Lawyers regularly download sensitive data onto unprotected personal devices
vnunet.com, 28 Oct 2008
Nearly a quarter of UK law firms have admitted to losing confidential data, according to a recent survey by Credant Technologies.
The data protection firm's survey of 100 law firms across the country found 24 per cent of respondents admitted to misplacing at least one mobile device containing confidential documents, putting case notes, contracts and client details at risk.
Just 13 per cent of those who said they had lost a device believed the data was protected as the device was secured and the information encrypted. On the other hand, almost four out of 10 (37 per cent) of the lawyers surveyed believed that if they did lose their mobile device the data would be easily accessible to a hacker.
While a third of respondents said they encrypt their data now, over 90 per cent believe a password alone is sufficient to protect the data. However, according to ex-hacker turned IT security consultant Robert Schifreen passwords are not up to the job of protecting sensitive information on a mobile device.
"You can download cracking software from Google that can break the average password in less than 30 minutes," he said. "These findings show just how naive the legal profession is when it comes to data security and I suspect other professions are just as bad, if not worse. The only answer is, if you store sensitive data you must encrypt it."
The study found that one of the biggest security gaps stemmed from the fact that one in five lawyers use their own personal mobile phones, notebooks and USB drives to store client and corporate information.
"It's worrying to note that so many unprotected devices have gone missing over the past few years, but personally I'm more concerned by how many personal mobile devices are being used by lawyers that clearly bypass any security procedures set up by the legal firm," said Michael Callahan, vice president of Global Marketing at Credant.
"This creates an uncontrollable environment for the IT security staff as they simply can't keep track of which devices they've secured and which they haven't. "
Callahan recommended that all organisations "implement a data protection policy that ensures all handheld, laptop and removable media are encrypted, managed and controlled centrally, which then enables the IT guys to be able to suspend access to the information if it is misplaced or stolen".
Firms being forced to spend unnecessarily on perceived IT security risks, say experts at RSA show
European data protection supervisor backs call for law to apply to all information service providers
Systems deployed with known holes, says government audit
MoD admits to losing a hard drive containing up to 100,000 army records
In part one of V3.co.uk's interview with Dirk Singer, he dicusses social media monitoring strategies
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Analyst Simon Perry argues that the data deluge doesn't have...
Do you agree?
Have your say on this article