Data breaches caused by insiders remains a threat to the UK legal sector warns NetDocuments, the leading secure cloud-based content services platform for law firms, corporate legal teams, and compliance departments. Based on analysis of data from the Information Commissioner’s Office (ICO) from Q3 2021, 68 percent of identified data breaches in the UK legal sector (i.e., those where the origin could be identified) were caused by insiders, as opposed to only 32 percent caused by outside threats, such as external malicious actors.
At a time when the Great Resignation has created the “Great Exfiltration” whereby employees are leaving their jobs and taking their company’s data with them, the findings highlight the need for law firms to prioritise addressing threats from within and invest in the latest data security and governance controls.
“Given the sensitivity and vast amount of data that law firms manage, the legal sector is one of the most at-risk industries from both accidental and intentional insider data breaches,” comments Andy Baldin, VP of International Business at NetDocuments. “The shift to remote working and the advent of the ‘Great Exfiltration’ has only exacerbated the issue. It’s clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed, and what users can do with them, while at the same ensuring their staff remain productive.”
The analysis of the ICO data highlights the common causes of data breaches in the legal sector:
- 52 percent of data breaches in the legal sector occurred from sharing data with the wrong person (i.e., via email, post or verbally)
- 25 percent of data breaches in the legal sector occurred from phishing attacks
- 10 percent of data breaches occurred from losing data (i.e., loss/theft of device containing personal data, or of paperwork or data left in insecure location)
- 54 percent occurred from human error (i.e., verbal disclosure; failure to redact or use bcc; alteration of data; hardware mis-configuration; documents emailed or posted to wrong recipient)
"Whether malicious or through careless actions, data breaches can cause huge financial and reputational damage,” continues Baldin. “Law firms should look to prioritise Data Loss Prevention as part of their overall cybersecurity strategies. This will ensure that they have an extra line of defence when it comes to preventing exfiltration and the unauthorised or inappropriate use of data."
NetDocuments recently held a webinar on firms keeping secure amidst the Great Resignation. A link to the recording can be found here.