Business is horrible at security.
The higher you go up the corp ladder the worst it gets. I'm in Montreal at the headquarters of one of the largest Corporations in Canada and i'n in the boardroom , they got a conference system with wireless microphones right in the boardroom . Go to security and in the morning organize a small demonstration.
they have a man in the boardroom , we get to a spot the other side of the street at the same height and i open the scanner .. the corp was broadcasting their board meetings over unencrypted wireless mics for everyone to hear. Security is a top down thing , lawyer firms do the same in their conference rooms ..
It's the small devices that are traitors. Keeping files on a computer secure is the least of the issues plaguing the industry. Security in ANY firm is a top down thing. If the top don't see the issues ,people got to be in place to make them plain. Lawyer firms are no exception. How many of those " traitor " devices are around in your place of business ? The more important the data is and decisions taken , the more a need for competent security exists in a ,have to be considered, hostile environment. Computers is but one way to access the decision makers and steal their information and secrets.
On that regard most firms have failing grades.