The vast majority (75%) of security incidents in the legal sector reported to the data protection regulator last year were caused by insiders, according to new Freedom of Information (FOI) data.
The information was requested by content management firm NetDocuments and covers the period November 2019-October 2020.
Published today, the findings highlighted the challenges facing the sector from negligent and malicious employees.
Half of breaches reported to the Information Commissioner's Office (ICO) during the period happened after data was shared with the wrong person, via email, verbally or in the post.
A further 17% of incidents were marked as “data loss,” that is, loss or theft of a device containing personal data, or of paperwork or data left in an insecure location.
In total, nearly three-fifths (57%) of data breaches in the legal sector over the period came from human error, which includes verbal disclosure, failure to redact or use bcc, alteration of data, hardware misconfiguration or documents emailed or posted to the wrong recipient.
Guy Phillips, VP of international business at NetDocuments, argued that the reputational and financial damage to law firms from insider incidents could be huge.
“The shift to remote and hybrid models of working has only increased the potential security risks, as more documents and files are being shared and accessed from dispersed locations,” he added.
“Law firms need to ensure that they have a truly holistic approach to data loss prevention to allow more control over how files are accessed and what users can do with them. Data protection and encryption should be at the core of a document management platform, with the aim of gaining complete control over data privacy and regulatory compliance with no impact on productivity or performance.”
Back in February a legal advisory firm was found to have leaked 15,000 sensitive client documents via a misconfigured AWS bucket. They related to court documents for cases involving people injured or killed in road traffic accidents.