|  |
UK Law Firms Face Growing Information Security Risks Yet Fail to Act
Over half of UK law firms think IT security threats are increasing and the majority see computer viruses as the biggest opportunity for security risk, yet only pay lip service to vital security and business continuity measures, claims new research.
The results come from a survey of 100 UK law firms, conducted by NOP World and commissioned by Evolution Security Systems, the corporate digital security specialist. The survey also showed that despite there being more than a one in ten chance of a UK law firm suffering an digital security breach over the last 12 months, more than half of respondents still ask colleagues to check their e-mails while one quarter never change their password.
The survey also found that four out of ten legal firms questioned do not operate or know about disaster recovery plans for their firm’s IT systems.
These findings follow a similar survey conducted twelve months ago. It shows that the same issues dominate law firms’ thinking yet proactive security measures are not being fully developed.
More than half of those interviewed feel that digital security risks are increasing. Four out of five (78%) law firms said that computer viruses represent the single biggest threat against them.
Key findings of the 2005 survey include:
* One in 10 law firms had suffered digital security breaches in the past year (the same as in 2004)
* Over half believe digital security threats are increasing
* 78% see computer viruses as the biggest threat with 29% saying that organised computer crime is the fastest growing concern
* Over half have colleagues check their e-mails
* One in four never change their ‘sign on’ passwords.
* 53% have not deployed anti-spyware on computer networks
* Nearly 50% do not have a dedicated IT digital security budget
Despite improvements, UK law firms have not put adequate security measures in place. Half of legal executives admitted that they ask colleagues to check e-mails, while 26% fail to change network access passwords. Worryingly, of those interviewed, 39% do not operate, or are unaware of, disaster recovery plans.
Evolution Security Systems’ Group chief executive Ritchie Jeune, commented: "UK law firms clearly recognise the type of threats ranged against them, whether computer viruses, hackers and organised criminal gangs, but they are nevertheless failing to take some essential security measures which would address most of these problems. Many respondents also seem unaware of their organisation’s business continuity plans. This is particularly worrying, since most law firms, driven by Lexel and other accreditations, will clearly be required to have security and disaster recovery documents policies in place over time.”
Jeune believes that greater regulation of legal sector will cause law firms to act: "Risk management and professional indemnity is high on the agenda for law firms but it is imperative that UK legal practices put in place further measures to genuinely protect the security of the company information, rather than pursuing compliance for its own sake.”
"Client information and company reputation are in jeopardy unless security is tightened and basic security software implemented. Most of the surveyed firms are alive to security risks, yet in many cases, basic security requirements, such as changing passwords, running anti-spyware and building robust disaster recovery procedures, are not being met.” 05.08.2005, Evolution Security Systems
Subscribe to the newsletter | | |
| | | |
