SECURITY WARNING: 82% of firms have firewall flaws

As many as eight out of 10 law firms could be at serious risk of leaking confidential client information, an Internet security specialist has warned.

The number of firms with firewall flaws that could allow hackers unrestricted access to internal networks has rocketed by 74% over the past four years.

NTA Monitor analysed on-line security of 600 tests it conducted in a range of sectors.

In 2003 so far, 82% of law firms had firewall flaws, compared to 25% of IT and telecommunications companies.

Around 60% of law firms used firewall software that can reveal its type and location, leaving it open to attack.

The biggest concern came from lawyers using laptops outside of the office or for accessing other offices around the world.

Laptops can provide a backdoor route to a firm's systems, NTA Monitor technical director Roy Hills explained.

'Firms used to put in place high cost dedicated private networks for this kind of communication, but now they're switching to flexible and more cost effective Internet-based networks,' he said.

'This is fraught with risk unless the right levels of security are in place.'

Mr Hill said he was surprised by the findings as 'the mere whiff' of confidentiality breaches often led to clients taking instructions elsewhere.

NTA Monitor recommends that firms keep firewalls and remote connections hidden, restrict services to a minimum of authorised IP addresses and protect remote clients connecting to the corporate virtual private network with personal firewalls.

Derek Southall, head of strategic development at Birmingham firm Wragge & Co, agreed that the security of laptops and personal digital assistants was an issue.

Some large corporations have started to demand their firms do not use them, he said.

Law firms had dashed to offer on-line services five years ago and are only just discovering the security implications, Mr Southall added.

'Like every type of business we are on a real learning curve but people have got an understanding of where this is going and firms are starting to do something about it,' he said.

Chris Baker