[ISN] One in ten law firms suffered security breaches

InfoSec News isn at c4i.org
Fri Aug 5 01:05:08 EDT 2005


http://www.theinquirer.net/?article=25159

By INQUIRER staff
04 August 2005

ACCORDING TO AN NOP World survey, 50% of law firms in the UK are
missing basic security measures and just under half have no budget
dedicated to digital security, despite the recently increasing IT
security threats.

100 UK law firms were included in the NOP World survey commissioned by
security specialists Evolution Security Systems.

According to the survey, one in ten firms had suffered digital
security breaches over the past year - showing absolutely no sign of
improvement with exactly the same odds the year before. Over half of
the firms believe that digital threats are increasing, yet have failed
to take appropriate prevention steps.

The survey found that even though there is a one in ten chance of a UK
law firm suffering from digital security breaches, over half of those
surveyed still asked co-workers to check their e-mails, while one
quarter have never changed their e-mail passwords. Perhaps more
worryingly, four out of ten firms that were questioned had absolutely
no idea what to do in case of a serious IT malfunction, having no
disaster recovery plans, or even having thought of such things.

Ritchie Jeune, chief executive of Evolution Security Systems said that
it's clear UK firms understand the kind of damage malicious IT
breaches or criminal activity can do to them, but are still failing to
take essential security measures which could protect against the
problems. "This is particularly worrying," he said, "since most law
firms, driven by Lexel and other accreditations, will clearly be
required to have security and disaster recovery documents policies in
place over time."

Firms are really going to have to tighten up their security if they
want to survive, Jeunes reckons: "Client information and company
reputation are in jeopardy unless security is tightened and basic
security software implemented." µ





More information about the ISN mailing list