Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

Legal professionals need more cyber security training

Over half of legal professionals haven’t been cyber security-trained, according to new research from NordLocker.

user iconLauren Croft 03 March 2022 NewLaw
cybersecurity training
expand image

A new study has revealed a massive gap in cyber security training for the legal profession, showing that over 50 per cent of employees in the legal industry haven’t been trained in cyber security safety measures.

A new report from encrypted cloud service provider NordLocker, which surveyed over 1,500 legal professionals, showed that 51 per cent of employees hadn’t had cyber security training arranged by their current employer. Despite this, the survey also revealed that 83 per cent of legal professionals handle confidential data whilst working.

Oliver Noble, a cyber security expert at NordLocker, said this comparison was particularly alarming.

“Since legal services is among the top 10 industries most hit by ransomware, the organisations that don’t train their employees how to identify the potential risks and about the right measures to avoid them are on the brink of falling victim to various cybercriminal activities,” he said.

The survey also revealed that 11 per cent of employees in the legal services industry don’t use any cyber security tools at work. Among those who do use protection on their digital devices, antivirus is the most popular software at 67 per cent, followed by a password manager (57 per cent), a VPN (51 per cent), and a file-encryption tool (40 per cent).

“With cyber racketeers going after the overwhelming amount of sensitive client data legal service providers have access to, employers who don’t urge their employees to use the necessary cybersecurity tools, or even worse, don’t provide them, are putting their reputation at stake,” Mr Noble explained.

“Unsecured IoT devices, such as printers, can provide a pathway to a legal firm’s computer systems.”

Furthermore, when asked who should be responsible if they accidentally caused a data breach in their workplace, 41 per cent of legal professionals answered with “both the employer and the employee”. However, almost one in three respondents would solely blame their company if they were involved in a data breach.

“With the human element being one of the weakest links in a company’s cybersecurity and hackers looking for vulnerabilities to exploit, it’s easy to see why many employees believe their employer should ensure appropriate means to be able to withstand threats,” Mr Noble added.

In terms of implementing a few easy cyber security practices, Mr Noble recommended firms make sure their employees use strong passwords or multifactor authentication, implement and enforce periodic data backup and restoration processes and encrypt client files to avoid data leaks in ransomware. Even if encrypted files are stolen from corporate computers, hackers won’t be able to access content.

Lauren Croft

Lauren Croft

Lauren is a journalist at Lawyers Weekly and graduated with a Bachelor of Journalism from Macleay College. Prior to joining Lawyers Weekly, she worked as a trade journalist for media and travel industry publications and Travel Weekly. Originally born in England, Lauren enjoys trying new bars and restaurants, attending music festivals and travelling. She is also a keen snowboarder and pre-pandemic, spent a season living in a French ski resort.

You need to be a member to post comments. Become a member for free today!