About the Author
The world is changing. With the introduction of the General Data Protection Regulation (GDPR) in 2018 and major events, including the pandemic, data protection has become a top priority for businesses across Europe. Or not?
With only a quarter of firms believing that they are complying with the requirements of GDPR, what should you be aware of and how might this affect your legal practice?
According to Insider Data Breach Survey 2020 by Egress, 96% of legal sector IT heads are in fear of insider data breaches with 78% of them believing that employees have put data at risk accidentally in the past 12 months, and 75% of them thinking that employees did that intentionally. Most importantly, almost half of them (41%) say that financial damage would be the area of greatest impact in case an internal data breach occurs at their organisation.
Concerning reliance on traditional technologies to prevent insider breaches
Although legal sector IT leaders seem to acknowledge the fact that data breaches pose serious threats to their practice, they have yet to adopt risk management strategies or technologies to mitigate the risk. Instead, they rely mostly on traditional technologies cherry-picking their solutions. Specifically, the research revealed that half of them are currently using anti-virus software as a way to combat phishing attacks, with only 47% of them using secure collaboration software. So, with the current disruption affecting your practice, a question you need to ask yourself is: Would you be willing to take risks you might not be able to afford later on?
Misdirected and phishing emails the top cause of accidental insider data breaches
Over a half of legal sector employees (55%), who had accidentally leaked data, said they fell prey to phishing attacks sent by email. Moreover, almost a third of them admitted to simply making a mistake by sharing information with the wrong person, for example via email. Although such incidents are common and have existed since employees started using email, you can now prevent them from affecting your legal practice by using the right technology. For example, contextual machine learning can protect your law firm from issues like misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly. In other words, with an ISO27001 accredited legal software provider, you can keep your projects rolling safely and worry-free whilst working from home.
Erroneous employee views on data ownership and security responsibility in the legal sector
Understanding employees’ views on data ownership and security responsibility explains why insider breach risk is so difficult to manage. Alarmingly, 41% of the legal industry employees stated that teams that created the information own it. This misconception was even higher among directors, with 61% of them claiming ownership of the data they generated. However, when asked who’s responsible for keeping the company’s data safe, the survey uncovered that only 11% recognised that everyone shares equal responsibility to protect data. That is, although employees want to own the data they create or work on, they refuse to accept responsibility for keeping it safe. These false beliefs make data protection extremely difficult, especially now that most legal employees are working from home.
So, with the legal sector being at great risk from insider data breaches, how do you move forward with data protection?
Choosing an ISO27001 certified legal cloud hosting provider and a secure case management system, such as DPS Spitfire, will definitely be a massive step forward. Why does ISO27001 certification matter? Because it shows that your software provider is dedicated to following the best practices of information security, and thus ensuring your most valid assets, like employee and client information, are always secured. So, to keep your data out of the wrong hands, you need to choose wisely your software provider to avoid the risk of cyber-attacks and the financial and reputational damage that usually comes with it.
With solutions such as DPS Cloud and DPS Spitfire, you can make sure you protect your law firm from the risk of a data breach, even under these challenging working conditions. Our software safeguards and simplifies the information sharing process within your legal practice saving you money and time as well as increasing your team’s efficiency. Importantly, using a credible outsourced provider, such as DPS, means you can be confident your law firm will be compliant with the requirements of the GDPR.
So, if you’re worried that your current legal software doesn’t provide you with sufficient security, or you’d like to find out more about our ISO27001 accredited software, contact us today.