According to a study, even though 85% of law firms plan to offer a mix of home and office working in the aftermath of the coronavirus pandemic, over 40% of practices still have not properly updated their cybersecurity policies since moving to a remote working model. This is placing clients at substantial risk of data breaches, fraud and cyberattacks.
The survey of 3,500 firms also found that almost half (49%), have not carried out data protection impact assessments (DPIAs) which identify data risks and weaknesses.
“Although most firms appear to be doing the right things, there are quite a few that are placing themselves, their staff and their clients at significant risk. We urge these firms to take urgent action to ensure they seek help to address the gaps highlighted.”
Brian Rogers, regulatory director at Access Legal
Commenting on the findings, Kingsley Hayes, head of data breach at Keller Lenkner UK, said:
“At Keller Lenkner UK, our expert data breach lawyers are committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone whose data rights have been violated by their solicitor.
“Unfortunately, this survey demonstrates that data breaches and cyberattacks are only going to become more common if firms do not adequately identify the risks of personal IT equipment being used by at home-workers and ensure that robust security measures such as virus protection, system access tools and encryption are used as standard.”
The danger of client data being compromised in a data security incident is all too real. For example, legal and professional services firm Gateley experienced a significant cyberattack when its systems were compromised earlier this year. Client data was stolen in the attack by an external source, and many of those affected turned to Keller Lenkner UK to make a no-win, no-fee, compensation claim.
Employees have picked up bad cybersecurity habits while working from home
According to another report, 39% of employees have admitted that their cyber-security practices at home are less thorough than those practised in the office, with 1 in 3 believing that they can get away with riskier security behaviours when working remotely.
At home working and data protection
Changes to the way we work have thrust data protection issues into the spotlight. The challenges of an at-home workforce and an increased reliance on remote technology bring additional risks. But despite the possible consequences – which can include business disruption, reputational damage, huge fines, and consumer claims – too many organisations fail to take data protection seriously. This is a ticking timebomb.
The legal sector, in particular, is a lucrative target for hackers. Solicitors have access to some of our most sensitive information. As such, strict policies and procedures must be in place to ensure the safe processing of personal data.
As a matter of urgency, firms must do more to ensure the security of the devices being used for remote work. Training is also essential to ensure that employees know how to navigate the risks and that they understand the consequences of poor data security practices. Especially as working from home – or at least flexible/hybrid working – is set to become the norm for many, even after the current pandemic has passed.