[ISN] One in ten law firms suffered security breaches

InfoSec News isn at c4i.org
Mon Aug 8 01:01:23 EDT 2005

Forwarded from: Mark Bernard <Mark.Bernard at TechSecure.ca>

Dear Associates,

How about the handling of private information?  Here in Canada privacy
rights are rescinded when someone is caught committing a crime, so
likely law firms maintain records including email relevant to cases.  
What happens to these records when a person is found not guilty or
punished for a crime?  This appears to be a grey area in the data
retention law and now we are seeing that law firms are also vulnerable
to exploits.

Best regards,

Mark E. S. Bernard, CISM, CISSP, PM,
e-mail: Mark.Bernard at TechSecure.ca; Web: http://www.TechSecure.ca; Phone: 
(506) 325-0444

----- Original Message ----- 
From: "InfoSec News" <isn at c4i.org>
To: <isn at attrition.org>
Sent: Friday, August 05, 2005 2:05 AM
Subject: [ISN] One in ten law firms suffered security breaches

> http://www.theinquirer.net/?article=25159
> By INQUIRER staff
> 04 August 2005
> ACCORDING TO AN NOP World survey, 50% of law firms in the UK are
> missing basic security measures and just under half have no budget
> dedicated to digital security, despite the recently increasing IT
> security threats.
> 100 UK law firms were included in the NOP World survey commissioned
> by security specialists Evolution Security Systems.
> According to the survey, one in ten firms had suffered digital
> security breaches over the past year - showing absolutely no sign of
> improvement with exactly the same odds the year before. Over half of
> the firms believe that digital threats are increasing, yet have
> failed to take appropriate prevention steps.
> The survey found that even though there is a one in ten chance of a
> UK law firm suffering from digital security breaches, over half of
> those surveyed still asked co-workers to check their e-mails, while
> one quarter have never changed their e-mail passwords. Perhaps more
> worryingly, four out of ten firms that were questioned had
> absolutely no idea what to do in case of a serious IT malfunction,
> having no disaster recovery plans, or even having thought of such
> things.


More information about the ISN mailing list