By Rupert White


Lawyers are using email to send sensitive information even though they think it is one of the least safe ways of communicating, according to a recent poll.



The research also found that fewer than one in ten solicitors are currently encrypting email, despite knowing that emails go through many public places before reaching their recipients.



The survey of 201 'partners and non-partners' in UK law firms, for newly set-up email security firm Securecoms, said that half of those questioned thought their existing systems covered email confidentiality when they do not. Interviewees also said more than half of emails sent by their firms contain confidential information.



This lack of correct information in law firms exposes them to unnecessary risk, including data leakage and theft, Securecoms said.



The Law Society's information security guidelines, released a year ago, already warn of the dangers, saying 'most unencrypted e-mail is vulnerable to unauthorised access and alteration as it passes over the Internet'.



Greg Day, a security analyst at IT security firm McAfee, agreed that the threats associated with putting sensitive corporate or personal information in open emails is very real.



'Sadly, [data theft] is being done at a variety of levels,' he said. 'Intercepting email is easy to do. Anything that passes across the Internet is bouncing across public connection points where people can listen in. There are tools out there that will let you hook in and almost deliver it back to you on a plate.'



Mr Day acknowledged that law firms see real problems in using email encryption, because of getting recipients to open encrypted emails for example, but said the problem is fundamentally about user education. 'There is a user lack of awareness that they pass information out that they shouldn't,' he said.