According to a new survey, 51% of employees in the legal services sector have not taken any cybersecurity training organized by their current employer. This is alarming information as the same survey reveals that 83% of legal professionals deal with confidential data at work.
The survey was commissioned by NordLocker, an encrypted cloud service provider. Oliver Noble, cybersecurity expert at NordLockerhas explained :
“Since legal departments are among the ten sectors most affected by ransomware, organizations that do not train their employees to identify potential risks and the right measures to avoid them are on the verge of falling victim to various cybercriminal activities. ..”
11% do not use any cybersecurity tools
The survey reveals that 11% of employees in the legal services sector do not use any cybersecurity tools at work. Among those who use protection on their digital devices, antivirus is the most popular software (67%), followed by a password manager (57%), a VPN (51%) and a file encryption tool (40%).
noble noted:
“While cyber racketeers prey on the overwhelming amount of sensitive client data that legal service providers have access to, employers who fail to encourage their employees to use the necessary cybersecurity tools, or even worse, fail to don’t provide them, put their reputation at stake.
Unsecured IoT devices, such as printers, can provide a pathway to a law firm’s IT systems.”
30% would accuse their employer of a data breach
When asked who should be responsible if they accidentally cause a data breach at their workplace, the majority of legal professionals said “both employer and employee” (41%). However, almost one in three respondents (30%) would only blame their company if they were involved in a data breach.
“With the human element being one of the weakest links in a company’s cybersecurity and with hackers looking for vulnerabilities to exploit, it’s easy to see why many employees believe their employer should ensure appropriate means to to be able to resist threats.“, noble said.
Five easy-to-implement cybersecurity practices for legal professionals
- Make sure your employees use strong, unique passwords to log into your systems. Better yet, implement multi-factor authentication.
- Secure your email by training your staff to identify the signs of phishing, especially when an email contains attachments and links.
- Implement and enforce periodic data backup and restore processes. An encrypted cloud might be the most secure solution for this.
- Adopt trustless network access, which means that every request for access to digital resources by a staff member should only be granted after their identity has been properly verified.
- Encrypt your client files to prevent ransomware data leaks. Even if encrypted files are stolen from company computers, hackers will not be able to access their contents and will threaten to expose the data publicly.
