Legal sector’s most sensitive data at risk from poor file sharing habits

Despite the wide availability of data rooms and secure file sharing solutions almost half of legal professionals are still using email to send classified documents and information to colleagues, a recent survey has found, with many admitting to accidentally sending documents to the wrong person.
Confirming what IT directors and partners in charge of risk already know and fear, the survey by German IT security provider Brainloop revealed that almost half of legal professionals commonly send and share sensitive data and information over email. Forty-six percent of legal professionals said that email is the preferred choice for internal sensitive communications, while 42% said that they would still use email to send sensitive information to clients or business partners.
Other distribution methods highlighted in the survey included USB drives (8%), consumer-grade file sharing (5%) and Instant Messaging apps (3%). Less than a quarter of respondents said that business-grade file sharing solutions are commonly used for sending sensitive information externally and just one in 10 said they use business-grade file sharing solutions for internal communications of a sensitive nature.
The Brainloop survey, conducted among over 100 legal professionals at London Law Expo in October 2015, found that the information most commonly shared by legal professionals with colleagues and external parties include contracts (30%), personal information (13%), customer or partner information (12%) and boardroom documents (12%), while the remaining 10% of shared documents include less sensitive invoices and other miscellaneous information.
The survey also revealed that three quarters of respondents admit that either they, or a colleague, have sent a document or information to the wrong recipient in the past. A further 5% said that they were not aware if they have done this, while 3% were not willing to say if they have shared information with the wrong recipient before.
Almost 90% of survey respondents confirmed that they are aware of the regulations surrounding data protection, file sharing and the exchange of information, including the General Data Protection Regulation. In addition, 84% of those surveyed confirmed that the loss of confidential information formed part of their firm’s risk management system.
However, when it came to respondents’ broader awareness of their data protection obligations, almost one quarter admitted that they felt between “neutral” to “not at all confident” in their organisations’ understanding of the key regulation.
Mark Edge, UK country manager at Brainloop, which provides secure collaboration solutions for confidential information said: “The majority of documents that legal practitioners work on need to be shared with clients and business partners on a day-to-day basis. Added to this is the fact that these documents contain highly sensitive information that must be secured against the threat of malicious hacking, unauthorised views and potential leaks, from both inside and outside of the firm itself. Law firms must ensure that practitioners follow best practices to deal with data and documents in both a secure and compliant manner.”