By Rob Stevenson, CEO and Founder of Legal Futures Associate BackupVault
A 2022 survey by Netdocuments found that 68% of data breaches in the UK legal sector were caused by insiders – 16% through a malicious act and 52% from genuine human error. Law firms are an attractive target for cyber-attackers due to the amount of sensitive data they handle, but the leading threats to data are from your internal team.
Why is this happening?
As the use of cloud applications has skyrocketed and working remotely using our own devices has become more common, securing data has become increasingly difficult in recent years. It’s simply getting harder for businesses to keep track of where data is stored. But when more than two-thirds of data loss incidents are caused by insiders rather than external threats, a comprehensive data security strategy is vital for your law firm. How you protect and manage data as a business is as important as your cybersecurity strategy – losing critical data can have disastrous consequences for both the day-to-day running of your firm and your reputation.
How to guard against insider data breaches
Here are the steps you can take to reduce the risk of data loss within your law firm:
- Identify where all data is stored. This includes all devices, applications and cloud services – you will need to ask your staff exactly what systems and tools they’re using to get a clear picture of where all business data is located.
- Prioritise your data types. Personally identifiable information (PII) and sensitive client data must be secured as a matter of urgency.
- Use ‘least privilege’ access. If you haven’t implemented this already, make sure each employee can only access the data they need in order to complete their work. You may need to amend account permissions to put this rule in place – and remember to revoke access when anyone stops working for your law firm.
- Provide IT security training. Make sure your staff receive regular training on how to protect data and transfer it safely.
- Implement third-party backup. An external backup service that backs up regularly and encrypts your data both during transfer and at rest is the best way to safeguard your data.
For help securing your business-critical data, contact BackupVault on 020 3397 5159 today.
BackupVault: what have you got to lose?