Human error top cause of data breaches at law firms, says report

An industry report has concluded that Canadian businesses are overconfident when it comes to information security, and law firms are not exempt, with human error the top cause of data breaches in the sector.

Human error top cause of data breaches at law firms, says report

An industry report has concluded that Canadian businesses are overconfident when it comes to information security, and law firms are not exempt, with human error the top cause of data breaches in the sector.

According to the 2019 Data Protection Report by Shred-it, Canadian companies believe they are improving at protecting sensitive information, but consumers actually feel less confident that their data security is taken seriously. It revealed that 50 per cent of consumers feel that their personal data security has declined compared to 10 years ago. This was more than twice the number (23 per cent) of those who feel that data security has improved.

With regard to the legal and finance industries, the report said that human error – and not cybersecurity – continues to be the leading cause of data breaches. It also highlighted the need for law and accounting firms to better train their associates and partners on the importance of physical information security or face the risk of client loss and/or negative reputational consequences.

The report found that only 57 per cent of legal and financial professionals believe that their organization’s policy for storing and disposing of confidential information when employees work off-site is strictly adhered to. This leaves a huge margin of error, where an employee may end up inadvertently revealing confidential information that could deliver a massive hit to the firm’s reputation.

Reputation is also important, according to the report, with 25 per cent of legal and financial professionals believing that clients are likely to stop doing business with them if a data breach were to occur.

The industries agree that more has to be done in order to protect data. Nine out of 10 of both legal and financial professionals feel that they need to do more to show employees and consumers how they are protecting personal information. There is a lot of catching up to do, as only 28 per cent of legal and financial officials reported that they train their employees on information security procedures twice a year or more frequently.

“The findings of this year's report should act as a wake-up call for Canadian business leaders,” said Pete Vincett , vice president of Stericycle Canada, provider of Shred-it information security solutions. “One data breach can have a devastating impact across all aspects of a business. Canadian C-suites and (small business owners) need to rethink their current practices and take action to implement stronger precautionary measures, or suffer the financial and reputational repercussions.”