with sensitive legal information, privacy is not only a vital aspect of the service being provided but also an essential part of maintaining compliance. So how well-guarded is private legal information from Microsoft itself?

In reality, Microsoft has not introduced many new privacy changes. The few that it has made could be considered privacy concerns, such as Cortana’s (Microsoft’s version of Siri) ability to tap into your calendar, emails and location, and in theory, could relay them back to Microsoft HQ. However, this function is optional, and in this instance, a law firm must choose between privacy and functionality.

The new Cloud-interfacing operating system (which uses the biometrics) means that Microsoft needs access to some private information, which the user must provide. It is this access to information that allows a ‘frictionless’ multi-platform interface. However, Windows 10 collects no more information than Windows 7 and 8 did or even supermarket loyalty cards. This should have no real impact on a firm’s ability to demonstrate compliance.

For all these reasons, law firms shouldn’t be overly concerned about privacy issues arising from Windows 10, as IT departments are able to configure the systems to prevent the data being accessed by Microsoft. This is not always the best option, however, as the information which is sent back to Microsoft is often done so to help prevent threats and fix issues, with Google Chrome and Mozilla Firefox doing the exact same thing. As a result, by not allowing Microsoft to collect data, a computer network could actually be rendered even less secure, and thus potentially leave a firm open to a serious data breach that results in fines or other penalties.

In short, Windows 10 gives a wide scope of internal and external protection. When utilised correctly, it should be more than capable of keeping a firm’s information secure whilst also meeting any data protection requirements.

Are you concerned about the security of your law firm? Find out your risk score with our free online assessment.