You are here

Law firms are struggling to manage their data security risks

User resistance to change is hindering improvements to systems and processes, ILTA survey finds

7 December 2015

Add comment

By Manju Manglani, Editor (@ManjuManglani)

Getting lawyers to embrace technological change is the biggest challenge facing law firms today.

That's according to the 2015 ILTA Technology Survey, the findings of which are published in a 269-page report. The survey received responses from 420 firms, of which two thirds have less than 150 lawyers.

It found that the biggest security challenge facing law firms' IT departments is balancing security with usability (31 per cent). This is followed by the challenges of user acceptance and behaviour (24 per cent), user education and awareness (22 per cent) and firm culture (22 per cent).

The findings of the ILTA survey echo those of Managing Partner’s 2015 legal technology survey. Respondents to our survey said the biggest challenge facing IT departments is persuading lawyers and others to use the new systems acquired (39 per cent). Close behind is the challenge of training users on how to use the new systems (37 per cent).

Part of the difficulty is in how the IT team is perceived by senior management. The majority (39 per cent) of respondents to the ILTA survey said that the firm's top management primarily view the IT department as an expense. Only a third said the IT function is seen as an asset.

When asked to rank their top technology issues or annoyances, three out of five of the top areas highlighted by respondents related to change. These were: managing management's and users' expectations; users' acceptance of change; and keeping up with new version of software.

The top technology issue or annoyance highlighted by respondents is security and risk management. However, just over half (51 per cent) of respondents said their firm has a security awareness training programme for users. This is down from previous years, where 55 per cent provided security training in 2014 and 67 per cent had this in place in 2013. Less than two fifths (38 per cent) have an outside security assessment performed annually, while a fifth said they never had it done and a further fifth said it was conducted 'as needed'.

Email management also ranked among the top five issues and annoyances facing technology teams, with many lawyers continuing to depend on email as their primary means of communication. The biggest email support challenge highlighted by respondents is managing large mailboxes (42 per cent), followed by archiving, retention and retrieval compliance (29 per cent).

However, lawyers' emails are often unencrypted, putting client confidentiality and legal privilege at risk. More than two fifths (42 per cent) said they do not have automatic email encryption; among those who have this service, the most popular are Exchange-TLS and Mimecast. Less than a quarter (23 per cent) have user-initiated encryption services like RPost and YouSentIt.

Many firms enable mobile working but do not have sufficient data security safeguards in place. Fifty-nine per cent of respondents said they provide Outlook web access for remote access to work emails. Nearly two thirds (65 per cent) said that between 20 and 100 per cent of their non-lawyer staff have access to email via a wireless device. In addition, more than half (52 per cent) depend on lawyers bringing their own devices to work to support mobile working.

However, 48 per cent said they do not have any third-party systems for mobile device management. In addition, only 44 per cent of respondents said they use smartphone device encryption as a security measure. The risks of a data security breach are high when staff and lawyers use their mobile devices to send emails on unsecured WiFi networks.

The lack of adequate regulation of metadata also puts law firms at risk of both data security and legal privilege breaches, according to an expert Law Society panel. It was noted that technology providers are more of a risk than government surveillance.

"Once a communication is on the internet or stored in the cloud, it runs rampant. If it enters one network, it will spiral off like a spider onto other networks," said one panellist.

However, many law firms depend on cloud-based services to enable mobile working. Thirty per cent of respondents said they use cloud-based email high-availability services, while a further third said they have email solutions of this type onsite. Eighteen per cent use both cloud-based and onsite email services. More than half (51 per cent) said their firm plans to increase its adoption of cloud-based solutions.

Among the respondents who are not using cloud services, security was highlighted as the biggest barrier to moving the firm's technology to the cloud. This was followed by cost issues and concerns over reliability and performance.


Categorised in:

Risk & Compliance Technology HR