The Egress Data Loss Prevention Report 2021 has revealed that 96% of IT leaders within the legal sector say that client and company data is at risk on email. In addition, an overwhelming 90% of organisations have suffered data breaches via this channel in the last 12 months.
Human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error – for example, sending an email containing sensitive data to the wrong recipient or attaching the wrong file.
The study, independently conducted by Arlington Research on behalf of Egress, interviewed 500 IT leaders and 3,000 remote-working employees in the UK and US across vertical sectors including financial services, healthcare and legal.
Key insights include:
Remote working has left employees highly reliant on digital communication, turning to a host of tools from video conferencing software to chat applications to carry out their duties remotely. Employees have also become even more reliant on email, particularly for sharing sensitive data. Since the beginning of the pandemic, 90% of employees at legal organisations reported sending more emails and 88% say they use email to communicate confidential information, increasing the surface area for risk when it comes to an outbound email data breach.
The research also found that 57% of employees are working in environments where distractions and interruptions are commonplace, such as a shared home offices and communal spaces. In addition to concerns around confidentiality, the distractions faced by employees in these settings leads to an environment of heightened risk of accidental data loss.
The risk is compounded by stress and tiredness – and the research revealed that 93% of employees reported that they feel worse because of the pandemic. The blurring of work and home life has led to many employees working longer hours, in distracting environments, with both factors exacerbating the risk of an employee-activated security incident.
92% of legal employees surveyed revealed that they access work emails outside of their contracted working hours, and almost one-quarter of employees (35%) reporting that they are normally doing something else at the same time.
It’s no surprise then that 62% of legal IT leaders acknowledged that they have seen an increase in data leakage via email since employees started working remotely due to the COVID-19 pandemic.
To mitigate this risk, 77% of IT leaders state that they have deployed static email DLP solutions. However, 37% believe they create user friction, getting in the way of employees’ productivity.
Egress CEO Tony Pepper comments, ““It’s clear to see that email data loss is a significant problem in the legal sector. This research reveals the extent to which legal organisations are routinely exposing not just their own data, but that of their clients. Client trust is fundamental to the success of any legal organisation, and this trust and, ultimately, client relationships are jeopardised when data is lost. And clients are recognising this too! 62% of legal IT leaders report that they’ve seen an increase in clients asking whether they have email data loss prevention tools in place. This can’t be a box-ticking exercise though. Law firms need to put in place the right technology and security strategies to actually mitigate the heightened risk we’re seeing due to remote working, in order to protect client data, as well as their reputations and revenue streams.”
Egress’ 2021 DLP Report was conducted by independent organization Arlington Research among 500 IT leaders and 3000 remote-working employees in the financial services, legal and healthcare sectors within the UK and the US.
Copyright © 2021 Legal IT Professionals. All Rights Reserved.