One in ten lawyers have no data safety guards in place

Over half of legal professionals in the UK believe their companies aren't doing as much as they could to prevent security breaches, new research shows.

The independent mail operator, DX, a staple of the legal profession, conducted a survey of 100 professionals working in legal departments and law firms in the UK, and looked at attitudes towards data security in the legal sector.

The research also found that one in ten lawyers admitted to having no measures at all in place to decrease the risk of data loss.

The growing trend of cyber-attacks, targeted at confidential data and designed to sell on the data or for blackmail purposes, either by has given the industry cause to pay closer attention to its data security practices.

The Information Commissioner's Office has repeatedly emphasised the importance of encrypting data so that it is protected in the event of misdirection or loss.

It is concerning the survey revealed that despite this, almost a fifth of legal professionals had no idea what measures their firm has in place and just one in three believed their organisation's current security systems to be 'very reliable'.

Paul Doble, chief sales and marketing officer, at DX said: "The legal industry is one built on a 400 year legacy of confidentiality, but recent developments in cyber security have brought some elements of the industry's ability to maintain the privacy of its communications into question.

"The consequences of a severe data breach on reputation are self-evident, but upcoming EU regulation on information security is due to provide an even greater incentive for firms to take the issue very seriously. The new regulations are still in the planning stages but the whispers are of fines reaching as high as five per cent of global turnover for data security breaches. It's never been more important for firms to get their data security practices in order."

Significant fines

Commenting on the research, Robert Rutherford, managing director at IT consultancy Quostar, said: "This survey shows that a minority of lawyers believe with conviction that their firm's security measures are strong enough to safeguard client information - this will surely raise some serious questions for the industry. Even more worryingly, the news that one in ten legal professionals believe that no such measures are currently in place at all is a sign that - for some at least - action must be taken urgently."

Rutherford added the significant fines that can be imposed on individual lawyers demonstrate how seriously the regulator is taking the industry's information security.

"The online environment that lawyers now inhabit requires stronger and more relevant controls than anything the industry has had to contend with previously. Forced encryption, data leak prevention and individual device controls are all must-haves for legal professionals and firms that are committed to protecting their confidential electronic information. Without these tools, law firms risk not only heavy fines, but irreparable reputational damage if instances of data losses or leaks get into the public domain."

She continued: "Ultimately, data controls need to be top-down and companywide, rather than the sole responsibility of the IT team. That is the only way to ensure that the firm is protecting the reputation of both its clients and its brand."

John van der Luit-Drummond is legal reporter for Solicitors Journal