Legal professionals are ignoring best practice by using insecure methods when sending and sharing sensitive information
A recent survey* by Brainloop reveals that the legal sector’s most sensitive and confidential data is commonly distributed using insecure methods, with less than one in ten professionals using a business-grade file sharing tool to send classified documents and information to colleagues. In addition, despite confirming that the information shared by legal professionals is often highly sensitive, the majority of respondents also admitted that they have sent documents or information to the wrong recipient in the past.
Email is the distribution method of choice for sensitive legal data and documents
The Brainloop survey revealed that almost half of legal professionals most commonly send and share sensitive data and information over email. Of those questioned, 46% confirmed that email is the preferred choice for internal sensitive communications, while 42% said that they would still use email to send sensitive information to clients or business partners.
Other distribution methods highlighted in the survey included USB drives (8%), consumer-grade file sharing (5%) and Instant Messaging apps (3%). Less than a quarter of respondents stated that business-grade file sharing solutions are commonly used for sending sensitive information externally and just 1 in 10 use business-grade file sharing solutions for internal communications of a sensitive nature.
Legal professionals sharing sensitive documents admit to mistakes
The Brainloop survey confirmed that the information shared by legal professionals with colleagues and external parties is highly sensitive. Contracts (30%), personal information (13%), customer or partner information (12%) and boardroom documents (12%) are the most commonly shared items, while the remaining 10% of shared documents include less-sensitive invoices and other miscellaneous information.
The survey also revealed that three quarters of respondents admit that either they, or a colleague, have sent a document or information to the wrong recipient in the past. A further 5% indicated that they were not aware if they have done this, while 3% were not willing to say if they have shared information with the wrong recipient before.
Patchy legal sector understanding of key data protection regulations
Almost 90% of survey respondents confirmed that they are aware of the regulations surrounding data protection, file sharing and the exchange of information, including the General Data Protection Regulation. In addition, 84% of those surveyed confirmed that the loss of confidential information formed part of their firm’s risk management system. However, when it comes to the respondents’ view of broader awareness across the sector, almost one quarter admitted that they felt between “neutral” to “not at all confident” in their organisations’ understanding of these key data protection regulations.
Mark Edge, UK Country Manager at Brainloop, commented: “The majority of documents that legal practitioners work on need to be shared with clients and business partners on a day-to-day basis. Added to this is the fact that these documents contain highly sensitive information that must be secured against the threat of malicious hacking, unauthorised views and potential leaks, from both inside and outside of the firm itself. Law firms must ensure that practitioners follow best practices to deal with data and documents in both a secure and compliant manner.”
Brainloop Secure Dataroom provides legal services firms with a high-security file storage and sharing environment that maximises security by providing :
- Document-centric security with Rights Management Technologies
- Provider, Operator and Administrator shielding to protect sensitive data
- Full visibility of how information is used and by whom, where and on which device
- Local UK data centres to meet data residency requirements
- Fully secure email body and attachment tools
- Strict access controls ensure document confidentiality and protection
- Strong user authentication and encryption of all data, both in transit and at rest
Brainloop’s survey of over 100 legal professionals was conducted at London Law Expo in October 2015.
[su_box title=”About Brainloop AG” style=”noise” box_color=”#0e0d0d”]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.