István Lám, CEO and founder of Tresorit, explains how law firms can avoid the most common type of data breaches resulting from human error.

Istvan Lam

István Lám

Source: Tresorit

CEO and founder, Tresorit

In the last year, 60% of law firms reported an information security incident; one of the most common being a data breach. As a result, more than £11 million of client money was stolen by cyber criminals from the UK legal sector.

Law firms at high risk

Legal practitioners deal with a large amount of sensitive information every day; client trade secrets, information related to intellectual property, mergers and acquisitions and so on. To reassure clients that their confidential data is safe with them and to comply with regulations and ethical responsibilities, legal professionals must do their best to protect the secrets entrusted to them.

However, with the advance of digitisation, complying with these obligations can be quite challenging. As clients demand quick reactions and real time collaboration, legal professionals increasingly store and share documents in the cloud. This inevitably increases the risk of accidental data breaches.

Prevailing cause of data breaches: human error

Surveys indicate that nearly one third of data breaches are due to human error. While most of these incidents are inadvertent and unintentional, they still trigger the same regulatory obligations and can entail serious consequences.

So how can your law firm avoid the most common type of data breaches resulting from human error?

Recipe #1: Replace email attachments

Sending an email to the wrong recipient is admittedly a common business mistake. If the attachment contains personal data such as the name, address and phone number of people involved in a case, it can result in a data breach and entail hefty fines.

Instead of sending email attachments which cannot be revoked, companies should switch to link based file sharing. This allows legal professionals to share confidential and personal data in a controlled way: they can set up password protection, expiry date and download limit, and in the event it is sent to the incorrect recipient(s), they can revoke access to a shared document with a single click.

Recipe #2: Store data on encrypted cloud

Many firms use mainstream cloud providers for file storage. If hackers breach the server and find unencrypted files about clients, including personal data, the firm has to deal with the consequences of a data breach.

Using end-to-end encrypted cloud solutions can help mitigate the risk of such an incident. Even if hackers gain access to the cloud servers, they will only find data in an unintelligible format without any means of decrypting it. Hence, no personal data can leak and data breach fines can be avoided.

Recipe #3: Stop using USB drives

Storing and sharing presentations and client documents on an USB drive can entail risks. Not only can they carry viruses and other malware, if it is lost or stolen, the data it holds will inevitably get into the wrong hands.

As they offer no form of advanced control over the data they hold, it is not recommended to use hard drives or USB sticks to store confidential information. On the other hand, using an encrypted, cloud-based file sync and sharing service with data control features provides many options for organizations to prevent data loss such as remote wipe and central security policies.

Replacing legacy solutions

Law firms should embrace the fact that they deal with client and business confidential data. They owe their clients the confidence that the firm is protecting their privacy to their best ability. This should though not stop them from embracing cloud-based solutions and the benefits they bring.

Instead of continuing to use legacy IT solutions, law firms should innovate to secure, end-to-end encrypted cloud solutions like Tresorit which offers a highly secure way to store, sync and share files, combined with an easy implementation and rollout. Through a simple, intuitive user interface, training is minimal, allowing fee-earners to become familiar and productive within a short space of time. At the same time, the internal IT team is freed-up from “keeping the lights on” and can focus on more beneficial IT projects.


Minervastrasse 3
8032 Zurich

Tresorit logo
+44 203 769 9485