More than two thirds of data breaches at UK legal firms were caused by insiders warns NetDocuments
Theft or loss of paperwork, data left in an insecure location and data emailed to wrong recipients cited as common causes
Data breaches caused by insiders remains a threat to the UK legal sector warns NetDocuments, the leading secure cloud-based content services platform for law firms, corporate legal teams, and compliance departments. Based on analysis of the latest data from the Information Commissioner’s Office (ICO) from Q3 2021, 68% of identified data breaches in the UK legal sector (i.e., those where the origin could be identified) were caused by insiders, as opposed to only 32% caused by outside threats, such as external malicious actors.
At a time when the Great Resignation has created the “Great Exfiltration” whereby employees are leaving their jobs and taking their company’s data with them, the findings highlight the need for law firms to prioritise addressing threats from within and invest in the latest data security and governance controls.
“Given the sensitivity and vast amount of data that law firms manage, the legal sector is one of the most at-risk industries from both accidental and intentional insider data breaches,” comments Andy Baldin, VP of International Business at NetDocuments. “The shift to remote working and the advent of the ‘Great Exfiltration’ has only exacerbated the issue. It’s clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed, and what users can do with them, while at the same ensuring their staff remain productive.”
The analysis of the ICO data highlights the common causes of data breaches in the legal sector:
- 52% of data breaches in the legal sector occurred from sharing data with the wrong person (i.e., via email, post or verbally)
- 25% of data breaches in the legal sector occurred from phishing attacks
- 10% of data breaches occurred from losing data (i.e., loss/theft of device containing personal data, or of paperwork or data left in insecure location)
- 54% occurred from human error (i.e., verbal disclosure; failure to redact or use bcc; alteration of data; hardware mis-configuration; documents emailed or posted to wrong recipient)
“Whether malicious or through careless actions, data breaches can cause huge financial and reputational damage,” continues Baldin. “Law firms should look to prioritise Data Loss Prevention as part of their overall cybersecurity strategies. This will ensure that they have an extra line of defence when it comes to preventing exfiltration and the unauthorised or inappropriate use of data.”
NetDocuments recently held a webinar on firms keeping secure amidst the Great Resignation. A link to the recording can be found here.