Data loss, malware, and hackers; you hear about them all the time, but that has nothing to do with you, right? Sadly, that's not the case. For legal firms, corporate legal departments and financial institutions who handle massive amounts of confidential data, the threat of breach due to human error is ever-present.

Three ways you may be putting your data at risk

Internal data leakage

Data leakage occurs when an organisation’s information is transmitted without authorisation. Typically, data leakage at law firms and legal departments will fall into one of three categories: confidential information, intellectual property or customer data. While not all internal data leakage is intentional or malicious, even inadvertent leaks can be a serious liability.

According to an Intel study, nearly 43% of serious data loss incidents could be traced to an internal user, of those, half were accidental. So, how does it happen? According to the study, internal leaks were more likely to happen using physical media. A misplaced USB drive or an unsecured laptop is all it takes to suffer a data loss.

The good news? Once you’re aware of how these leakages happen, you can take simple steps to help prevent them:

  • Avoid USB and external drives, embrace your company’s enterprise-grade file sharing tool to access documents when you’re on the go
  • Always make sure your laptop is encrypted and stored securely
  • Establish internal audits, monitoring and logging of user activity
  • Prioritise training and awareness campaigns to embed the message in your workforce

Shadow IT

I’ll admit, free technology can make life easier. You love it, you’re comfortable with it and it’s easy to use. As a fellow consumer, I get it. But, as an IT professional responsible for safeguarding a business; I beg you, please stop using free software for work.

Shadow IT, sometimes called stealth or client IT, is any technology that is used within the business without the knowledge, support or approval of IT. It may be a messaging app, free file sharing solution, digital notebook or handy password keeper.

While these solutions may seem like an easy, harmless way to enhance your productivity, they can cause more problems than they solve.

Technologies that exist outside of the approved IT structure can:

  • Introduce network security threats including viruses and malware
  • Cause gaps in regulatory compliance
  • Suffer data and productivity loss if the service goes down or is unavailable
  • Silo knowledge and hamper efficiency efforts

If you use and can’t live without a program outside of what is approved by your IT team, ask them about it. Your IT team can evaluate and raise concerns if necessary, but if all is well, they may be able to give it their seal of approval and encourage company-wide adoption. Then you get to be the tech hero that introduced the next big thing.

Weak passwords

You’re tired of hearing about this one, and we’re tired of talking about it. Even so, weak passwords remain a big threat to data security. So here we are again, talking about passwords.

Every IT professional can sympathise with your plight when it comes to passwords, they’re hard to remember and you need way too many of them. In fact, it’s estimated that the average business user has 191 passwords to remember, but uses the same selection of 4-7 unique passwords over and over.

While your IT department can set password requirements and implement periodic resets, we can’t force you to select a unique, strong password. 20% of passwords are considered ‘weak’ and can be cracked in under 4 minutes. So, when you set your password, give it the weight and consideration it deserves as a gateway to your businesses’ valuable data.

Quick password tips:

  • Use passwords that are more than 8 characters long
  • Use a combination of upper- and lowercase letters, numbers and special characters
  • Don’t use words in the dictionary
  • Update your password every 90 days
  • Enable 2-factor authentication whenever it is available

Each person within an organisation holds the power to threaten or enhance the company's data security. Awareness is an easy way to help mitigate risk and help ensure that a data breach doesn’t happen on your watch.