A law firm is an attractive target for computer-based crime. It has lots of confidential information, lots of people with access to the core systems and lots to lose if the information is disclosed. Information needs to be protected, but it also needs to be accessible over networks. So how can you make sure you trust the user or the computer that is accessing it?

In the past, computer security was mainly about using good password practices, stopping viruses and blocking access at the firewall. But now computer crime is more purposeful, and the protection needs to be more sophisticated. If an Eastern European gang can fit a card reader into a cash machine without anyone noticing, just think what they might be able to do inside a law firm.

So the questions are: when a user account authenticates to a system, how can I know it really is the person it is supposed to be? And when I trust a computer, by storing information on it or by allowing it to connect to the network, how can I know it is the computer I think it is?