A quarter of law firms have confessed to misplacing confidential documents on a mobile device.
Following a survey by Credant Technologies of 100 legal firms across the UK to ascertain how the sector views ‘security, mobile devices and end-point protection.'
Of those surveyed, 37 per cent of lawyers believed that if they did lose their mobile device it would be insecure as a hacker, or identity thief, is ‘cleverer than the average lawyer' and could access the data it contains. Only 13 per cent of those that had lost a mobile device were confident it couldn't be breached, or used against them, as only this small percentage of law firms were security savvy enough to encrypt the data residing on them.
Over 90 per cent of lawyers believe their data is protected because they are securing it with a password but four per cent don't use any security whatsoever. However, an educated third of lawyers interviewed are protecting their information with encryption.
The ever popular blackberry/PDA is now the most preferred device that lawyers use to store their information with, compared with 63 per cent who use their laptops, 41 per cent using USBs or memory sticks, and 21 per cent now using a smartphone such as the Apple iPhone. Seven percent use an MP3 or Tablet PC and the majority use a combination of all of these devices.
Robert Schifreen, former hacker and now an IT security consultant, said: “Passwords are just inadequate if you have confidential sensitive information residing on a mobile device. You can download cracking software from Google that can break the average password in less than 30 minutes.
“These findings show just how naïve the legal profession is when it comes to data security and I suspect other professions are just as bad, if not worse! The only answer is, if you store sensitive data, you must encrypt it.”
Michael Callahan VP Global Marketing at Credant said: “It's worrying to note that so many unprotected devices have gone missing over the past few years, but personally I'm more concerned by how many personal mobile devices are being used by lawyers which clearly by-pass any security procedures set-up by the legal firm.
“This creates an uncontrollable environment for the IT security staff as they simply can't keep track of which devices they've secured and which they haven't. Our advice is to implement a data protection policy that ensures all handheld, laptop, desktop and other removable media (like USB sticks) are encrypted, managed and controlled centrally which then enables the IT guys to be able to suspend anyone getting to the information if it is misplaced or stolen.”