The discovery that law firm email addresses were used for user login information on various breached third-party web services, including Dropbox, Yahoo and LinkedIn, highlights a potential blind side to many legal offices’ security protections.
Using services beyond the IT department’s control for work purposes, known as shadow IT, easily opens up an employee to cyberattacks, regulatory actions and inadvertent losses of sensitive data. Yet as shadow IT use is increasing, the move towards using unauthorized, but more established cloud storage services may help mitigate some, but far from all, of these risks.