If you run a law firm and are concerned about data breaches and similar incidents, first look at your employees, as they may be the most likely to cause such an incident.
A new report from NetDocuments analyzing data from the Information Commissioner’s Office (ICO) for the period between the third quarter of 2022 and the second quarter of 2023 suggests that almost two-thirds (60%) of identified data breaches in the UK legal sector was caused by insiders.
Most of these insiders had no malicious intentions. Instead, they made mistakes, from sharing sensitive data with the wrong people to losing important hardware.
Basic, financial and health data are at risk
Breaking down the numbers, NetDocuments found that more than a third (37%) of incidents occurred after an insider shared data with the wrong person, either via email or verbally. Another 12% lost their data after leaving papers in an unsafe location or losing a device, while 39% lost their data wrongly (through verbal disclosure, failure to redact or use bcc, misconfigurations of hardware, etc.) ).
Finally, 27% of incidents were the result of phishing and ransomware attacks.
“It’s not just external threats such as ransomware that law firms need to watch out for. Law firms must be vigilant against insider data breaches – both intentional and accidental. This requires robust cybersecurity measures to control access to documents without hindering staff productivity,” said David Hansen, VP Compliance at NetDocuments.
The company’s findings also show that compromised law firm data collectively compromised some 4.2 million people, representing about 6% of the country’s entire population. Nearly half of cases (49%) affected customers, while another 13% affected employees.
Most commonly, these law firms lost basic personal information (49%), economic and financial data (13%), and health data (10%). Sometimes law firms also lost official documents (10%).