The lack of unique logins, manual logoffs and concurrent logins is putting confidential information in the legal sector at risk, new research has revealed. A report by security software provider IS Decisions found that despite requirements by regulatory bodies, only 39% are prevented from concurrent logins on multiple machines, which not only puts information at risk but also narrows the options for investigation should something go wrong. Furthermore, 28% of legal employees in the US do not have a unique user login for their employer’s network and 23% do not require a login for access at all despite this basic information security process being a requirement of any security standard, including FISMA (The Federal Information Security Management Act) and ISO 27001.

The report, ‘Legal and Law Enforcement: Information Access Compliance’, covers a number of issues that can have a direct effect on information security in the legal sector. Pertinent information such as case files, identity profiles and confidential statements can potentially and unknowingly become compromised if there isn’t a reliable access management procedure and system in place.

The report also details how the legal sector is deploying security training, for both on-boarding new employees and those who have settled into their jobs. Almost a third (29%) did not receive any security training when they were employed and less than half (48%) the number of existing employees received IT security training. According to the report 78% have access to information such as case files and crime data but half shared that they do not have an automatic logoff procedure in place.

This is despite the security policies included in the set of objectives of ISO 27001, the international standard that specifies best practice for information security management.

The figures in the report around access, logins as well as information security training shows the need to firstly, implement a good access management system and secondly train staff to raise awareness and build accountability.

Francois Amigorena, CEO of IS Decisions commented, “The information that passes through legal professionals hands can be incredibly sensitive, and naturally attorney-client privilege must be taken into account. It is important to have a reliable system in place to manage and track access to this information and it doesn’t have to be a complicated process. This can be easily achieved with the right combination of implementing access control policies, applying user identity verification and improving user activity auditing.”

See ‘Legal and Law Enforcement: Information Access Compliance’ for more information on how to make your organisation secure and compliant for FISMA and ISO 27001 regulations.

ENDS

About IS Decisions

IS Decisions makes it easy to safeguard and secure your Microsoft Windows and Active Directory infrastructure. With solutions for user access control, file auditing, server and desktop reporting, and remote installations, IS Decisions combines the powerful security today’s business world mandates with the innovative simplicity the modern user expects. Over 3,000 customers around the world rely on IS Decisions to prevent security breaches; ensure compliance with major regulations, such as SOX, FISMA and HIPAA; quickly respond to IT emergencies; and gain time and cost-savings for IT.

IS Decisions is a Microsoft Silver Partner based in Biarritz, France. Customers include American Express, BAE Systems, BMW, Computer Sciences Corporation, FBI, Frito-Lay, GlaxoSmithKline, IBM, Lockheed Martin, Mitsubishi, Oxford University, South Wales Police, TimeWarner, United Nations Organization, US Department of Justice, US Department of Veterans Affairs and US Navy Marine Corps.