According to a study,[1] even though 85% of law firms plan to offer a mix of home and office working in the aftermath of the coronavirus pandemic, over 40% of practices still have not properly updated their cybersecurity policies since moving to a remote working model. This is placing clients at substantial risk of data breaches, fraud and cyberattacks.
The survey of 3,500 firms also found that almost half (49%), have not carried out data protection impact assessments (DPIAs) which identify data risks and weaknesses.
Commenting on the findings, Kingsley Hayes, head of data breach at our firm, said:
“Our expert data breach lawyers are committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone whose data rights have been violated by their solicitor.
“Unfortunately, this survey demonstrates that data breaches and cyberattacks are only going to become more common if firms do not adequately identify the risks of personal IT equipment being used by at home-workers and ensure that robust security measures such as virus protection, system access tools and encryption are used as standard.”
The danger of client data being compromised in a data security incident is all too real. For example, legal and professional services firm Gateley experienced a significant cyberattack when its systems were compromised earlier this year. Client data was stolen in the attack by an external source, and many of those affected turned to Keller Postman UK to make a no-win, no-fee, compensation claim.
According to another report,[2] 39% of employees have admitted that their cyber-security practices at home are less thorough than those practised in the office, with 1 in 3 believing that they can get away with riskier security behaviours when working remotely.
Changes to the way we work have thrust data protection issues into the spotlight. The challenges of an at-home workforce and an increased reliance on remote technology bring additional risks. But despite the possible consequences – which can include business disruption, reputational damage, huge fines, and consumer claims – too many organisations fail to take data protection seriously. This is a ticking timebomb.
The legal sector, in particular, is a lucrative target for hackers. Solicitors have access to some of our most sensitive information. As such, strict policies and procedures must be in place to ensure the safe processing of personal data.
As a matter of urgency, firms must do more to ensure the security of the devices being used for remote work. Training is also essential to ensure that employees know how to navigate the risks and that they understand the consequences of poor data security practices. Especially as working from home – or at least flexible/hybrid working – is set to become the norm for many, even after the current pandemic has passed.
If you have been the victim of a legal data breach, we can help. Find out more or contact us today.
We have launched a group action against Capita. Group actions can be a powerful tool… Read More
Here are some of the questions our data protection experts have been asked about our… Read More
We have launched a group action against 2plan. Group actions can be a powerful tool… Read More
What happened in the 2plan data breach? Find out in our latest blog and claim… Read More
We have launched a group action against Southern Water. Group actions can be a powerful… Read More
Here are some of the questions we have been asked about our Southern Water data… Read More