Law firms should think twice about making staff who resign work their notice, according to the head of what claims to be the UK’s only practice specialising in cybersecurity and data protection.

The legal sector should instead emulate the banking industry, where employees who resign are commonly escorted from the premises immediately as their security clearances are revoked, said Peter Wright, Law Society Council member and chair of the Technology and Law Reference Group.

Wright, managing director of DigitalLawUK, was addressing the annual Law Society Risk and Compliance conference on ‘Cyber crime and data threat’.

Observing that malicious data leaks and cyber-attacks are often ‘inside jobs’, Wright noted that the ‘vast majority’ of law firms will force staff to work three-month notice periods to run down their caseload. He questioned the wisdom of ‘keeping on disaffected people with full access to your systems who don’t want to be there’, warning that this category of employee poses a genuine threat.

‘We often have open access on our systems – the risk of [attack by] a malicious insider is great,’ he said. ‘What we should be doing is taking their pass and security [clearances ] and saying “thank you for your service and goodbye”.’