What are the Security Risks for Law Firms Using Windows 10?

August 25, 2015

The new Microsoft operating system, Windows 10, has been described as the company’s safest version yet. However, because of Microsoft’s policy of relaying information to its HQ to improve its services, questions have been raised as to whether or not sensitive information is really safe. So, how secure is Windows 10? And do law firms need to be worried?

It seems clear to me that Microsoft has been working hard to come up with innovative security software to keep sensitive information safe. From Microsoft Edge to Windows Hello, Bill Gates and Co have worked tirelessly to invent new strategies for making Windows 10 both secure and easy to use. This focus on security is especially important for law firms, since security and data protection are a fundamental part of legal work.

From the internal features to the every day programs, Microsoft has strived to improve every aspect of the new operating system. One of the more noticeable improvements has been a move to push aside Internet Explorer somewhat. Along with the new OS, Microsoft has come back with Microsoft Edge. The new browser was built with security at its core, with a range of features created to deliver better protection when online.

Windows Hello is another feature designed for the security of the computer system. Hello uses biometrics, such as facial recognition, fingerprints and iris scanning to allow users to log into the system, making it considerably more secure. Unfortunately, because older hardware was not designed for such features, law firms may have to buy new hardware in order to use the software.

Windows Passport takes Windows Hello even further by allowing firms to use this feature across multiple devices. Passport uses a two-step combination of biometrics and a PIN to allow lawyers to sign into their Windows account and applications on multiple devices. This removes the need for setting up numerous accounts, and means that the user is the only person who can gain access to their account, which obviously helps to keep sensitive information more secure.

One concern that has been raised amongst law firms is the emergence of Wifi-Sense, a service that allows Windows users to connect to networks more easily. The worry here is that, if an individual has a contact whose device is not secure, it can be used as a breaching point for those trying to gain information from the law firm’s network. However, any well-informed IT team would know about this potential risk and can easily turn this setting off.

All of these features protect against outsiders attacking a law firm’s computer systems, but what about Microsoft? When dealing with sensitive legal information, privacy is clearly a vital aspect of the service being provided, so how well-guarded is private legal information from Microsoft itself?

In most cases, the privacy concerns being mentioned in the press have really been overstated. It is very easy to whip up a storm when the majority of the public don’t understand the subject very well, bar the term ‘privacy concern’. In reality, Microsoft has not introduced many new privacy changes. The few that it has made could be considered privacy concerns, such as Cortana, Microsoft’s version of Siri, which has the ability to tap into your calendar, emails and location. This, in theory, could relay this information back to Microsoft HQ, but this function is optional, and so in this instance a law firm must choose between privacy and functionality.

The new Cloud-interfacing operating system (which uses the biometrics) does mean that Microsoft needs access to some of the private information provided by the user, as it is this access to information that allows a ‘frictionless’ multi-platform interface. However, Windows 10 collects no more information than Windows 7 and 8 did. Even smartphones and supermarket loyalty cards collect more data than the new Windows operating system.

In general, law firms shouldn’t be overly concerned about privacy issues arising from Windows 10, as IT departments are able to configure the systems to prevent sensitive data being accessed by Microsoft or third-party software vendors. This is not always the best option, however, as the information which is sent back to Microsoft is often sent back so as to help prevent threats and fix issues, with Google Chrome and Mozilla Firefox doing the exact same thing. The irony, therefore, is that by not allowing Microsoft to collect data, a computer network could be rendered even less secure.

As information security is at the heart of legal work, it is vital that Windows 10 has the ability to protect a user from a vast array of internal and external threats. Fortunately, the newly developed software and Microsoft’s dedication to filling in any gaps in security mean that Windows 10 will continue to improve and protect law firms from having their sensitive information breached.

Robert Rutherford is CEO of QuoStar, a business consultancy and information technology firm: https://quostar.com/