Law firms and clients under severe threat from corporate phone hacking
4 min read
15 November 2013
The issue of phone hacking and data security breaches, have dominated the news agenda in the UK for the last few years.
With this in mind, we decided to delve into the legal world to uncover whether or not law firms have the relevant and suitable security measures in place to ensure that their businesses, and the affairs of clients, are safe from the threat of hacking. Given that lawyers operate on behalf of multi-billion dollar businesses right through to the personal affairs of individuals, it certainly proved to be an area of huge worry.
Following reports from our relationship managers that conferencing security, at even the largest firms, was being overlooked, we were concerned and alarmed. As one of the leading providers of conferencing services to the legal sector, we partnered with Legal Support Network to commission an in-depth study into this area. The research, carried out across representatives from the top 200 firms in the UK and US highlights that complacent views on security has left firms and their clients under severe threat from corporate phone hacking.
Conference calling is becoming an increasingly standard business practice in the legal sector and it is expanding significantly from just internal usage through to in-depth client calls, both as a way to cut travel expenses and time as well as to help enhance engagement.
Voice conferencing has slipped under the radar of compliance officers and the security audit. It verifies my belief that compromised conference calls are more prevalent than anyone has thought up to now.
There is a mixture of drivers behind the rise of teleconferencing and future ‘virtual’ meeting technologies. Firms are looking to maximise efficiency and deliver more for less, so teleconferencing has become a daily tool as it delivers group communication on a budget. As many as 50 per cent claim the service is used on a daily basis, and 47 per cent cite the majority of these calls are client-facing, clearly showing the potential risk involved.
With complete confidentiality being of obvious and paramount importance, law firms need a secure, robust service to provide this at all times. It comes as a huge surprise, and will be of grave concern to clients, that when asked what was considered as most important in teleconferencing, security came third behind reliability and call quality. Furthermore, 35 per cent of firms were unaware of any security measures available for client conference calls putting themselves in the SRA’s sights for potential non-compliance and subsequently high penalty charges.
Whilst security breaches put reputations at risk, it also impacts heavily on revenue, resulting in loss of client trust and custom. For example, a particularly vulnerable conferencing method is reservation-less conferencing using ‘wallet cards’, which exposes the call to outside intrusion. Scarily, 22 per cent of firms surveyed still use this method giving hackers and corporate spies easy but unauthorised access into potentially huge deals and global information.
Unfortunately, it only takes one disgruntled employee to pass on the details of a wallet card PIN number for vital information to be leaked with huge ramifications. As a result it is surprising that conference security, at even the largest firms, is being overlooked especially given that the legal industry should be a bastion of compliance. Much, therefore, needs to change in law firms’ approach in conferencing – both in security and best practice.
If this is what is happening in the legal sector, then I dread to think what is also going in other sectors.
Andrew Try is the CEO of ComXo