You are here

UK law firms failing to protect client data

One in four say their IT systems have been hacked 

30 May 2013

Add comment

By Manju Manglani, Editor (@ManjuManglani)

UK law firms are failing to prioritise data security and potentially falling foul of data protection regulations.

That’s according to research by Altodigital, which found that few firms are taking measures to protect data as it is perceived to be “too expensive or time consuming”.

This is despite the fact that 23 per cent of respondents have admitted that their IT systems have been hacked in the past.

The survey of more than 80 decision makers at law firms across the UK found that just under half of respondents do not lock away their laptops at night. Further, 41 per cent fail to regularly change security passwords and just over a quarter do not use firewalls.

“Despite what many may think, better document security comes down to taking common sense  precautions, such as deleting internal hard drives before disposing of equipment, ensuring devices are correctly setup and configured to mitigate potential breaches, and internal security policies are implemented, as well as having an effective and secure managed document services infrastructure,” said Tony Burnett of Altodigital.

The study found there was an “overwhelming lack of knowledge” among respondents about external print or scanning devices storing data sent to them on an internal hard drive, which can pose a potential hacking risk if they are connected to a company network and not protected properly.

Nearly half of respondents (45%) admitted to failing to take measures to protect data stored on these devices. Over one in six said they do not wipe the internal hard drive when a device is given away (19 per cent), sold (17 per cent) or dumped (9 per cent).

However, nearly two thirds of firms said they regularly scan sensitive client documents, including passports (63 per cent), bank statements or financial records (63 per cent), birth certificates (50 per cent) and utility bills (44 per cent), meaning they could risk falling foul of data protection laws.

Under proposed changes to the EU’s Data Protection Directive, firms could be fined up to €1m or two per cent of their global annual turnover for serious data breaches.

In addition, a third of respondents admitted to leaving important documents unshredded, potentially allowing sensitive documents to end up in the wrong hands or be used for fraudulent activity.

The findings are based on responses from decision makers at 84 law firms across the UK. Sixty-one per cent said they have more than 101 members of staff, among which 37 per cent have more than 201 staff. The remainder have between 21 and 100 members of staff.

Categorised in:

Risk & Compliance Technology