<div id=”articlebody”>

If you’re running a law firm and are worried about data breaches and similar incidents, look at your employees first, as they might bethe most likely ones to cause such an incident.

A new report from NetDocuments analyzing data from the Information Commissioner’s Office (ICO) for the period between Q3 2022 and Q2 2023 suggests  almost twothirds (60%) of identified data breaches in the UK legal sector were caused by insiders.

Most of these insiders were not malicious in their intent. Rather, they made mistakes, from sharing sensitive data with the wrong people, to losing important hardware.

Basic, financial, and health data at risk

Breaking the numbers down, NetDocuments found that more than a third (37%) of incidents happened after an insider shared data with the wrong person, either via email or verbally. Another 12% lost the data after leaving papers in an insecure location, or after losing a device, while 39% lost it in error (through verbal disclosure, failure to redact or use bcc, hardware misconfigurations, and similar). 

Finally, 27% of incidents came from phishing and ransomware attacks. 

“It’s not just external threats like ransomware that law firms need to watch out for. Law firms must be vigilant to insider data breaches – whether intentional or accidental. This requires robust cyber security measures to govern access to documents, without hampering staff productivity,” commented David Hansen, VP, Compliance at NetDocuments.

The company’s findings have also shown that cumulatively, compromised data from legal firms put some 4.2 million people at risk, which amounts to roughly 6% of the country’s entire population. Almost half of the cases (49%) impacted customers, with another 13% impacting employees. 

More from Pro

Share.
Exit mobile version