If you work at a law firm, the most dangerous threat of all might actually be your employees

News
By Sead Fadilpašić
published

Most data breaches come from inside, new report shows

data privacy
(Image credit: Shutterstock / Zeeker2526)

If you’re running a law firm and are worried about data breaches and similar incidents, look at your employees first, as they might bethe most likely ones to cause such an incident.

A new report from NetDocuments analyzing data from the Information Commissioner’s Office (ICO) for the period between Q3 2022 and Q2 2023 suggests  almost two-thirds (60%) of identified data breaches in the UK legal sector were caused by insiders.

Most of these insiders were not malicious in their intent. Rather, they made mistakes, from sharing sensitive data with the wrong people, to losing important hardware.

Basic, financial, and health data at risk

Breaking the numbers down, NetDocuments found that more than a third (37%) of incidents happened after an insider shared data with the wrong person, either via email or verbally. Another 12% lost the data after leaving papers in an insecure location, or after losing a device, while 39% lost it in error (through verbal disclosure, failure to redact or use bcc, hardware misconfigurations, and similar). 

Finally, 27% of incidents came from phishing and ransomware attacks. 

“It’s not just external threats like ransomware that law firms need to watch out for. Law firms must be vigilant to insider data breaches – whether intentional or accidental. This requires robust cyber security measures to govern access to documents, without hampering staff productivity,” commented David Hansen, VP, Compliance at NetDocuments.

The company’s findings have also shown that cumulatively, compromised data from legal firms put some 4.2 million people at risk, which amounts to roughly 6% of the country’s entire population. Almost half of the cases (49%) impacted customers, with another 13% impacting employees. 

Most of the time, these law firms would lose basic personal information (49%), economic and financial data (13%), and health data (10%). Sometimes, law firms would also lose official documents (10%).

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.