A quarter of UK legal firms admit that they have misplaced at least one mobile device containing confidential documents, a survey has shown.
The lax attitude of legal firms towards data security leaves case-notes, contract details and client information at risk.
The survey, conducted on 100 legal firms by market research company The Survey Shop on behalf of UK IT security firm Credant Technologies, found that 90 percent of lawyers surveyed believe their data is fully protected by a password. Four percent of lawyers do not use any security whatsoever.
The information commissioner Richard Thomas recently reported 94 serious data breaches, including HSBC and Marks & Spencer, in the wake of the HM Revenue and Customs loss of two CDs containing 25 million records. The House of Commons justice committee earlier this year called for new reporting requirements forcing companies to report losses of data and new laws making significant security breaches - where reckless or repeated -- a criminal offense.
The lawyers surveyed did not trust their own security measures, with 87 percent feeling that if their mobile device was lost, the data could be accessed. This was the case despite a third protecting their data with encryption techniques.
Robert Schifreen, the first person ever to be tried by a jury in connection with computer hacking and now an IT security consultant, argued that data encryption is an absolute necessity, given the ease of hacking. He claims that these findings demonstrate "how naive the legal profession is when it comes to data security. I suspect other professions are just as bad, if not worse."
One in five lawyers uses their own device to store clients' information. This is despite IT departments being unable to secure the devices, back them up or claim ownership of the information if the lawyer were to leave the organization.
Michael Callahan VP Global Marketing at Credant said: "Many personal mobile devices are being used by lawyers which clearly by-pass any security procedures set-up by the legal firm. This creates an uncontrollable environment for the IT security staff as they simply can't keep track of which devices they've secured and which they haven't."