We asked our Technical Officer to break down how we think about security at Witness Connect, from engineering principles to everyday risks in legal workflows.

What does “Secure by Default” mean for engineers?

In engineering, Secure by Default means the product is designed so that the most secure settings are the standard, out-of-the-box configuration. A solicitor or expert does not have to do anything additional to increase or enhance their security posture when using the platform.

To achieve this, there are a number of design principles we adhere to:

• Least privilege: Permissions are set to "None" or "Read-only" initially. Access must be explicitly granted rather than revoked later.

• Fail-closed behaviour: If a system component fails or an error occurs, the system defaults to a state that denies access rather than one that bypasses security checks.

• Secure communication: HTTPS/TLS is used by default, with deprecated protocols (such as SSLv3) disabled without requiring configuration changes.

• Input sanitisation: We use frameworks that automatically escape HTML or parameterise SQL queries, so a developer has to go out of their way to write an insecure query.

• Minimal attack surface: Unnecessary features, ports, or services are disabled in production unless they are explicitly required.

The goal is simple: to make the path of least resistance also the most secure path. By following these principles, we minimise the likelihood of a developer mistake leading to a security compromise.

Why is email + attachments risky for sensitive information?

We use email for almost everything, which creates a false sense of security. Given its prevalence, it is easy to forget that email was designed as an open communication protocol (SMTP), not a secure vault.

In my view, there are three main reasons why using email for sensitive data is fundamentally risky:

1) Lack of control after sending
Once you hit "Send," you lose custody of that data. You cannot retract an attachment, expire access, or track how it is shared. It persists in inboxes and can be forwarded indefinitely.

2) A frictionless attack vector
Attachments remain the primary delivery mechanism for malware. Because users are conditioned to trust familiar names, email is a common entry point for:

• Phishing: Spoofing identities to prompt users to download malicious files

• Business Email Compromise (BEC): Where a compromised account exposes years of sensitive documents and correspondence

We have spent years training people not to click on suspicious links or attachments,  yet continue to rely on them as a primary way of sharing sensitive material.

3) “Data at Rest” Vulnerabilities
While many providers encrypt emails in transit (via TLS), attachments are often stored unencrypted across multiple locations:

• The sender’s "Sent" folder

• The recipient’s "Inbox"

• Mail servers on both sides

• Local downloads or device caches

Over time, this leads to sensitive information being distributed across systems and devices with limited visibility or control.

Where is Witness Connect data stored, and why does that matter?

All data is stored and processed on servers within the UK.

This is important for a number of reasons:

• Regulatory oversight: Data remains under UK GDPR and the jurisdiction of the Information Commissioner’s Office (ICO), ensuring it is governed by UK legal standards.

• Jurisdictional protection: Storing data within the UK reduces exposure to foreign legislation, such as the U.S. CLOUD Act, which can compel providers to disclose data held overseas.

• Performance: Keeping data geographically closer to UK based users also reduces latency and improves overall system performance.

What common security shortcuts do early-stage platforms often take that we deliberately avoided?

For over a decade, the OWASP Foundation has worked to identify the most common vulnerabilities that lead to security breaches.

The OWASP Top 10 is a widely recognised standard for web application security. It reflects a broad consensus on the most critical risks facing modern applications.

At Witness Connect, this framework is embedded into our development standards. It ensures that we are consistently building against known risks, rather than reacting to them after the fact.

If you were an expert witness concerned about data protection, what would you want reassurance on?

As an expert witness, I would want to understand where my data is stored, who has access to it, and how it is protected, both in transit and at rest.

Many current workflows still rely on email and local file storage. This means sensitive documents can end up distributed across inboxes, downloads folders, and multiple devices, often without consistent controls or visibility.

The key question is not whether data is shared, but how controlled that sharing is.

A secure system should ensure that access is intentional, auditable, and, where necessary, revocable, rather than permanent and uncontrolled once a document has been sent.

That level of control is what ultimately reduces both operational risk and potential exposure.