Protecting client data from ex-employees
A few months ago, we at Intermedia received a notice from the FBI warning that the exploitation of business networks and applications by disgruntled and former employees is on the rise and had recently resulted in several significant investigations involving theft, disruption, and fraud.
The FBI’s concern is valid — especially when you consider that 89% of former employees retained access to sensitive corporate data.
This article in Legal Management covers how this “rogue access” threat impacts legal firms, and offers basic steps you can take to make sure you don’t become one of these scary statistics:
- More than one in four chief legal officers (CLO) reported experiencing a data breach within their organizations over the past two years (ACC Chief Legal Officer (CLO) 2015 Survey).
- 79% of respondents view cyber security as one of their top 10 risks, but 72% said their firm has not assessed the cost of a data breach based on the information it retains (Marsh LLC’s Global Law Firm Cyber Survey in August 2014)
- In a 2013 American Bar Association (ABA) study, 70% of law firms reported they didn’t know if their firm had ever experienced a security breach.
For legal firms, the threat of “rogue access” is particularly problematic. Here’s why:
“For many of these organizations, we find that there’s a single person handling the IT support,” says Eric Aguado, Chief Operating Officer (COO) and partner at ThrottleNet Inc., an IT consulting service. “When that individual leaves, a number of questions come up. Who’s responsible for making sure the system credentials are secured? How do they even know what credentials they need to retrieve, and how do they verify the information is correct? Do they take the departing IT [employee’s] word for it? Where is this information stored?”