Insider threats and the legal sector

Insider threats and the legal sector

Three quarters of data breaches in the UK legal sector caused by insiders. Leaving data in an insecure location, failure to redact or bcc, and emailing the wrong person the common causes.

UK law firms need greater protection against inside cyber threats, warns NetDocuments, the leading secure cloud-based content services platform for law firms, corporate legal teams, and compliance departments. Based on analysis of  data from the Information Commissioner’s Office (ICO), between Q3 2019-2020 and Q2 2020-2021, 75 percent of identified data breaches in the legal sector (i.e. those where the origin could be identified) were caused by insiders, as opposed to only 25 percent caused by outside threats, such as external malicious actors.

The findings highlight the need for law firms to remain vigilant, invest in data security and adopt the right governance controls. This includes data encryption, the ability to control how documents are accessed or used and enabling data to be wiped remotely if lost or stolen.

“Understandably there has been a lot of focus on external threats to the legal sector. However, as these findings show law firms can take their eye off the ball when it comes to insider incidents,” comments Guy Phillips VP of International Business at NetDocuments. “Whether users are malicious, naïve, or careless, the reputational and financial damage can be huge. This is why law firms must put in the right security controls to protect themselves and put in place comprehensive management of user access to documents and files.”

The analysis of the ICO data goes on to highlight the common causes of data breaches in the legal sector:

  • 50 percent of data breaches in the legal sector occurred from sharing data with the wrong person (i.e. via email, post or verbally)
  • 17 percent of data breaches occurred from losing data (i.e. loss/theft of device containing personal data, or of paperwork or data left in insecure location)
  • 57 percent occurred from human error (i.e. verbal disclosure; failure to redact or use bcc; alteration of data; hardware mis-configuration; documents emailed or posted to wrong recipient)

“The shift to remote and hybrid models of working has only increased the potential security risks, as more documents and files are being shared and accessed from dispersed locations,” continues Guy Phillips. “Law firms need to ensure that they have a truly holistic approach to Data Loss Prevention to allow more control over how files are accessed and what users can do with them. Data protection and encryption should be at the core of a document management platform, with the aim of gaining complete control over data privacy and regulatory compliance with no impact to productivity or performance.”

NetDocuments offers document management, email management and collaboration technology complete with disaster recovery, enterprise search, and matter centricity features.

Main image courtesy of

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]