Law firms are stepping up employee surveillance as the redundancy toll in the City rises, but IT directors are still battling against competing forces of cost and disruption to business.

IT heads at the top 20 firms admit that they are particularly wary of confidential material being downloaded into a transportable form now that the credit crunch has begun to bite and is costing jobs both internally and among their top financial institution clients.

At magic circle giant Allen & Overy (A&O), which last month announced jobs cuts affecting 9% of its workforce, IT director Jason Haines said: “Most law firm employees are bound by a professional conduct code but we would be careless if we weren’t being a bit more vigilant.”

The pressure is arising not only out of concerns that disgruntled employees may download firm precedents and other closely guarded intellectual property, but out of the need to meet a higher security bar imposed by many clients in relation to confidential material.

Addleshaw Goddard’s head of IT Graham van Terhayden said: “Clients want to do extra audits and are asking more questions about our capability and redoubling their questions.

“The more clients ask the question, the more we will focus on it.”

While many of the top firms have long banned access to social networking sites such as Facebook, the majority allow lawyers to use mobile media such as USB keys.

But where some firms are still monitoring activity on an ad hoc basis, others have rolled out constant surveillance of all employees.
One top 20 firm, which has used data leakage solution DeviceWall for around a year but has recently stepped up its usage, claims that it monitors all USB activity on an ongoing basis. “I can buy a device that I can hold in the palm of my hand that would hold all of our precedent data,” commented the head of IT.

Firms including Berwin Leighton Paisner, which has yet to make any redundancies, still only monitor for exceptional activity and when an employee enters onto a ‘leavers list’. However IT director Janet Day said: “The probability is that if I was working for ‘firm ABC’ that had made 10% of its work force redundant then I would be stepping up every parameter.”

For some firms the challenge is finding a balance between managing risk and any potential disruption to the business. Lovells London head of IT Ian McFiggans said: “Lawyers have always taken their own materials to and fro so you have to be careful about what you do and don’t allow.”
However for many the reality is that monitoring data leakage is still regarded as costly in a professional services environment where ethical conduct is still heavily relied on.

According to security company Check Point Software Technologies, which counts A&O, Herbert Smith and Olswang among its clients, despite law firms needing data leakage software the cost can often mean it is relegated to the ‘nice to have’ list.

“The time will come when a law firm has a major security breach and then we will think differently,” commented one head of IT.