Two-thirds of data breaches at UK legal firms caused by insiders

New analysis of data breaches in the UK legal sector reveals that 68 percent were caused by insiders.

Analysis by secure cloud platform NetDocuments of data from the Information Commissioner's Office (ICO) reveals evidence of a 'Great Exfiltration' where employees are leaving their jobs and taking their company's data with them.

"Given the sensitivity and vast amount of data that law firms manage, the legal sector is one of the most at-risk industries from both accidental and intentional insider data breaches," says Andy Baldin, VP of international business at NetDocuments. "The shift to remote working and the advent of the 'Great Exfiltration' has only exacerbated the issue. It’s clear that law firms need to be extra vigilant and take proactive steps to gain control over how files are accessed, and what users can do with them, while at the same ensuring their staff remain productive."

Looking at the most common causes of data breaches in the legal sector, 52 percent occurred due to sharing data with the wrong person, 25 percent from phishing attacks and 10 percent from losing data (for example loss/theft of a device containing personal data, or of paperwork or data left in insecure location).

The biggest problem though is human error with 54 percent of breaches due to things like verbal disclosure; failure to redact or use bcc; alteration of data; hardware mis-configuration; or documents emailed or posted to wrong recipient.

"Whether malicious or through careless actions, data breaches can cause huge financial and reputational damage," adds Baldin. "Law firms should look to prioritise Data Loss Prevention as part of their overall cybersecurity strategies. This will ensure that they have an extra line of defence when it comes to preventing exfiltration and the unauthorised or inappropriate use of data."

You can see a recorded webinar on keeping data secure during the Great Resignation at the NetDocuments site.

Photo Credit: khz/Shutterstock