More than half of legal professionals in the US lack cybersecurity training: study

Survey reveals that 83 per cent of legal professionals handle confidential data at work

More than half of legal professionals in the US lack cybersecurity training: study

Fifty-one per cent of employees in the legal service industry in the US  have not received cybersecurity training arranged by their current employer, according to a new survey commissioned by NordLocker, an encrypted cloud service provider. The same survey reveals that 83 per cent of legal professionals handle confidential data at work.

“Since legal services is among the top ten industries most hit by ransomware, the organizations that don’t train their employees how to identify the potential risks and about the right measures to avoid them are on the brink of falling victim to various cybercriminal activities,” explains Oliver Noble, a cybersecurity expert at NordLocker.

The survey also reveals that 11 per cent of employees in the legal services industry do not use any cybersecurity tools at work. Among those who do use protection on their digital devices, antivirus is the most popular software (67%) followed by a password manager (57%), a VPN (51%), and a file encryption tool (40%).

“With cyber racketeers going after the overwhelming amount of sensitive client data legal service providers have access to, employers who don’t urge their employees to use the necessary cybersecurity tools, or even worse, don’t provide them, are putting their reputation at stake,” says Noble. “Unsecured IoT devices, such as printers, can provide a pathway to a legal firm’s computer systems.”

When asked who should be responsible if they accidentally caused a data breach in their workplace, the majority of legal professionals surveyed answered with “both the employer and the employee”. However, almost one in three respondents would solely blame their company if they were involved in a data breach.

“With the human element being one of the weakest links in a company’s cybersecurity and hackers looking for vulnerabilities to exploit, it’s easy to see why many employees believe their employer should ensure appropriate means to be able to withstand threats,” Noble says.

Five easy-to-implement cybersecurity practices for legal professionals

  • Make sure your employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication.
  • Secure your email by training your staff to identify signs of phishing, especially when an email contains attachments and links.
  • Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
  • Adopt zero-trust network access, meaning that every access request to digital resources by a member of staff should be granted only after their identity has been appropriately verified.
  • Encrypt your client files to avoid data leaks in ransomware. Even if encrypted files are stolen from corporate computers, hackers won’t be able to access their content and threaten you with exposing the data publicly.

NordLocker commissioned a survey of 300 employees in the legal services industry in the US in October 2021.


Recent articles & video

UK high court junks high-profile defamation case against former Tory MP

Justice Minister announces new legislation to reduce delays in the Family Court

Simpson Grierson senior solicitor: Make things happen for yourself

2023 NZ Law Awards sponsor is looking for the best in-house legal team in the country

Clifford Chance penetrates global energy hub with Houston office

Takeovers Panel welcomes Chapman Tripp partner

Most Read Articles

Why alternative career paths spell the future of BigLaw firms

Government announces plans to reform and modernise surrogacy laws

Takeovers Panel welcomes Chapman Tripp partner

Court of Appeal dismisses unjustified disadvantage claims by employee with mental health issues