Nearly a quarter of UK legal firms have lost confidential information, an IT specialist has said.
A survey by IT security firm Credant Technologies found 24 per cent of UK legal companies confessed to misplacing at least one mobile device.
These losses leave data saved to the device vulnerable to exposure with case-notes, contracts and client details at risk.
The survey of legal firms found the vast majority of lawyers did not encrypt information when carrying it around on a mobile data storage device.
And only a tiny minority of firms had a security scheme to ensure company details were kept safe.
Robert Schifreen, an ex-hacker and an IT security consultant, said: “Passwords are inadequate if you have confidential sensitive information on a mobile device. You can download cracking software from Google that can break the average password in less than 30 minutes.
“These findings show how naive the legal profession is when it comes to data security and I suspect other professions are just as bad, if not worse. The only answer is, if you store sensitive data, encrypt it.”
The survey found one in five lawyers used their own mobile devices to store corporate and sensitive information, leading to security worries if these are lost, or if the lawyer leaves.
Respondents said a variety of highly sensitive information including business emails, work contact details, client contact details, company data, client records, contracts, case files and even security details like passwords and access codes had been left on personal devices like Blackberrys or iPhones.
The Government has found itself in hot water after sensitive information has been lost by civil servants.
In January a laptop belonging to a Royal Navy officer was stolen from a car in Edgbaston. It emerged the laptop contained personal information relating to 600,000 people who either expressed an interest in, or joined, the Royal Navy, Royal Marines and the Royal Air Force.
And the cavalier attitude of lawyers to personal data found in the Credant survey suggests legal clients’ data could be at risk.
Credant global marketing vice president Michael Callahan said: “It’s worrying to note that so many unprotected devices have gone missing over the past few years.
“But personally I’m more concerned by how many personal mobile devices are being used by lawyers which clearly bypass any security procedures set up by the legal firm. This creates an uncontrollable environment for the IT security staff as they simply can’t keep track of which devices they’ve secured and which they haven’t.
“Our advice is to implement a data protection policy that ensures all handheld, laptop, desktop and other removable media – like USB sticks – are encrypted, managed and controlled centrally which then enables the IT guys to be able to suspend access to the information if it is misplaced or stolen.”
